Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

21 March 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:19:00 WinXP 115.81.10.225 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:00:45:00 Win2K-f 61.89.242.85 (KCN.NE.JP):
KINTETSU CABLE NETWORK LTD,
JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 43
40 of 43 b0290639db
NEW
b66ca7bc34
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:00:47:00 WinXP 46.203.225.253 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 37 of 41 eaeda9a47f
NEW none[none] none:none
none|none none none

T:00:53:00 WinXP 193.93.110.216 (GRAT.NET.UA):
GRAT NETWORK INTERNET SERVICE PROVIDER,
KIEV, KYYIV, UA. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 40 of 41 1d0ce31c6d
NEW none[none] none:none
none|none none none

T:01:20:00 WinXP 211.75.159.211 (KENNY.COM.TW):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

01:48:00 WinXP 115.117.146.94 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
IN. (100Mbps) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:02:29:00 WinXP 116.254.69.153 (THN.NE.JP):
TOKAI CORPORATION,
NUMAZU, SHIZUOKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 6b315f5dbc
NEW
7938865f8c
NEW 7604b94520 [0]
a9b9e4904b[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:02:57:00 WinXP 203.190.146.55 (SOFT.NET):
SOFTWARE TECHNOLOGY PARKS OF INDIA,
NEW DELHI, DELHI, IN. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 2fc89991b2
NEW
7bdf45b79a
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:02:58:00 WinXP 114.51.27.252 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:03:21:00 WinXP 151.83.84.144 (SER-PR2-MAX.IUNET.IT):
INFOSTRADA,
IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 aad01847fa
NEW none[none] none:none
none|none none none

03:22:00 WinXP 151.83.84.144 (SER-PR2-MAX.IUNET.IT):
INFOSTRADA,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 c95f4f5246
NEW none[none] none:none
none|none none none

T:03:39:00 WinXP 92.251.158.132 (-):
H3G IRELAND SUBSCRIBERS,
IE. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none

T:04:01:00 WinXP 218.47.101.61 (PLALA.OR.JP):
NTT PLALA INC,
TOKYO, TOKYO, JP. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:04:01:00 WinXP 113.210.188.106 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 42 118b884494
NEW none[none] none:none
none|none none none

T:04:24:00 WinXP 89.36.208.118 (TVAS.RO):
SC TV ADLER TRADING SRL,
RO. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

T:04:25:00 Win2K-f 77.253.59.28 (INETIA.PL):
INTERNETIA,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 43 036b734a65
NEW none[none] none:none
none|none none none

T:04:27:00 WinXP 87.59.168.243 (DSL.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
ROSKILDE, ROSKILDE, DK. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 43 50465eaf96
NEW none[none] none:none
none|none none none

T:04:28:00 Win2K-f 85.66.15.89 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:29:00 Win2K-f 178.36.107.23 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 43 50465eaf96
NEW none[none] none:none
none|none none none

T:04:29:00 WinXP 116.94.209.108 (OHASHI10.BBIQ.JP):
KYUSHU TELECOMMUNICATION NETWORK CO. INC,
KITAKYUSHU, FUKUOKA, JP. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:30:00 WinXP 87.110.100.245 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 40 b91423b944
NEW none[none] none:none
none|none none none

T:04:30:00 Win2K-f 85.67.229.100 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 17c42606e8
NEW afaf06d6cd [0] ASM:Graph
pex| lines=42 trace

T:04:41:00 WinXP 88.222.24.91 (-):
KAUNAS MEGANET AREA3 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:43:00 Win2K-f 213.47.64.119 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:53:00 WinXP 123.193.138.20 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 0.8
profile none summary
tarball 42 of 43 ecd24cb494
NEW none[none] none:none
none|none none none

T:05:02:00 WinXP 122.124.51.36 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 6163d9bc47
NEW none[none] none:none
none|none none none

T:05:07:00 Win2K-f 62.178.39.93 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:07:00 WinXP 77.64.194.96 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 43 1c05c18d2a
NEW none[none] none:none
none|none none none

T:05:10:00 Win2K-f 220.139.134.13 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 43 d6944558fe
NEW none[none] none:none
none|none none none

T:05:14:00 Win2K-f 118.141.209.28 (LLOYD-EXCHANGE.LLOYDWISE.CN):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:19:00 WinXP 85.66.66.165 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ffbb6cbe61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:23:00 WinXP 70.107.241.144 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW YORK, NEW YORK, US. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 17c42606e8
NEW afaf06d6cd [0] ASM:Graph
pex| lines=42 trace

T:05:38:00 Win2K-f 86.38.85.33 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 f996bf0275
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:05:43:00 WinXP 80.108.144.116 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:45:00 Win2K-f 78.61.77.247 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
KAUNAS, KAUNO APSKRITIS, LT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 43 d15089dd77
NEW none[none] none:none
none|none none none

T:05:48:00 WinXP 113.252.224.90 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 38 of 41 fe87c62b51
NEW fe87c62b51 [1] ASM:Graph
pex| lines=19 trace

T:05:53:00 WinXP 123.193.139.47 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 0.8
profile none summary
tarball 40 of 42 6438959caa
NEW none[none] none:none
none|none none none

T:05:55:00 Win2K-f 82.132.92.181 (-):
CROATIAN ACADEMIC AND RESEARCH NETWORK,
HR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 f14fd68756
NEW f14fd68756 [1] ASM:Graph
pex| lines=19 trace

T:06:13:00 Win2K-f 86.52.189.101 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
ODENSE, FYN, DK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 82e755f5d3
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:21:00 WinXP 77.47.110.81 (CABLESURF.DE):
FAKS-FFO-DHCP-SPACE,
BERLIN, BERLIN, DE. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 40 b91423b944
NEW none[none] none:none
none|none none none

T:06:21:00 WinXP 77.255.238.131 (COM.PL):
NETIA,
PL. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:24:00 Win2K-f 24.238.184.219 (MINDSPRING.COM):
EARTHLINK INC,
DALLAS, TEXAS, US. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:24:00 WinXP 77.64.142.222 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. (DSL) n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:27:00 WinXP 88.28.231.138 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
MADRID, MADRID, ES. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:06:33:00 Win2K-f 72.15.116.114 (NEWNANUTILITIES.ORG):
NEWNAN UTILITIES,
NEWNAN, GEORGIA, US. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:34:00 Win2K-f 94.251.236.65 (-):
SERVERS STREAM COMMUNICATIONS,
PL. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 41 c03793a035
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:37:00 WinXP 175.112.120.207 (-):
. 91.193.194.67:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
DE:mx-ha01.web.de
US:sbcmx1.prodigy.net
US:motorola.com.s5a1.psmtp.com
GB:mx1.onyx.net
US:in.sjc.mx.trendmicro.com
JP:mail-intgw.ntt-neo.jp
CN:218.10.17.178:88
EU:91.193.194.67:65520 135 pcap raw alerts
ruleset irc
http
198 lines Yeah : 1.8
profile none summary
tarball 36 of 42
38 of 42 bf063bba17
NEW
f269760f66
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:39:00 Win2K-f 178.37.150.212 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 43 531a598a70
NEW none[none] none:none
none|none none none

06:46:00 Win2K-f 122.180.127.150 (122.AIRTELBROADBAND.IN):
BHARTI AIRTEL LTD. TELEMEDIA SERVICES,
NEW DELHI, DELHI, IN. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:06:54:00 WinXP 64.130.136.66 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 37 of 41 760ab8f2ff
NEW none[none] none:none
none|none none none

T:06:55:00 Win2K-f 122.180.127.150 (122.AIRTELBROADBAND.IN):
BHARTI AIRTEL LTD. TELEMEDIA SERVICES,
NEW DELHI, DELHI, IN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
US:checkip.dyndns.org
DE:131.220.6.26:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:00:00 WinXP 178.150.45.129 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:moscow-advokat.ru
SE:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
:lia.zanet.net
SE:vancouver.dal.net
SE:viking.dal.net
:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
:washington.dc.us.undernet.org
SE:qis.md.us.dal.net
:flanders.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
SE:ced.dal.net
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:coins.dal.net
:caen.fr.eu.undernet.org
SE:ozbytes.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 41 246f38a76e
NEW none[none] none:none
none|none none none

T:07:02:00 WinXP 112.205.1.214 (PLDT.NET):
IPG,
PH. (DSL) n/a US:m.drd3h.com
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 42 2131a2c834
NEW none[none] none:none
none|none none none

07:17:00 Win2K-f 122.225.53.238 (163DATA.COM.CN):
CHINANET-ZJ JIAXING NODE NETWORK,
BEIJING, BEIJING, CN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
EU:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:27:00 Win2K-f 122.225.53.238 (163DATA.COM.CN):
CHINANET-ZJ JIAXING NODE NETWORK,
BEIJING, BEIJING, CN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.vouchercodes.net
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
1006 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:28:00 Win2K-f 70.76.63.247 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ffbb6cbe61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:32:00 WinXP 113.210.10.245 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:36:00 Win2K-f 46.109.66.238 (-):
. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:38:00 Win2K-f 93.114.177.224 (-):
SC GIGATELE COM SRL,
SIMERIA, HUNEDOARA, RO. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 2026658d8d
NEW none[none] none:none
none|none none none

T:07:45:00 WinXP 72.187.49.126 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. (DSL) n/a US:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball none e6f26d0bed
NEW none[none] none:none
none|none none none

T:07:55:00 WinXP 46.109.145.229 (-):
. n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 38 of 41 8887d42f5c
NEW afaf06d6cd [0] ASM:Graph
pex| lines=42 trace

T:07:57:00 WinXP 95.68.92.251 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:06:00 WinXP 178.24.81.3 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:08:13:00 Win2K-f 119.77.176.84 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:23:00 WinXP 113.252.224.90 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 38 of 41 fe87c62b51
NEW fe87c62b51 [1] ASM:Graph
pex| lines=19 trace

T:08:23:00 WinXP 93.105.86.83 (VECTRANET.PL):
BROADBAND SERS OF VECTRA S.A,
JELENIA GORA, DOLNOSLASKIE, PL. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 41 of 41 c03793a035
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:28:00 Win2K-f 96.224.166.127 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW YORK, NEW YORK, US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 40 0448650359
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:08:29:00 WinXP 46.233.10.135 (-):
. n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 37 of 40 4dd4197eb4
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:39:00 WinXP 97.78.108.238 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) n/a US:m.drd3h.com
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 5fa6f2f4f2
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:08:43:00 Win2K-f 75.119.103.118 (LDMI.COM):
IDEAL TECHNOLOGY SOLUTIONS US INC,
DETROIT, MICHIGAN, US. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ffbb6cbe61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:44:00 Win2K-f 84.237.250.6 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 35 of 40 c473a72583
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:44:00 Win2K-f 89.45.208.58 (-):
SC BLUENET TELECOM SRL,
RO. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:51:00 Win2K-f 74.67.180.245 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROCHESTER, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:08:51:00 WinXP 77.47.73.30 (CABLESURF.DE):
KKG-GUE-DHCP-SPACE,
BERLIN, BERLIN, DE. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 35 of 40 c473a72583
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

08:57:00 WinXP 114.51.159.212 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:09:16:00 Win2K-f 89.45.250.73 (HERTZA.RO):
SC SAM SA,
BUCHAREST, BUCURESTI, RO. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:17:00 Win2K-f 85.67.179.2 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:25:00 WinXP 190.207.197.24 (CANTV.NET):
CANTV SERVICIOS VENEZUELA,
CARACAS, DISTRITO FEDERAL, VE. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

09:38:00 Win2K-f 122.225.53.238 (163DATA.COM.CN):
CHINANET-ZJ JIAXING NODE NETWORK,
BEIJING, BEIJING, CN. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
:www.getmyip.org
EU:getmyip.co.uk
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:01:00 Win2K-f 70.107.248.216 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW YORK, NEW YORK, US. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 0.8
profile none summary
tarball 38 of 41 084b71b74d
NEW 8a425894ca [0] ASM:Graph
pex| lines=42 trace

T:10:08:00 Win2K-f 70.112.211.65 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AUSTIN, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:15:00 Win2K-f 113.252.166.197 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:28:00 WinXP 70.61.235.4 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:31:00 WinXP 95.68.138.138 (ESOO.RU):
OJSC VOLGATELECOM,
RU. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

10:46:00 Win2K-f 94.102.11.190 (NI.NET.TR):
NETINTERNET BILGISAYAR VE TELEKOMUNIKASYAN SAN. VE TIC. LTD. STI,
TR. (DSL) n/a US:www.maxmind.com
:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

10:56:00 Win2K-f 190.153.77.63 (NET-UNO.NET):
NET UNO C.A,
VALENCIA, CARABOBO, VE. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
US:208.43.124.51:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:05:00 Win2K-f 190.153.77.63 (NET-UNO.NET):
NET UNO C.A,
VALENCIA, CARABOBO, VE. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.vouchercodes.net
:www.getmyip.org
EU:checkip.dyndns.org
DE:131.220.6.26:80
US:217.160.239.39:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:25:00 WinXP 137.118.216.78 (WILKES.NET):
NEONOVA NETWORK SERVICES,
COLSTRIP, MONTANA, US. (100Mbps) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:29:00 WinXP 121.120.204.142 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:11:37:00 Win2K-f 87.116.156.45 (DYNAMIC.SBB.RS):
DYNAMIC IP RANGE FOR CABLE MODEM CUSTOMERS,
RS. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ffbb6cbe61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:43:00 Win2K-f 58.146.10.85 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:48:00 WinXP 113.210.164.36 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 8a19ca9eea
NEW none[none] none:none
none|none none none

T:11:51:00 WinXP 4.226.9.83 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DESOTO, TEXAS, US. (DIAL) n/a DE:citi-bank.ru
:adult-empire.com 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:57:00 WinXP 206.246.4.47 (OLEMAC.NET):
MCDONALD COUNTY INTERNET,
NEW YORK, NEW YORK, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:12:19:00 Win2K-f 72.15.116.114 (NEWNANUTILITIES.ORG):
NEWNAN UTILITIES,
NEWNAN, GEORGIA, US. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 41 29a3030e16
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:12:24:00 WinXP 49.14.22.151 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 42 4c1e03dd5e
NEW none[none] none:none
none|none none none

T:12:44:00 WinXP 77.64.194.96 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 41 of 43 1c05c18d2a
NEW none[none] none:none
none|none none none

12:47:00 WinXP 137.118.216.78 (WILKES.NET):
NEONOVA NETWORK SERVICES,
COLSTRIP, MONTANA, US. (100Mbps) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

12:57:00 WinXP 110.227.200.191 (59.AIRTELBROADBAND.IN):
BHARTI AIRTEL LTD,
GURGAON, HARYANA, IN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none

T:13:01:00 WinXP 113.210.81.226 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 40 of 43 4739f8e8c4
NEW none[none] none:none
none|none none none

T:13:15:00 WinXP 109.125.14.142 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 01c4a6b3eb
NEW dd524b0259 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:09:00 Win2K-f 70.65.249.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:17:00 WinXP 62.120.40.84 (-):
ETTIHADETISALAT,
RIYADH, AR RIYAD, SA. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

14:45:00 Win2K-f 85.17.81.32 (LEASEWEB.COM):
LEASEWEB,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
EU:getmyip.co.uk
:www.getmyip.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:15:47:00 Win2K-f 96.11.192.131 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 42 45885d17fa
NEW none[none] none:none
none|none none none

T:17:14:00 WinXP 187.80.92.58 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 41 863ed6d07e
NEW none[none] none:none
none|none none none

T:17:17:00 WinXP 186.122.60.154 (-):
. n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 37 of 41 ac499f0305
NEW none[none] none:none
none|none none none

T:18:51:00 Win2K-f 68.200.105.59 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LARGO, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 40 1761e9db94
NEW
d1e83e2d0a
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:33:00 WinXP 92.251.195.248 (NETWORK-IE.NET):
PROVIDER LOCAL REGISTRY,
IE. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none

T:19:39:00 WinXP 123.111.111.32, 60.190.223.75 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 91.193.194.67:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
CN:w.perfectexe.com
EU:ii.derquda.com
CN:ck.perfectexe.com
:wpad
CN:hn.yigeyuming.com
US:exchangetransfusions.info
US:zoo.parkingspa.com
:a.95622.com
174.123.157.154:80 135 pcap raw alerts
ruleset irc
http
175 lines Yeah : 1.8
profile none summary
tarball 18 of 41
38 of 40
38 of 40
29 of 43
36 of 43
18 of 41
21 of 40 51c413f474
NEW
89f410e7cc
NEW
909270c172
NEW
b34e640329
NEW
eb2c861fea
NEW
f6d9770745
NEW
f7df702b31
NEW none[none]
2593cbda62[0]
55c25968a5[0]
none [none]
none [none]
none [none]
none [none] none:none
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none
none|none
none|none none
lines=91
lines=125
embedded dns
none
none
none
none none
trace
trace
none
none
none
none

T:19:54:00 WinXP 201.173.204.231 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. (100Mbps) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:20:03:00 WinXP 177.31.207.155 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:20:28:00 WinXP 24.155.45.5 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO,
WOODWAY, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:20:43:00 WinXP 139.55.174.199 (WINDSTREAM.NET):
WINDSTREAM COMMUNICATIONS INC,
LINCOLN, NEBRASKA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 0cfab99612
NEW none[0] none:none
PolyEnE| lines=68 trace

21:24:00 WinXP 186.122.37.193 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 420b1a76c4
NEW none[none] none:none
none|none none none

T:21:32:00 WinXP 115.81.4.19 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 89333786d3
NEW none[none] none:none
none|none none none

T:21:37:00 WinXP 84.115.77.13 (SURFER.AT):
UPC TELEKABEL,
KLAGENFURT, KARNTEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:38:00 WinXP 122.30.224.18 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
KAWASAKI, KANAGAWA, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

22:12:00 WinXP 83.143.139.173 (-):
CONNECTED THROUGH INTERNET SOLUTIONS AND SYSTEMS SP. Z O.O,
WARSAW, WARSZAWA, PL. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

T:22:15:00 Win2K-f 75.38.94.36 (SBCGLOBAL.NET):
DANNY CHON DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:23:00 WinXP 67.55.191.148 (NETINS.NET):
CLEAR LAKE INDEPENDANT TEL CO,
MUSCATINE, IOWA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 43 of 43 6ffc4847e4
NEW none[none] none:none
none|none none none