Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 December 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

01:23:00 Win2K-f 219.87.32.82 (SUNON.COM.TW):
KNKK,
KAOHSIUNG, T'AI-WAN, TW. (100Mbps) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:08:00 WinXP 96.8.226.199 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 40 9bdd2c95b1
NEW
cd456ac095
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:02:25:00 Win2K-f 144.139.121.112 (TMNS.NET.AU):
TELSTRAINTERNET32,
PERTH, WESTERN AUSTRALIA, AU. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
1 of 41 53bfe15e91
NEW
bb598daecf
NEW 1473091351 [0]
128bc5471a[0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
none trace
trace

T:02:28:00 Win2K-f 116.126.151.14 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 88.198.228.238:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:giopnon.cn
CN:q.kfgrtjer.cn
EU:colopin.cn
:bfkq.com
:jsactivity.com
US:search.toptravellingtips.com
173.45.105.218:8392
204.27.57.154:8392
US:66.96.221.101:8392
EU:91.206.201.39:80 135 pcap raw alerts
ruleset irc
http
241 lines Yeah : 1.8
profile none summary
tarball 15 of 41
39 of 41
12 of 41
12 of 40
38 of 41
22 of 40
0 of 41 0e70fe31d1
NEW
0e927ffe94
NEW
1e34f5fa0d
NEW
3e9f8c04e6
NEW
70d9f45041
NEW
7221229a1f
NEW
c4da59fc92
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none none
none
none
none
none
none
none

T:02:36:00 Win2K-f 74.99.40.128 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. (100Mbps) n/a US:insuranceist.com
US:www.google-analytics.com
US:images.smartname.com
US:microsoft.com
US:entrantfirm.com
US:zoo.parkingspa.com
US:getdiscounthomenow.com
204.27.57.154:8392
US:66.96.221.101:8392 135 pcap raw alerts
ruleset http
irc
73 lines Argh : 0.3
profile none summary
tarball 13 of 41 c9cee67bed
NEW none[none] none:none
none|none none none

02:37:00 Win2K-f 87.97.203.195 (PL.EKK.BG):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

T:02:46:00 Win2K-f 87.97.203.195 (PL.EKK.BG):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. (DSL) n/a US:www.maxmind.com
US:autonlines.com
:search.youblogged.com
:www.youblogged.com
US:microsoft.com
DE:131.220.6.26:80
US:66.96.221.101:8392 445 pcap raw alerts
ruleset http
206 lines Yeah : 0.8
profile none summary
tarball 4 of 37
0 of 41 8ce32ded17
NEW
d73a199cb1
NEW none[3]
none [none] none:none
none:none
Armadillo|
none|none none
none trace
none

T:02:53:00 WinXP 174.1.139.253 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
593 lines Yeah : 1.3
profile none summary
tarball 40 of 41 3fc86a2f40
NEW none[none] none:none
none|none none none

T:03:26:00 Win2K-f 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:03:47:00 Win2K-f 122.2.93.109 (PLDT.NET):
MLLC7300I01_CONSUMER,
MANILA, MANILA, PH. (DSL) n/a 135 pcap raw alerts
ruleset other
55 lines Yeah : 1.3
profile none summary
tarball 3 of 41 18727a186e
NEW 1ea861ccfa [0] none:none
Armadillo| none trace

T:04:53:00 WinXP 193.250.81.93 (ABO.WANADOO.FR):
FRANCE TELECOM,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:05:03:00 Win2K-f 220.216.34.89 (TNC.NE.JP):
TOKAI CORPORATION,
TOKYO, TOKYO, JP. (DSL) n/a 135 pcap raw alerts
ruleset other
592 lines Yeah : 1.3
profile none summary
tarball 39 of 41 97b1ee1f32
NEW none[none] none:none
none|none none none

T:06:08:00 WinXP 187.2.228.235 (VIVAX.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:07:52:00 WinXP 98.101.106.156 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

07:59:00 Win2K-f 95.25.246.52 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. (DSL) n/a US:www.w3.org
:shlblcvynrk.net
US:qomozzkvq.org
:svbynhsnfik.biz
US:gdcxtnlivs.org
:wcrvmkcvsx.net
:scucti.biz
:nvmckgm.biz
:zvryueyzn.net
:xbenzmpbl.biz
NL:uddryrih.org
:mgqtkcjz.net
:qlvoi.com
:zdxvttqaqd.com
:kpzugeioo.biz
:yvrbed.info
NL:amafgzqu.info
US:gsenoks.info
:qnyowflywj.biz
US:eqwuvmzwu.info
:rxrbhmjotmj.biz
NL:qkhpmqzbbgk.info
US:lcoletfjs.org
US:ipzmw.org
:ecjgqoobr.net
:ktddwyoy.net
:sfgddzgv.biz
NL:ujyhxxesj.info
:gtxhmgbrsd.com
US:ehuyadbm.info
US:casrojihrp.info
US:kmxwnudsbz.org
:rhjkd.biz
NL:rhigaxus.info
:neglgkum.biz
:vikxjfw.biz
:keeik.net
:dvwvcnlrbwq.net
:acdqq.biz
:ndyizede.biz
US:zuaem.org
:uyscfew.net
NL:rkahypus.org
:tvffdurw.net
US:ubrcnoan.info
:osvzysrlqov.biz
US:bealzdtydw.org
:nvvvuar.biz
US:mhifjs.org
:olchl.net
US:gqvchzkhm.info
US:rpuqclhyw.org
:zuxybowc.biz
:dmaiywzey.net
US:zkemmqsi.info
:aqijorssz.biz
:bpgrhqyuelr.net
:evzgwik.com
US:prkzfgwqn.org
:sjmdzm.com
:pgwuzf.biz
:hvbrihvk.net
:ssolbh.net
NL:dyjdawjk.info
US:qwesfnmh.org
US:tpxnvas.info
US:ggisclakh.org
:xoxvhczavnw.com
:evlgwjabljt.biz
:fhivsugzitd.info
:quzfbexvgdv.com
US:204.152.184.139:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:08:04:00 Win2K-f 98.141.160.56 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:10:00 WinXP 24.48.150.247 (SPEAKEASY.NET):
WEST PALM BEACH, FLORIDA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:45:00 WinXP 61.230.145.251 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] none:none
PolyEnE| none trace

T:09:56:00 WinXP 189.118.179.215 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 40 74b3d149e8
NEW cef0fa2981 [0] none:none
PolyEnE| none trace

T:10:26:00 WinXP 24.234.68.126 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:54:00 WinXP 84.3.236.91 (T-ONLINE.HU):
HUNGARIAN TELECOM,
BUDAPEST, BUDAPEST, HU. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 01c4a6b3eb
NEW dd524b0259 [0] none:none
PolyEnE| none trace

T:10:57:00 Win2K-f 68.146.136.164 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 92.240.234.164:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
608 lines Yeah : 1.8
profile none summary
tarball 39 of 41 9ce56f9f19
NEW 261c9da48f [0] none:none
StarForce| none trace

T:10:59:00 WinXP 61.218.193.250 (HINET.NET):
CHUNGHWA TELECOM CO. LTD. DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:02:00 Win2K-f 24.213.224.238 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

12:11:00 Win2K-f 91.14.68.206 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
CHEMNITZ, SACHSEN, DE. (DIAL) n/a
US:204.152.184.139:80 445 pcap raw alerts
ruleset http
12 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:14:04:00 Win2K-f 68.199.159.142 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BRONX, NEW YORK, US. (DSL) 194.109.11.65:6556 NL:0x80.online-software.org 135 pcap raw alerts
ruleset other
264 lines Yeah : 1.8
profile none summary
tarball 32 of 32 15d4d85dc0
NEW 4c95ae4b3d [0] ASM:Graph
StarForce| lines=212
embedded dns trace

14:08:00 Win2K-f 114.40.173.168 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.yahoo.com
:m.www.yahoo.com
NL:zwpupwg.org
:dvwvcnlrbwq.net
:mslhww.net
US:xtjcxjkeby.info
:odwrptgloc.com
US:lcoletfjs.org
US:fhcchr.info
:qjhlypully.com
:qksqyn.biz
:svbynhsnfik.biz
NL:slstmyzdqt.info
:uvqjkah.com
US:evwjb.info
US:amafgzqu.info
:eyrjykob.net
:mwoslzverm.com
US:rmzus.org
:mtffc.biz
:uuenq.biz
NL:uvmknrs.info
US:rhigaxus.info
US:yggxhe.org
:oppizeik.net
:zuaem.org
:aasjmvyq.biz
:etucikgnfon.com
:vserbsplj.net
US:hslbmjimc.org
US:pnsexjyh.info
:tjbavaqof.net
US:204.152.184.139:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

15:23:00 Win2K-f 95.29.162.182 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) n/a :checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:15:24:00 Win2K-f 70.183.164.221 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:24:00 WinXP 174.1.101.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:42:00 Win2K-f 98.175.167.93 (COX.NET):
COX COMMUNICATIONS,
FREDERICKSBURG, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:52:00 WinXP 173.28.223.92 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 40
38 of 41 92507dba23
NEW
b00a066665
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:54:00 WinXP 173.27.244.134 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
STREAMWOOD, ILLINOIS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:16:04:00 WinXP 71.101.147.24 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LAKELAND, FLORIDA, US. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] none:none
PolyEnE| none trace

T:16:09:00 Win2K-f 211.47.177.170 (KRLINE.NET):
KRNIC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
94 lines Yeah : 1.3
profile none summary
tarball 0 of 33
41 of 41 4c3df24b32
NEW
5213395833
NEW none[0]
515eacbc36[0] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

16:32:00 WinXP 71.101.147.24 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LAKELAND, FLORIDA, US. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] none:none
PolyEnE| none trace

17:14:00 WinXP 91.148.84.253 (TEHNICOM.NET):
BEOTELNET-ISP D.O.O,
CS. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:17:48:00 Win2K-f 174.116.88.151 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
592 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d728fe4100
NEW none[none] none:none
none|none none none

T:18:05:00 WinXP 63.246.122.215 (ALTUSCGI.NET):
PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET),
GEORGETOWN, SOUTH CAROLINA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:18:19:00 Win2K-f 173.23.56.33 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CRESTWOOD, KENTUCKY, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:46:00 Win2K-f 60.56.131.49 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. (DSL) n/a :checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:19:57:00 WinXP 117.97.153.83 (-):
GPRS-SUBSCRIBERS-IN-SOUTH,
SALEM, TAMIL NADU, IN. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 38 of 41 8b28f44ef4
NEW none[none] none:none
none|none none none

T:20:30:00 WinXP 114.48.100.42 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:20:34:00 Win2K-f 4.158.0.222 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
232 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:20:59:00 Win2K-f 24.83.68.49 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 38 of 41
40 of 41 2b5cf5b477
NEW
85e4e86d71
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:21:37:00 Win2K-f 76.217.106.223 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
PROSPECT HEIGHTS, ILLINOIS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:08:00 Win2K-f 203.73.84.3 (SEED.NET.TW):
SEEDNET-KAOHSIUNGDP-S,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:14:00 Win2K-f 71.127.246.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
RED BANK, NEW JERSEY, US. (DSL) 92.240.234.164:3305 US:cx10man.weedns.com
AR:fx010413.whyI.org
:gynoman.weedns.com
:g.0x20.biz
FI:telephone.dd.blueline.be
AR:phonewire.dd.blueline.be
:phonelogin.dd.blueline.be
JP:ufospace.etowns.net
AR:theforums.bbsindex.com
92.240.234.164:3305 135 pcap raw alerts
ruleset irc
702 lines Yeah : 1.8
profile none summary
tarball 28 of 41 b8076e37ae
NEW 52953fed05 [0] none:none
StarForce| none trace

22:20:00 Win2K-f 220.140.225.210 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.ask.com
:osdzk.com
NL:idrkqgsntgd.info
:ctufe.net
:ivishvnqut.net
US:ekmssd.info
US:syraqbibl.org
US:zdwrpqacft.org
:xtoawpmy.net
:mqqddzskeu.com
:rfvhqti.net
US:cantmrkng.info
US:sdkqekz.info
:rwiqcdre.org
NL:jwbyeahio.org
:dokff.net
:eckgitlt.net
US:qtfthnyozq.info
:mzksefurtns.com
:xffrtyeoyc.net
US:vktzktcyl.org
:devpvqh.biz
:fogvlek.com
:nxudbdcmqan.net
:xtpkxedmago.net
:ecgxuf.net
:qdkhnvzcag.info
:efxzjwjq.biz
:qldfvbhctkw.com
:zordnkbxb.info
:mtfuhzabu.biz
:jnvgtgl.biz
:jyvdngvm.com
:wjdzkwqhmhw.com
US:hknebetqwj.info
:jhekwwlb.biz
NL:qwwlnlxz.info
:jtehpuut.biz
US:emjdpgwcn.org
:jfgxjdoypem.com
:ysjdllp.com
US:zpvypwlj.org
:ivnegvhfw.com
:kilsdqc.biz
:bnxkxq.org
:klqlgnzyb.biz
:sjbthafn.com
:otwovejezhh.net
:zmsfn.com
:ddslftbz.com
US:rkaxkwsrcq.info
US:204.152.184.139:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:05:00 WinXP 68.150.130.193 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BEAUMONT, QUEBEC, CA. (DSL) 92.240.234.164:3305 AR:cx10man.weedns.com
:fx010413.whyI.org
92.240.234.164:3305 135 pcap raw alerts
ruleset irc
609 lines Yeah : 1.8
profile none summary
tarball 40 of 41 5b11ccbfe8
NEW none[none] none:none
none|none none none

T:23:56:00 WinXP 82.254.14.111 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 173232485c
NEW 65a8f41baa [0] none:none
PolyEnE| none trace