Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

08 December 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:32:00 WinXP 68.144.170.200 (HUB.SYSTEM.IO):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 39
40 of 41		 19f9cb1f21
NEW
a9d40bc96b
NEW 		8b1482be5d [0]
b07fa6d434[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
01:25:00 Win2K-f 96.238.200.152 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW YORK, NEW YORK, US. (DSL) 		n/a :www.google.com
:xtpkxedmago.net
US:ekmssd.info
:uoptuxsx.biz
US:cpwwnoj.info
:ilnriodrgq.org
NL:mnjqkmrfn.org
:selzeueqft.net
US:ovjxr.info
:hyedujvpeie.biz
:qldfvbhctkw.com
:cgrwklfin.com
:pyexynpx.biz
:bzdxhyui.com
:gvqtqa.net
US:hdxdq.info
:oeakejrvlv.net
:qeitrvh.com
:usimheyzrs.com
:cysietabyb.biz
:vlzvgc.com
US:udoygbrb.info
:rsvuljko.com
:jnvgtgl.biz
:jfgxjdoypem.com
US:whimtaedoy.info
:aubexq.com
:hliiwyqcof.biz
:jtyjl.net
:kuhwnz.net
:pzibadqblec.com
:jampllxvjsq.biz
US:ruvmjitoj.org
:kwqecbq.com
:zhjynlot.biz
US:sdkqekz.info
US:tteaplt.org
:huamy.net
:ifniubqj.biz
:upcxaqvk.biz
:dtjbeosbtbw.net
US:bituyaocn.org
US:rwiqcdre.org
:ffbonq.biz
:orhvisoa.info
NL:ocrchammldq.info
:zgmzao.biz
US:ovljbsvzas.org
:brdxefvf.biz
:icwtgwyb.org
NL:qwrzgdey.org
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
8 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
02:34:00 Win2K-f 87.119.89.114 (PESHTERA.NET):
PASAT ANTENY LTD,
SOFIA, GRAD SOFIYA, BG. (DSL) 		n/a EU:getmyip.co.uk
GB:www.vouchercodez.com
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:03:13:00 Win2K-f 219.70.60.229 (GIGA.NET.TW):
HOSHIN MULTIMEDIA CENTER INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:17:00 Win2K-f 114.201.12.208 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		88.198.228.238:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
CN:av.ghura.pl
:pozemle.cn
EU:colopin.cn
DE:88.198.228.238:65520
EU:91.206.201.39:80 		135 pcap raw alerts
ruleset 		irc
http
123 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 41
34 of 36
23 of 41
29 of 32		 26f56abb1e
NEW
99b248336f
NEW
9b6ea363eb
NEW
9d677c3f70
NEW 		none[none]
c64bd1a776[0]
none [none]
77e75ff10f[0] 		none:none
none:none
none:none
none:none
 none|none
Armadillo|
none|none
tElock| 		none
none
none
none 		none
trace
none
trace
T:03:42:00 Win2K-f 113.255.113.22 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 41
33 of 33		 1cc5b253e9
NEW
53bfe15e91
NEW 		none[none]
1473091351[0] 		none:none
ASM:Graph
 none|none
tElock| 		none
lines=75
embedded dns 		none
trace
T:05:00:00 Win2K-f 208.36.224.184 (XO.NET):
ALTUS COMMUNICATIONS GROUP INC,
GEORGETOWN, SOUTH CAROLINA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:05:43:00 WinXP 93.80.184.123 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
NEW 		none[0] none:none
 none|none lines=60 trace
T:05:53:00 WinXP 70.184.3.117 (COX.NET):
COX COMMUNICATIONS,
WARNER ROBINS, GEORGIA, US. (DSL) 		193.104.94.11:65520 FR:proxim.ircgalaxy.pl
US:microsoft.com
EU:colopin.cn
CN:www.petdoso.com
EU:streq.cn
:horobl.cn
GB:www.businesstomb.com
:www.dailysportsnews.org
US:w.sharethis.com
:l.sharethis.com
:trgc.opt.fimserve.com
:pagead2.googlesyndication.com
174.123.160.146:80
74.125.19.164:80 		135 pcap raw alerts
ruleset 		irc
http
475 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 41
32 of 41
32 of 33
29 of 33
41 of 41
23 of 40		 785e86954f
NEW
827d304221
NEW
87e1117f2a
NEW
b4fe4581c3
NEW
dece7e8313
NEW
fd5d639b8d
NEW 		c6edee8e8b [0]
none [none]
3ff643aae6[0]
599b835896[0]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 PeStubOEP|
none|none
tElock|
Armadillo|
none|none
none|none 		none
none
none
none
none
none 		trace
none
trace
trace
none
none
T:06:11:00 WinXP 61.20.172.206 (FETNET.NET):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 74b3d149e8
NEW 		cef0fa2981 [0] none:none
 PolyEnE| none trace
T:06:14:00 Win2K-f 209.248.123.198 (FALCONBROADBAND.NET):
VANION INC,
COLORADO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
06:23:00 Win2K-f 85.140.20.184 (MTU-NET.RU):
ZAO MTU-INTEL,
MOSCOW, MOSCOW CITY, RU. (DIAL) 		n/a US:www.msn.com
US:trafficconverter.biz
US:zvmuaya.org
:kxdzwsr.net
US:thkktmasreq.info
:usimheyzrs.com
:enxvabh.com
US:zpvypwlj.org
:gcmvj.biz
US:keralr.org
US:ewlalbpc.org
:ffbonq.biz
:wjdzkwqhmhw.com
US:vktzktcyl.org
:qwwlnlxz.info
:ddslftbz.com
:aehlzxzgo.net
:gcmaafkwygc.com
NL:gcwuydkyk.org
:ihlgenotm.biz
:osdzk.com
US:udoygbrb.info
US:dhonym.info
US:hhrypcdh.org
US:wbymdlradp.org
:smkmuhagg.net
:jtyjl.net
:unbeizkvf.net
:hyedujvpeie.biz
US:rebmepvbngf.org
:hmbtfc.biz
:zglqt.net
:ngngs.com
:hliiwyqcof.biz
:brdxefvf.biz
:jtehpuut.biz
:bvdggnftt.com
:dokff.net
US:bxyfosy.info
US:cantmrkng.info
US:zdwrpqacft.org
:xzdtoupf.com
:wqulgezz.org
NL:syraqbibl.org
:eawaxbjiytb.net
:wucjvcau.com
:eccfbwyf.biz
US:ovljbsvzas.org
US:ujfstnpo.org
US:kypevvv.org
:qewimqgwdw.biz
:felqfccp.net
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
9 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:07:55:00 WinXP 216.152.2.100 (-):
CITY OF WILSON,
PEA RIDGE, ARKANSAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
592 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 5396ad0b54
NEW 		none[none] none:none
 none|none none none
T:09:56:00 Win2K-f 98.141.17.158 (CAVTEL.NET):
CAVALIER TELEPHONE,
HAMPTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:24:00 WinXP 80.244.153.148 (TNP.PL):
TDSA-NET,
WARSAW, WARSZAWA, PL. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 5818023061
NEW 		none[0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:16:00 WinXP 89.204.230.137 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
12:10:00 Win2K-f 114.40.65.159 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a GB:www.vouchercodez.com
US:www.maxmind.com
US:67.15.94.80:80
GB:80.82.119.191:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:12:22:00 Win2K-f 64.4.97.4 (NTELOS.NET):
NTELOS DHCP RANGE FOR DSL,
COVINGTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 73ce2b74da
NEW
79c01ec060
NEW 		none[0]
1bfd34056c[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=81
lines=64
embedded dns 		trace
trace
T:13:18:00 WinXP 87.13.213.210 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
RIMINI, EMILIA-ROMAGNA, IT. (DSL) 		n/a DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 6152c54fc2
NEW 		ccc8b54f0a [0] none:none
 ASPack| none trace
T:13:36:00 WinXP 62.45.223.230 (CAIWAY.NL):
KABELFOON,
NAALDWIJK, ZUID-HOLLAND, NL. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 973b7d1bee
NEW 		922ddaf1ee [0] none:none
 PolyEnE| none trace
T:14:07:00 Win2K-f 173.20.140.66 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
ALBANY, GEORGIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
39 of 41		 5e3a9c2d9d
NEW
630308d06b
NEW 		dbc48b815a [0]
847d302e37[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:14:45:00 WinXP 4.231.255.63 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FOREST HILLS, NEW YORK, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:15:04:00 WinXP 187.89.27.82 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 379f4b1d78
NEW 		none[none] none:none
 none|none none none
T:15:14:00 WinXP 218.220.141.133 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
38 of 40		 024410ad21
NEW
b0cedd71bb
NEW 		96d0267b80 [0]
f6e156bdca[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:15:20:00 WinXP 208.102.239.195 (FUSE.NET):
FUSE INTERNET ACCESS,
HAMILTON, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40
38 of 41		 abf4572c47
NEW
cf5eca7bf7
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:15:23:00 WinXP 63.26.31.54 (UU.NET):
UUNET TECHNOLOGIES INC,
SPRINGFIELD, ILLINOIS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
214 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 39
37 of 39		 166484192b
NEW
2a1e547005
NEW 		0c886fcb7b [0]
5c75fa020a[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
15:34:00 Win2K-f 201.254.94.75 (COM.AR):
TELEFONICA DE ARGENTINA,
MAR DEL PLATA, BUENOS AIRES, AR. (DSL) 		n/a EU:getmyip.co.uk
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:15:37:00 Win2K-f 173.168.175.118 (RR.COM):
ROAD RUNNER HOLDCO LLC,
APOPKA, FLORIDA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:15:49:00 WinXP 114.48.65.158 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:16:01:00 Win2K-f 69.76.131.129 (RR.COM):
ROAD RUNNER HOLDCO LLC,
OVERLAND PARK, KANSAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:39:00 Win2K-f 4.182.160.17 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
JOSHUA TREE, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:41:00 Win2K-f 75.60.205.88 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
COLUMBUS, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:17:37:00 Win2K-f 71.77.26.244 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 c40e0af1a7
NEW
ca24bacb31
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:24:00 Win2K-f 71.117.15.21 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BURLINGTON, WASHINGTON, US. (DSL) 		n/a :cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
695 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace
T:19:42:00 WinXP 65.32.223.95 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
19:55:00 Win2K-f 71.21.161.65 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
KIRKLAND, WASHINGTON, US. (DSL) 		n/a US:trafficconverter.biz
:www.google.com
US:gugyf.info
:ytqta.com
:rylgvythlqc.com
US:pimgvzzij.info
US:ukfqjbshi.org
:bssgww.com
:dbjggqxbgaj.biz
:gkxjtotu.com
US:ptskxyvc.org
US:wkzoh.info
:ngngnffdoyz.net
:twwdjlz.com
:snriiq.biz
:sadzwko.net
US:uhtwdpqezfi.org
:swhnd.com
:mbwmgof.com
:frppgjfxsbv.org
CA:behod.com
:sqkgmmg.biz
:mbwtkzhu.biz
:uvegpsla.net
US:badgrf.info
:xfwxkor.com
:sdcdiq.biz
NL:ykdoeyegx.org
US:pubbzzpxc.info
:nsdxzjzxu.net
:akolntvu.net
US:iwftrcg.org
US:dovadwsxcp.info
:ggohmxrsj.com
:pegcl.biz
:dtrvgfiq.info
:lqqkh.net
NL:nesuwlqh.info
:glkhhbr.com
:fiitirsjva.com
US:lzgegezd.org
:ikagnfmu.biz
US:juwuyqdvygi.info
US:ninweqfh.org
:zaiiteewwm.org
:ctobijw.net
NL:lgrcnvzboc.info
:hdozxxlusv.net
US:brwph.info
:jmrrginto.com
US:xsrde.org
US:jtpesqwaw.info
:zryhmafajlp.biz
:zfecizojbq.com
:xvqxevtkz.org
:syvzozoeot.biz
:swswabr.com
:ticogopt.com
:tkjwgb.biz
:pldbquviu.net
:obtchxrs.com
:ksqrgwu.biz
:cikctnkq.com
:tyijdlsx.net
:vcamxcwcs.org
:ydkpmqj.com
NL:rxmqqgiek.org
:dabvas.com
:rdmwvr.net
US:hjbptgyqi.org
:rnotuqul.biz
:xxavduz.biz
US:204.152.184.139:80
74.125.19.99:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
21:18:00 Win2K-f 125.234.14.28 (ADSL.VIETTEL.VN):
DAI IP CHO ADSL TAI HCM,
HO CHI MINH CITY, HO CHI MINH, VN. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:35:00 WinXP 64.188.131.250 (-):
WINDJAMMER COMMUNICATIONS LLC,
APPLETON, WISCONSIN, US. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		none[none] none:none
 none|none none none
T:22:23:00 WinXP 113.255.73.129 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:22:34:00 Win2K-f 173.28.203.45 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 10759405e0
NEW
d08e00dfaf
NEW 		292d343248 [0]
854c49d8c4[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:22:58:00 WinXP 95.220.0.37 (-):
FAIRLIE HOLDING & FINANCE LIMITED,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
NEW 		none[0] ASM:Graph
 none|none lines=61 trace
T:23:13:00 WinXP 74.214.47.11 (METROCAST.NET):
METROCAST COMMUNICATIONS,
KING GEORGE, VIRGINIA, US. (100Mbps) 		194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com 		135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 33 e30fb27bda
NEW 		90ee26f451 [0] ASM:Graph
 MEW| lines=185
embedded dns 		trace
T:23:58:00 WinXP 119.77.158.125 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 97e402001a
NEW 		none[none] none:none
 none|none none none