Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

06 December 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:27:00 Win2K-f 120.138.158.55 (STARCAT.NE.JP):
KMN CORPORATION,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
39 of 41		 3f89b1ddee
NEW
6b887aded4
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:00:28:00 WinXP 71.116.36.136 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ERIE, PENNSYLVANIA, US. (DSL) 		92.240.234.164:3305 TH:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
608 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 40 b578280b18
NEW 		b69a6b100c [0] none:none
 StarForce| none trace
T:00:31:00 WinXP 83.20.158.30 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 b08c987b4a
NEW 		none[none] none:none
 none|none none none
T:00:55:00 WinXP 201.88.93.206 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		88.198.228.238:65520 CN:proxim.ircgalaxy.pl
CN:q.kfgrtjer.cn
:bfkq.com
:jsactivity.com
EU:colopin.cn
US:search.toptravellingtips.com
173.45.105.218:8392 		445 pcap raw alerts
ruleset 		http
irc
116 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 40
12 of 41
39 of 41
31 of 41
29 of 41
0 of 41
10 of 40		 1c0d01ec35
NEW
1e34f5fa0d
NEW
3b8cca876e
NEW
3d174375ea
NEW
785e86954f
NEW
97c696abae
NEW
b4c62dc578
NEW 		none[none]
none [none]
none [none]
none [none]
c6edee8e8b[0]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
PeStubOEP|
none|none
none|none 		none
none
none
none
none
none
none 		none
none
none
none
trace
none
none
T:01:32:00 WinXP 174.6.21.151 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
01:35:00 Win2K-f 94.102.12.50 (NI.NET.TR):
NETINTERNET BILGISAYAR VE TELEKOMUNIKASYAN SAN. VE TIC. LTD. STI,
TR. (DSL) 		n/a US:www.msn.com
:ycskxr.net
:sdlsu.biz
:hjgmwctjb.net
NL:fiszeace.org
US:ykuwdz.org
:wwfhgisac.biz
US:klmitym.info
:evxbs.net
:cmwkezw.org
:inaaa.org
:searchalligator.com
NL:xfjmebewn.org
US:nvpeji.info
:vcnbdvx.biz
US:sgamxvmkwz.org
:ekpkfd.com
:vbqrdrnt.org
:nmlejkputq.net
US:nvayq.org
US:syikbalz.info
US:ssrgrlymz.info
:lydixhtgo.net
US:qjzotvedt.org
:eonbpqia.biz
:qulcuzq.com
US:etpkliv.info
:kiwzqfas.com
:jnxoou.com
:ptabwt.biz
NL:qcyug.info
:oqqvudrr.net
US:zloyot.org
:smxbihz.biz
:uynonvndgg.net
:kvckjtxvw.org
:shzbsqsn.net
:elfmhkhfl.com
US:xtloegyo.info
:mhrvaj.com
:onclfmjpmgp.com
:bylcwqbysat.biz
US:gfhmik.org
:fsxpyjnbpcg.com
NL:hmdps.info
:eoowxuoshyj.net
US:pcqpoxe.org
:eqpxcxr.com
:bywxxxpbzu.net
US:ydvmg.org
:hpfzwtu.com
NL:vmnpizwo.org
US:ktumksor.org
:xletx.net
:vcnxdgkgmwv.com
:bapbihgt.biz
:dvbrgb.biz
:ytfskxbctnx.com
:sssvhwb.biz
:ujiwhfp.net
:qbkpkhmepur.biz
:ipkgerirmii.biz
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:03:28:00 WinXP 89.114.89.218 (-):
SC BEST MARIO INVEST SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 9716d7995a
NEW 		c3a5354b6f [0] none:none
 PolyEnE| none trace
03:34:00 WinXP 89.114.89.218 (-):
SC BEST MARIO INVEST SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 9716d7995a
NEW 		c3a5354b6f [0] none:none
 PolyEnE| none trace
T:03:52:00 Win2K-f 125.4.252.207 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
40 of 41		 1b1db1c992
NEW
8a50345c2f
NEW 		a8036b5105 [0]
585123125f[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
04:39:00 Win2K-f 92.36.205.168 (NET.BA):
BH TELECOM D.D. SARAJEVO,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. (DSL) 		n/a US:www.ask.com
US:nvayq.org
:dqlmjjz.info
NL:zzkshyp.info
:elfmhkhfl.com
US:nvpeji.info
US:smcsayjxy.org
US:hukowlm.info
US:oenmdeev.org
:onclfmjpmgp.com
:yruhatyp.net
:jkhdhnuzrxl.net
:yczuxdsi.info
:coyzwrgxb.com
US:tzuip.info
:eoowxuoshyj.net
:ideszlgolo.com
:fekrzknsmyx.biz
:xwchldqdbrq.com
:ibggj.com
US:qcyug.info
:oqrqvqso.biz
:ytfskxbctnx.com
:plgryl.com
:spcceut.net
:yzxtbvlxqch.net
:muzlrmtx.biz
US:kznqcvhpfa.org
:jlsekdcyso.com
:eoqxiupmqfn.com
:sssvhwb.biz
US:pcqpoxe.org
US:flrxkjjgzb.info
:xjtviq.biz
:ihacyii.net
:zadgqm.net
US:cyxkwfu.org
:zvpsqcumei.net
:upqlzz.net
:izezifrlex.com
:bpayjxvbjio.biz
:vcebtnnhh.biz
:kwznahgmomu.net
:lydixhtgo.net
US:lbcnooih.info
:stvgfxziqef.org
:bapbihgt.biz
:ovkke.net
:fsxpyjnbpcg.com
:ldexgvafah.net
:vcnxdgkgmwv.com
US:fuisqoelp.info
CA:ganue.com
:aqdaosy.biz
NL:evlgnhje.info
:dxoanacliv.com
:mhrvaj.com
:hpfzwtu.com
:tjukmggrteg.biz
:eonbpqia.biz
:qulcuzq.com
US:xdinghym.info
:qmqvkzik.com
NL:ifjsjfqrcoe.org
US:pnaevuxaabk.info
:eesyr.net
:jmctbddn.com
:irrtefbw.biz
:gkypmvki.net
:pweuowtgx.net
:sdlsu.biz
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:05:03:00 Win2K-f 63.17.35.89 (UU.NET):
UUNET TECHNOLOGIES INC,
BREMERTON, WASHINGTON, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
131 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
36 of 41		 97d5230e3f
NEW
dfb19bde14
NEW 		2deaf62cb7 [0]
7d7d4ab834[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:08:02:00 Win2K-f 4.156.171.76 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROCKTON, MASSACHUSETTS, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
08:29:00 Win2K-f 190.48.165.248 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:08:35:00 Win2K-f 4.171.129.190 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
JACKSONVILLE, FLORIDA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:08:39:00 Win2K-f 190.48.165.248 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
DE:131.220.6.26:80
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:08:44:00 Win2K-f 70.232.54.84 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
LITTLE ROCK, ARKANSAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:09:35:00 WinXP 62.11.236.194 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
ROME, LAZIO, IT. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
NEW 		none[0] none:none
 ASPack| lines=298
embedded dns 		trace
T:10:36:00 WinXP 78.49.57.191 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
WUPPERTAL, NORDRHEIN-WESTFALEN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
NEW 		none[0] none:none
 none|none lines=64 trace
T:10:49:00 Win2K-f 173.168.162.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
10:49:00 Win2K-f 221.120.217.163 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
RAWALPINDI, PUNJAB, PK. (DSL) 		n/a CN:www.baidu.com
US:pcqpoxe.org
:sadvmg.biz
:kznqcvhpfa.org
:wjsycbrb.com
US:tcgbgooy.info
US:wacnyzhentj.info
:lhcupzs.biz
:oqrqvqso.biz
NL:cbjlkem.info
:ktnzfxceorv.com
:kdrfn.biz
:oeylebsu.net
:ezrzheu.com
:ihacyii.net
NL:pjyuiw.org
US:btdowsbirrc.org
:tjiujzvx.net
US:zloyot.org
:egwvqvaq.com
US:waimqjdgxw.org
:kiwzqfas.com
:ydvmg.org
:qbkpkhmepur.biz
:fekrzknsmyx.biz
:hiwjnoytaw.net
US:vmnpizwo.org
:pkuucvfatip.org
NL:ykuwdz.org
:xletx.net
:jkhdhnuzrxl.net
US:smcsayjxy.org
US:qjzotvedt.org
:rcyqwl.net
:jkqrbqo.net
KR:espkr.net
:vodcvarfxid.net
:bobhbymovl.net
:ngijfnz.com
:smxbihz.biz
:kvtpxpay.net
US:ssrgrlymz.info
US:nhptin.org
:kcfrntej.biz
:onclfmjpmgp.com
US:ktumksor.org
:tkoqsre.biz
:nmlejkputq.net
:sdlsu.biz
:vcnbdvx.biz
:shzbsqsn.net
US:zmnhhdaolxa.info
:yqrhehlbmh.net
:ptabwt.biz
US:jtyfp.info
:eoqxiupmqfn.com
:bapbihgt.biz
:ytfskxbctnx.com
:coyzwrgxb.com
:spcceut.net
:mhrvaj.com
US:yczuxdsi.info
:xwchldqdbrq.com
US:tzuip.info
US:fbfhwxa.org
US:flrxkjjgzb.info
:iibvmivgk.biz
:ibggj.com
:uvgkt.net
:eonbpqia.biz
:dxoanacliv.com
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
9 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:11:06:00 Win2K-f 61.215.170.185 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
592 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 468e61694e
NEW 		none[none] none:none
 none|none none none
T:11:20:00 WinXP 4.242.239.105 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PORTLAND, OREGON, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
174 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:11:42:00 WinXP 76.77.226.99 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
LIVINGSTON, NEW JERSEY, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
38 of 41		 79e135c79a
NEW
c97e114f76
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:12:01:00 WinXP 209.33.46.124 (CEBRIDGE.NET):
JASONVILLE IN CUSTOMERS,
JASONVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
0 of 33		 7d20fe8724
NEW
a08f3b74a4
NEW 		none[none]
none [0] 		none:none
none:none
 none|none
Armadillo| 		none
lines=90 		none
trace
T:12:06:00 WinXP 79.18.116.28 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
LAMEZIA TERME, CALABRIA, IT. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
27 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 6152c54fc2
NEW 		ccc8b54f0a [0] none:none
 ASPack| none trace
T:12:25:00 WinXP 72.128.17.163 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, KANSAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:12:51:00 WinXP 117.19.250.23 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 6d209c7400
NEW 		none[none] none:none
 none|none none none
T:13:09:00 Win2K-f 96.50.242.234 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VERNON, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:13:29:00 Win2K-f 67.87.76.81 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
YORKTOWN HEIGHTS, NEW YORK, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:13:34:00 WinXP 70.72.23.221 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 daa5bf6bb0
NEW 		none[none] none:none
 none|none none none
T:13:36:00 Win2K-f 211.20.222.150 (HINET.NET):
XUN HANG TECHNOLOGY CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		92.240.234.164:3305 AR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
698 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace
T:13:48:00 Win2K-f 74.214.47.11 (METROCAST.NET):
METROCAST COMMUNICATIONS,
KING GEORGE, VIRGINIA, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 e30fb27bda
NEW 		90ee26f451 [0] ASM:Graph
 MEW| lines=185
embedded dns 		trace
T:13:53:00 WinXP 62.11.206.231 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
CAGLIARI, SARDEGNA, IT. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
US:208.73.210.125:80 		445 pcap raw alerts
ruleset 		http
http
http
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
NEW 		none[0] none:none
 ASPack| lines=298
embedded dns 		trace
T:14:20:00 Win2K-f 173.31.90.49 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MIDDLETOWN, NEW YORK, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40
38 of 40		 474acf88e5
NEW
68f0c14692
NEW 		1f53944b24 [0]
ccc1b24d53[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:14:26:00 Win2K-f 173.22.161.160 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
39 of 41		 3bff218b8f
NEW
7eaf7b4470
NEW 		b570b734be [0]
8e0b194526[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:14:39:00 WinXP 130.13.146.60 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 912a073945
NEW 		7874c7f21e [0] none:none
 PolyEnE| none trace
T:15:12:00 WinXP 64.188.216.138 (-):
WINDJAMMER COMMUNICATIONS LLC,
LIBERAL, KANSAS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:56:00 WinXP 65.6.132.38 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
17:37:00 WinXP 130.13.146.60 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 912a073945
NEW 		7874c7f21e [0] none:none
 PolyEnE| none trace
17:58:00 Win2K-f 114.42.51.33 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:18:33:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
QUZHOU, ZHEJIANG, CN. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:18:56:00 WinXP 208.82.42.99 (ENERGIZE.NET):
PULASKI ELECTRIC SYSTEM,
PULASKI, TENNESSEE, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:04:00 Win2K-f 4.182.167.244 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
104 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:05:00 WinXP 186.9.143.58 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 eda3b7766c
NEW 		7556343561 [0] none:none
 PolyEnE| none trace
19:09:00 Win2K-f 202.98.141.82 (-):
SICHUAN AGRICULTURAL COLLEGE,
CHENGDU, SICHUAN, CN. (100Mbps) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:18:00 Win2K-f 202.98.141.82 (-):
SICHUAN AGRICULTURAL COLLEGE,
CHENGDU, SICHUAN, CN. (100Mbps) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
8 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:44:00 Win2K-f 95.27.126.184 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. (DSL) 		n/a US:www.maxmind.com
DE:131.220.6.26:80
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:19:51:00 WinXP 4.234.248.249 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MIAMI, FLORIDA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:33:00 WinXP 174.6.2.46 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
37 of 41		 9699bb4c1e
NEW
cec781682e
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:22:04:00 Win2K-f 124.169.189.121 (IINET.NET.AU):
IINET LIMITED,
PERTH, WESTERN AUSTRALIA, AU. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:22:13:00 WinXP 112.110.2.150 (-):
GPRS VAS SERVICES,
DELHI, DELHI, IN. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 912a073945
NEW 		7874c7f21e [0] none:none
 PolyEnE| none trace
T:22:39:00 Win2K-f 118.83.14.251 (HTOJ.J-CNET.JP):
JCN-HTMNET,
HACHIOJI, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 0b951c2832
NEW
e4ed4df0f0
NEW 		5fe761661a [0]
de471fc380[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:22:47:00 WinXP 113.255.44.209 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1002 lines 		Yeah : 1.3
profile 		none summary
tarball 		22 of 41 da79f44d6f
NEW 		none[none] none:none
 none|none none none
T:22:48:00 WinXP 96.8.220.104 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
23:14:00 Win2K-f 95.84.1.238 (SAN.RU):
NETWORK OF SARATOV BRANCH OF OJSC VOLGATELECOM,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a :checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:23:16:00 WinXP 114.48.142.134 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:23:50:00 Win2K-f 210.192.199.239 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 c40e0af1a7
NEW
ca24bacb31
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none