Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

15 March 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:32:00 WinXP 72.251.104.232 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 43 of 43 2b314ef150
NEW none[none] none:none
none|none none none

T:00:50:00 WinXP 121.120.173.234 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:59:00 WinXP 60.40.111.30 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
NAGOYA, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:01:17:00 WinXP 95.88.104.141 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

01:55:00 WinXP 115.81.187.1 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] ASM:Graph
PolyEnE| lines=68 trace

T:01:57:00 Win2K-f 76.189.125.10 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEVELAND, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:08:00 WinXP 79.163.34.136 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:02:08:00 WinXP 98.135.0.130 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
SPRINGFIELD, SOUTH DAKOTA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
827 lines Yeah : 1.3
profile none summary
tarball none 64ad97c075
NEW none[none] none:none
none|none none none

T:03:20:00 WinXP 114.51.144.110 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

03:48:00 Win2K-f 175.105.89.217 (-):
. n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
EU:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:03:56:00 Win2K-f 175.105.89.217 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org 445 pcap raw alerts
ruleset http
19 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:05:22:00 WinXP 24.155.159.127 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO HUB,
WACO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:05:53:00 Win2K-f 116.126.26.135 (-):
HANARO TELECOM,
KUNSAN, CHOLLA-BUKTO, KR. (DSL) 91.193.194.67:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
EU:www.derquda.com
CN:218.10.17.178:88
EU:91.193.194.114:80 135 pcap raw alerts
ruleset irc
165 lines Yeah : 1.8
profile none summary
tarball 39 of 41
31 of 33 ab9c4b5f21
NEW
d789c8d157
NEW 5fe48b2dcc [0]
5f6572479f[0] ASM:Graph
ASM:Graph
Armadillo|
PolyEnE| lines=42
lines=113
embedded dns trace
trace

06:04:00 WinXP 186.180.96.108 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 80b5952d6c
NEW none[none] none:none
none|none none none

T:06:15:00 Win2K-f 203.88.179.244 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 43
41 of 43 95173a796c
NEW
c2f1f7d01e
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:27:00 Win2K-f 24.30.180.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTMINSTER, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset irc
32 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:37:00 WinXP 111.248.169.72 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:06:52:00 WinXP 210.205.220.172 (SONICANT.CO.KR):
THRUNET CO. LTD,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
CN:218.10.17.178:88 135 pcap raw alerts
ruleset irc
139 lines Yeah : 1.8
profile none summary
tarball 8 of 43
40 of 41 0d4c9b9be2
NEW
1824c59f34
NEW none[none]
da8a48fc3a[0] none:none
ASM:Graph
none|none
tElock| none
lines=112
embedded dns none
trace

T:06:58:00 Win2K-f 189.87.189.29 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 83.133.119.197:65520 EU:proxima.ircgalaxy.pl
CN:88.perfectexe.com
EU:www.derquda.com
US:microsoft.com
CN:218.10.17.178:88
EU:91.193.194.114:80 445 pcap raw alerts
ruleset irc
40 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:59:00 WinXP 114.48.108.160 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:41:00 WinXP 178.91.73.180 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 2c94e3fd00
NEW none[none] none:none
none|none none none

T:07:44:00 WinXP 186.180.9.181 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

08:06:00 WinXP 186.180.9.181 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:08:37:00 WinXP 121.120.36.69 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 0f77d6439f
NEW none[none] none:none
none|none none none

T:09:14:00 WinXP 109.60.188.100 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 04d4170d3b
NEW none[none] none:none
none|none none none

T:09:35:00 WinXP 190.207.163.211 (CANTV.NET):
CANTV SERVICIOS VENEZUELA,
CARACAS, DISTRITO FEDERAL, VE. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:02:00 WinXP 115.80.17.42 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 2f6cab0a72
NEW none[none] none:none
none|none none none

T:10:17:00 WinXP 121.84.150.224 (EONET.NE.JP):
K-OPTICOM CORPORATION,
TAKARAZUKA, HYOGO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:10:46:00 WinXP 121.121.81.73 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none f13860c2c4
NEW none[none] none:none
none|none none none

11:15:00 Win2K-f 122.160.71.49 (122.AIRTELBROADBAND.IN):
ABTS-DSL-DEL,
NEW DELHI, DELHI, IN. (DSL) n/a 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:12:14:00 Win2K-f 172.190.54.13 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
105 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:12:19:00 WinXP 178.91.78.167 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 42 of 43 2c94e3fd00
NEW none[none] none:none
none|none none none

12:47:00 WinXP 173.24.187.216 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MARION, KENTUCKY, US. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:13:32:00 Win2K-f 24.155.13.138 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO,
WOODWAY, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:35:00 WinXP 49.14.93.221 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 42 4c1e03dd5e
NEW none[none] none:none
none|none none none

T:13:40:00 Win2K-f 174.39.141.5 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
NORTH PLATTE, NEBRASKA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 53aa804019
NEW
95ddd4a823
NEW 29c6cdbf45 [0]
9e78315a6d[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:13:59:00 WinXP 62.169.108.16 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 42 fd5d54282a
NEW none[none] none:none
none|none none none

T:14:35:00 Win2K-f 69.193.35.223 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:28:00 WinXP 83.97.157.165 (CM-83-97-159-10.TELECABLE.ES):
TELECABLE,
BARCELONA, CATALONIA, ES. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:16:02:00 WinXP 114.51.145.106 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:16:17:00 Win2K-f 216.82.201.229 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO HUB,
WACO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:36:00 WinXP 203.193.135.11 (SOFT.NET):
SOFTWARE TECHNOLOGY PARKS OF INDIA,
PONDICHERRY, PONDICHERRY, IN. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 2fc89991b2
NEW
7bdf45b79a
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:50:00 Win2K-f 4.252.203.6 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
149 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:54:00 WinXP 24.79.41.111 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 0.8
profile none summary
tarball 41 of 43 c23a910a12
NEW none[none] none:none
none|none none none

T:16:54:00 Win2K-f 78.97.41.19 (-):
ASTRAL PLOIESTI,
PLOIESTI, PRAHOVA, RO. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball none 98c8641dc3
NEW none[none] none:none
none|none none none

T:16:56:00 Win2K-f 24.79.179.16 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 43 12b5856655
NEW none[none] none:none
none|none none none

T:17:06:00 WinXP 62.178.235.230 (SURFER.AT):
UPC TELEKABEL,
KLAGENFURT, KARNTEN, AT. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:07:00 Win2K-f 213.146.59.4 (TOXYGEN.NET):
MALART NETWORK,
WARSAW, WARSZAWA, PL. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 82e755f5d3
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:08:00 Win2K-f 95.76.79.78 (-):
ASTRAL TIMISOARA,
RO. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:13:00 WinXP 178.83.198.2 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:20:00 Win2K-f 64.130.158.77 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball none e146d8fa76
NEW none[none] none:none
none|none none none

T:17:25:00 WinXP 77.76.165.179 (-):
ETANET OOD,
BG. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball none 5c70659e82
NEW none[none] none:none
none|none none none

T:17:28:00 Win2K-f 24.77.234.121 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 43 327cc7cb3d
NEW none[none] none:none
none|none none none

T:17:29:00 Win2K-f 93.114.97.122 (-):
SC BIOJAR GRUP SRL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a US:h.maqder.info
US:70.107.249.167:3921 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 43 0b6d0d400c
NEW none[none] none:none
none|none none none

T:17:32:00 Win2K-f 88.29.96.26 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
MADRID, MADRID, ES. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 41 220053b50c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:40:00 WinXP 96.26.175.28 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
CHICAGO, ILLINOIS, US. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 41 of 41 c03793a035
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:45:00 Win2K-f 87.205.30.0 (COM.PL):
NETIA,
WARSAW, WARSZAWA, PL. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 2026658d8d
NEW none[none] none:none
none|none none none

T:17:48:00 Win2K-f 77.81.199.34 (TITANNET.RO):
SC ENTERNET TEAM SRL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 6704922c65
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:53:00 Win2K-f 88.156.26.7 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none a8c4007dd5
NEW none[none] none:none
none|none none none

T:18:07:00 WinXP 137.118.217.255 (WILKES.NET):
NEONOVA NETWORK SERVICES,
COLSTRIP, MONTANA, US. (100Mbps) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:18:10:00 WinXP 24.77.27.67 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 0.8
profile none summary
tarball none 824aebb099
NEW none[none] none:none
none|none none none

T:18:12:00 WinXP 75.119.32.190 (LDMI.COM):
TALK AMERICA,
DETROIT, MICHIGAN, US. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:18:36:00 Win2K-f 82.139.71.58 (LIJBRANDT.NET):
LIJBRANDT-NETBLOCK,
HAARLEM, NOORD-HOLLAND, NL. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:18:40:00 WinXP 72.224.144.190 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SACO, MAINE, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:41:00 Win2K-f 113.252.242.92 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 6163d9bc47
NEW none[none] none:none
none|none none none

T:18:51:00 WinXP 114.48.59.110 (E-MOBILE.NE.JP):
EMOBILE LTD,
YOKOHAMA, KANAGAWA, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:18:55:00 Win2K-f 113.254.216.128 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 39 of 41 450ad1b683
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:19:07:00 WinXP 78.84.168.122 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:19:10:00 WinXP 97.78.31.175 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) n/a US:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 34 of 40 0448650359
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:19:21:00 Win2K-f 186.19.114.202 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none e6f26d0bed
NEW none[none] none:none
none|none none none

T:19:40:00 WinXP 188.241.104.177 (-):
EUROFIBER,
RO. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 40 of 43 0e186d31c8
NEW none[none] none:none
none|none none none

T:20:18:00 WinXP 24.249.134.81, 218.10.17.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 83.133.119.197:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
EU:www.derquda.com
CN:w.perfectexe.com
EU:justnewleft.ru
:smtp.mail.ru
EU:91.217.162.97:80 135 pcap raw alerts
ruleset irc
http
155 lines Yeah : 1.8
profile none summary
tarball none
28 of 42
none
21 of 40
29 of 43
32 of 36
21 of 40
35 of 36 365c2de5e0
NEW
53ab8b46bc
NEW
87ac373063
NEW
9aed35b536
NEW
b34e640329
NEW
bea8cb1865
NEW
f7df702b31
NEW
fac78fde16
NEW none[none]
none [none]
none [none]
none [none]
none [none]
154de51a66[0]
none [none]
882896ab05[0] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
Armadillo|
none|none
tElock| none
none
none
none
none
lines=91
none
lines=126
embedded dns none
none
none
none
none
trace
none
trace

T:20:35:00 Win2K-f 108.14.209.156 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:20:38:00 WinXP 121.121.186.69 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:46:00 Win2K-f 60.248.45.175 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
116 lines Yeah : 1.3
profile none summary
tarball 38 of 39
35 of 38 2205443cc8
NEW
b9297745a1
NEW 04ce1ed773 [none]
4294884d84[0] none:none
ASM:Graph
none|none
tElock| none
lines=64
embedded dns none
trace

T:20:49:00 Win2K-f 80.108.10.79 (HIRNERS.COM):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:20:49:00 WinXP 123.194.148.225 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 42 of 43 309898871c
NEW none[none] none:none
none|none none none

T:20:53:00 WinXP 200.164.10.173 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:20:58:00 WinXP 85.187.245.34 (EVRO.NET):
EVRO,
PLOVDIV, PLOVDIV, BG. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:21:20:00 WinXP 87.79.32.6 (NETCOLOGNE.DE):
NETCOLOGNE,
AACHEN, NORDRHEIN-WESTFALEN, DE. (100Mbps) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball none 1918cf26b6
NEW none[none] none:none
none|none none none

T:21:24:00 WinXP 61.215.131.50 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 10eebdc28e
NEW
761a66b891
NEW e2ca2da35d [0]
b469dac5dc[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:21:40:00 WinXP 70.61.235.4 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:21:44:00 Win2K-f 77.64.136.210 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
CHEMNITZ, SACHSEN, DE. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 13541553f3
NEW none[none] none:none
none|none none none

T:22:11:00 Win2K-f 123.195.34.40 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 40 0629d7fc42
NEW none[none] none:none
none|none none none

T:22:38:00 WinXP 61.89.229.154 (SENSYU.NE.JP):
SNS,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
38 of 40 024410ad21
NEW
b0cedd71bb
NEW 96d0267b80 [0]
f6e156bdca[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:22:44:00 WinXP 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:22:44:00 Win2K-f 24.100.87.179 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
CORBIN, KENTUCKY, US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 7ea0317789
NEW 18ff3687ad [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:22:59:00 Win2K-f 46.32.59.144 (-):
. n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 40 0629d7fc42
NEW none[none] none:none
none|none none none

T:23:10:00 WinXP 113.210.35.69 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none f13860c2c4
NEW none[none] none:none
none|none none none

T:23:24:00 WinXP 121.120.241.167 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

T:23:34:00 WinXP 178.37.240.231 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 43 0b6d0d400c
NEW none[none] none:none
none|none none none

T:23:37:00 Win2K-f 219.85.89.247 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 40 of 41 bedf29b824
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:23:47:00 WinXP 94.52.192.165 (-):
NEW COM TELECOMUNICATII SA,
BUCHAREST, BUCURESTI, RO. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace