Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 July 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:08:00 Win2K-f 173.45.64.124 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:24:00 Win2K-f 125.4.241.203 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
37 of 41 98d2778fd6
NEW
f676f3bf5b
NEW 9feea491cb [0]
0fba495fc4[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:00:27:00 WinXP 116.24.228.186 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:mx1.hotmail.com
US:mailin-02.mx.aol.com
BE:ftp.scarlet.be
US:yutunrz.1dumb.com
US:mailin-04.mx.aol.com 445 pcap raw alerts
ruleset http
shell
http
89 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:39:00 Win2K-f 117.74.99.123 (-):
CN. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:57:00 WinXP 114.137.222.244 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
7 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:01:00:00 WinXP 114.48.38.41 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:01:02:00 Win2K-f 207.5.236.176 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:00:00 WinXP 96.48.158.202 (-):
. n/a 135 pcap raw alerts
ruleset other
1006 lines Yeah : 1.3
profile none summary
tarball 7 of 41 6416d74719
NEW 6416d74719 [1] ASM:Graph
Armadillo| lines=0 trace

T:02:01:00 WinXP 79.162.145.166 (-):
IDEA,
PL. 218.93.205.24:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:211.95.79.6:80
CN:218.93.205.24:65520 445 pcap raw alerts
ruleset http
irc
28 lines Yeah : 1.3
profile none summary
tarball 39 of 41 919593d37e
NEW 12d036373f [0] none:none
PolyEnE| none trace

T:02:17:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

02:24:00 Win2K-f 125.21.50.182 (59.AIRTELBROADBAND.IN):
BHARTI TELEVENTURES LIMITED A/C ABTS MP,
BHOPAL, MADHYA PRADESH, IN. n/a US:www.maxmind.com
US:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:02:45:00 WinXP 76.91.172.245 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 41 53bfe15e91
NEW
78db854b5b
NEW 1473091351 [0]
209f80de5b[0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
none trace
trace

T:02:48:00 Win2K-f 124.241.180.194 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

03:22:00 Win2K-f 204.72.172.38 (ATCORP.COM):
TRITICOM,
MINNEAPOLIS, MINNESOTA, US. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:03:48:00 Win2K-f 204.72.172.38 (ATCORP.COM):
TRITICOM,
MINNEAPOLIS, MINNESOTA, US. n/a US:www.maxmind.com
US:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:03:54:00 WinXP 123.215.35.96 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 218.93.205.24:65520 221.5.74.39:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:brenz.pl
CN:211.95.79.6:80
CN:221.5.74.39:65520 135 pcap raw alerts
ruleset irc
http
143 lines Yeah : 1.8
profile none summary
tarball 7 of 41
30 of 33
31 of 33 18dfbbc85b
NEW
2ef9098242
NEW
d789c8d157
NEW 4f6fcecea3 [0]
de91d8b5d0[0]
5f6572479f[0] none:none
none:none
none:none
UPX|
Armadillo|
PolyEnE| none
none
none trace
trace
trace

T:04:09:00 Win2K-f 222.237.228.72 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 41 of 41
6 of 41 5213395833
NEW
9fdf6de4a9
NEW 515eacbc36 [0]
794f9a1087[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:04:56:00 WinXP 218.180.150.9 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:04:57:00 WinXP 174.6.21.151 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:01:00 Win2K-f 99.140.140.99 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

06:18:00 Win2K-f 122.229.38.140 (HZ.ZJ.CN):
CHINANET ZHEJIANG PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
US:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 223d8089f8
NEW none[3] none:none
StarForce| none trace

T:06:21:00 Win2K-f 211.76.55.250 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. 218.93.205.24:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:211.95.79.6:80 135 pcap raw alerts
ruleset irc
http
201 lines Yeah : 1.8
profile none summary
tarball 7 of 41
38 of 41 18dfbbc85b
NEW
7d784eaec9
NEW 4f6fcecea3 [0]
f4cc18d13f[0] none:none
none:none
UPX|
PolyEnE| none
none trace
trace

T:06:27:00 Win2K-f 122.229.38.140 (HZ.ZJ.CN):
CHINANET ZHEJIANG PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
DE:iv.cs.uni-bonn.de
US:www.getmyip.org
US:getmyip.co.uk
EU:checkip.dyndns.org
US:65.254.39.170:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
7 lines Yeah : 0.8
profile none summary
tarball 2 of 37 223d8089f8
NEW none[3] none:none
StarForce| none trace

T:06:54:00 WinXP 74.75.11.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:06:54:00 WinXP 86.155.81.171 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

07:13:00 Win2K-f 189.87.104.165 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:27:00 Win2K-f 124.241.190.162 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:35:00 WinXP 86.155.22.200 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWANSEA, WALES, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:08:18:00 WinXP 99.181.225.223 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:09:24:00 Win2K-f 189.87.104.165 (-):
. n/a US:www.maxmind.com
US:getmyip.co.uk
:checkip.dyndns.org
DE:131.220.6.26:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:12:00 WinXP 67.123.204.202 (PACBELL.NET):
RICHARD MULHALL,
SAN FRANCISCO, CALIFORNIA, US. (DSL) 72.10.172.211:8080 CA:xx.ka3ek.com
:zone2tech.info 135 pcap raw alerts
ruleset irc
http
630 lines Yeah : 1.8
profile none summary
tarball 25 of 39
40 of 41 367ce61cff
NEW
3842e66ff7
NEW 48128671a8 [0]
fc7c8aaf10[0] ASM:Graph
none:none
StarForce|
EXECrypto| lines=52
none trace
trace

T:10:23:00 WinXP 193.250.172.237 (ABO.WANADOO.FR):
WANADOO FRANCE,
PARIS, ILE-DE-FRANCE, FR. n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com
US:208.73.210.123:80 445 pcap raw alerts
ruleset http
http
http
8 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
NEW none[0] none:none
ASPack| lines=298
embedded dns trace

T:10:47:00 WinXP 4.88.50.188 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
121 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:13:00 Win2K-f 173.20.140.66 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

11:27:00 Win2K-f 189.21.3.47 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
DE:iv.cs.uni-bonn.de
US:www.getmyip.org
US:checkip.dyndns.org
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:36:00 Win2K-f 189.21.3.47 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
DE:iv.cs.uni-bonn.de
EU:checkip.dyndns.org 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

12:38:00 Win2K-f 190.176.17.175 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:getmyip.co.uk
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:12:48:00 WinXP 70.169.227.210 (COX.NET):
COX COMMUNICATIONS,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:51:00 Win2K-f 4.160.213.58 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ASHLAND, OHIO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
221 lines Yeah : 1.3
profile none summary
tarball 38 of 41
37 of 41 7461f4b99e
NEW
f9e3a69cf4
NEW de5ff2b862 [0]
b40853b435[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:13:01:00 WinXP 76.200.148.96 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
NEW none[0] none:none
none|none lines=64 trace

14:10:00 Win2K-f 62.87.35.20 (AIRTEL.NET):
GLOBAL MOBILE OPERATOR,
BARCELONA, CATALUñA, ES. n/a US:www.maxmind.com
US:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:15:18:00 WinXP 211.126.80.25 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c0e2e2d5ee
NEW bc3d4bd7ae [0] none:none
PolyEnE| none trace

T:15:24:00 WinXP 96.8.215.78 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:38:00 Win2K-f 24.234.70.169 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:53:00 Win2K-f 172.129.27.61 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:02:00 Win2K-f 4.176.27.175 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
165 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:25:00 Win2K-f 62.68.64.4 (COM-TONET.GR):
COM-TONET COMERCIAL COMMUNICATION NETWORKS,
ATHENS, ATTIKI, GR. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
US:getmyip.co.uk
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:18:26:00 WinXP 67.150.83.41 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] ASM:Graph
PolyEnE| lines=73 trace

T:18:29:00 Win2K-f 96.8.215.78 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:29:00 WinXP 67.150.83.41 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] ASM:Graph
PolyEnE| lines=73 trace

T:18:42:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:45:00 WinXP 118.231.6.107 (-):
. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 d61760f6a1
NEW 22542b9b5e [0] none:none
PolyEnE| none trace

T:19:16:00 WinXP 67.10.66.79 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. (100Mbps) 194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset other
188 lines Yeah : 1.8
profile none summary
tarball 32 of 32 15d4d85dc0
NEW 4c95ae4b3d [0] ASM:Graph
StarForce| lines=212
embedded dns trace

T:19:34:00 WinXP 209.42.184.6 (WISPNET.NET):
WISPNET LLC,
KENTUCKY, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 38 5865b09945
NEW 4d99f4784a [0] none:none
PolyEnE| none trace

19:40:00 WinXP 90.150.135.23 (-):
OJSC URALSVYAZINFORM EKATERINBURG DEPARTMENT,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 41 c67be54a10
NEW 1494eec3ca [0] none:none
PolyEnE| none trace

T:20:33:00 WinXP 189.48.234.157 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

22:10:00 WinXP 219.91.97.98 (APOL.COM.TW):
ASIA PACIFIC ON-LINE SERVICES INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:22:32:00 Win2K-f 59.97.137.192 (10/24.BSNL.IN):
NIB (NATIONAL INTERNET BACKBONE),
DELHI, DELHI, IN. n/a CZ:qtas.net
CZ:t32.marund.net 445 pcap raw alerts
ruleset http
irc
53 lines Yeah : 0.8
profile none summary
tarball 11 of 40 ea23d4c1f9
NEW 8f4c3a8da3 [0] none:none
MingWin32| none trace

T:23:15:00 Win2K-f 98.14.158.168 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:59:00 Win2K-f 24.83.118.2 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 6 of 41 e6947ddea2
NEW none[3] none:none
none|none none trace