Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 December 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:08:00 Win2K-f 203.91.184.97 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

00:28:00 Win2K-f 115.88.163.108 (-):
LG DACOM CORPORATION,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:36:00 Win2K-f 115.88.163.108 (-):
LG DACOM CORPORATION,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:04:00 WinXP 174.0.137.114 (KODIAKPETROLEUM.COM):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
127 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 67621eedc5
NEW
749cc9507f
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:01:26:00 Win2K-f 96.8.226.199 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 40 9bdd2c95b1
NEW
cd456ac095
NEW d1bbd693ba [none]
d75caee680[none] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:01:55:00 Win2K-f 113.253.100.200 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 135 pcap raw alerts
ruleset other
1002 lines Yeah : 1.3
profile none summary
tarball 35 of 41 559acaa271
NEW none[none] none:none
none|none none none

02:38:00 WinXP 186.9.200.73 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a :moscow-advokat.ru
:lia.zanet.net
:washington.dc.us.undernet.org
:brussels.be.eu.undernet.org
NO:london.uk.eu.undernet.org
SE:vancouver.dal.net
SE:ozbytes.dal.net
SE:viking.dal.net 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:03:01:00 WinXP 113.254.179.70 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 40 of 41
38 of 41 a5ceb6c29d
NEW
adadfc0e1c
NEW d64cd9d18b [0]
0f57439d82[0] none:none
none:none
tElock|
tElock| none
none trace
trace

T:03:13:00 Win2K-f 69.76.131.129 (RR.COM):
ROAD RUNNER HOLDCO LLC,
OVERLAND PARK, KANSAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:59:00 Win2K-f 60.249.37.247 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:04:09:00 WinXP 219.109.125.136 (CATVNET.NE.JP):
CATV NETWORK SERVICES(STNET INCORPORATED),
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 0 of 35 ac6ad5d9b9
NEW none[none] none:none
none|none none none

T:04:35:00 Win2K-f 98.30.117.179 (RR.COM):
ROAD RUNNER HOLDCO LLC,
UPPER SANDUSKY, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

04:57:00 Win2K-f 119.124.96.22 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. (DSL) n/a US:msn.com
FI:194.215.38.3:80
EE:195.50.195.10:443
EE:62.65.192.24:80 445 pcap raw alerts
ruleset http
irc
8 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:05:04:00 WinXP 95.236.34.203 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA WIRELINE SERVICES,
ROME, LAZIO, IT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:05:21:00 WinXP 66.72.68.73 (AMERITECH.NET):
AT&T INTERNET SERVICES,
NASHVILLE, INDIANA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

05:37:00 Win2K-f 95.172.117.45 (SURGUTTEL.RU):
JSC SURGUTTEL,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a US:msn.com
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
GB:212.117.177.140:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset irc
http
28 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:05:44:00 Win2K-f 202.157.62.121 (KCN-TV.NE.JP):
KUMAMOTO CABLE NETWORK CORPORATION,
KUMAMOTO, KUMAMOTO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:08:00 Win2K-f 118.216.96.53 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 88.198.228.238:65520 US:microsoft.com
DE:proxima.ircgalaxy.pl
CN:www.liagand.cn
CN:av.lometr.pl
DE:88.198.228.238:65520 135 pcap raw alerts
ruleset irc
http
125 lines Yeah : 1.8
profile none summary
tarball 31 of 33
23 of 41
31 of 33
5 of 41 168aab35a3
NEW
357486dae7
NEW
667f0c59f3
NEW
d697b76f39
NEW 60b730b97e [0]
none [none]
8fe2be2095[0]
none [none] ASM:Graph
none:none
ASM:Graph
none:none
tElock|
none|none
Armadillo|
none|none lines=120
embedded dns
none
lines=91
none trace
none
trace
none

07:24:00 Win2K-f 115.80.195.12 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:30:00 Win2K-f 86.182.60.161 (BTCENTRALPLUS.COM):
CENTRAL + MIGRATION TO 21CN,
UK. (DSL) 88.198.228.238:65520 US:microsoft.com
DE:proxima.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:42:00 Win2K-f 94.198.234.114 (-):
JOINT STOCK COMPANY SVYAZIST,
MOSCOW, MOSCOW CITY, RU. (DSL) 193.104.94.11:65520 :google.com
GB:212.117.177.140:80 445 pcap raw alerts
ruleset irc
31 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:17:00 WinXP 186.9.13.225 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 f45285574e
NEW none[none] none:none
none|none none none

09:10:00 Win2K-f 220.109.153.225 (PLALA.OR.JP):
NTT PLALA INC,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com
EU:getmyip.co.uk
:checkip.dyndns.org
GB:212.117.177.140:80
EU:78.40.35.134:80
DE:88.198.228.238:65520 445 pcap raw alerts
ruleset http
19 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:09:11:00 WinXP 68.174.91.209 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. (100Mbps) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:ebookfinaltrash.ru
:wpad
RU:89.108.64.156:80 445 pcap raw alerts
ruleset http
http
http
27 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

T:10:33:00 Win2K-f 69.109.209.25 (PACBELL.NET):
PLTNCA INTERNAL,
OAKLAND, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:36:00 WinXP 89.246.186.154 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
JENA, THURINGEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:11:48:00 WinXP 173.168.162.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:49:00 Win2K-f 173.22.144.205 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1002 lines Yeah : 1.3
profile none summary
tarball 25 of 41 69aabe81c5
NEW none[none] none:none
none|none none none

T:12:56:00 Win2K-f 24.82.130.184 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:38:00 Win2K-f 64.144.35.70 (MEGAPATH.NET):
MEGAPATH NETWORKS INC,
JERSEY CITY, NEW JERSEY, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:40:00 WinXP 93.102.216.233 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 135 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:14:25:00 WinXP 69.132.50.85 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HUNTERSVILLE, NORTH CAROLINA, US. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

15:30:00 Win2K-f 117.6.66.70 (-):
DAI IP CHO DICH VU ADSL TAI HCM,
HO CHI MINH CITY, HO CHI MINH, VN. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

16:10:00 WinXP 91.188.110.92 (DOMAINUNUSED.NET):
41-503 CHORZOW UL.BOZOGROBCOW,
WARSAW, WARSZAWA, PL. (DSL) n/a :moscow-advokat.ru
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
:lia.zanet.net
SE:ced.dal.net
SE:qis.md.us.dal.net
FI:london.uk.eu.undernet.org
SE:ozbytes.dal.net
SE:broadway.ny.us.dal.net
SE:coins.dal.net
SE:vancouver.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

16:44:00 Win2K-f 114.38.105.106 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 88.198.228.238:65520 :google.com
US:cnn.com
DE:proxim.ircgalaxy.pl
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
US:204.152.184.139:80
204.27.57.154:8392
GB:212.117.177.140:80
CN:218.93.201.51:65520 445 pcap raw alerts
ruleset irc
http
27 lines Yeah : 1.3
profile none summary
tarball 13 of 41
10 of 41 07d4a44739
NEW
7ed43d490d
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

16:49:00 Win2K-f 74.222.1.106 (VRTSERVERS.NET):
VRTSERVERS INC,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:cnn.com
US:search.toptravellingtips.com
US:204.152.184.139:80
US:208.43.250.167:80
GB:212.117.177.140:80 445 pcap raw alerts
ruleset http
irc
110 lines Argh : 0.3
profile none summary
tarball 3 of 41
0 of 41
9 of 41 21501192a5
NEW
7ff3e718b6
NEW
a0764fc20c
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

17:01:00 Win2K-f 70.73.141.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:yahoo.com
:search.mynextkitchen.com
:www.mynextkitchen.com
US:204.152.184.139:80
GB:212.117.177.140:80 445 pcap raw alerts
ruleset http
irc
152 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:17:02:00 WinXP 186.10.25.212 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
CL. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

17:07:00 Win2K-f 109.114.19.9 (-):
IP ADDRESSES ASSIGNED TO VF-IT MOBILE USERS,
IVREA, PIEMONTE, IT. (DSL) n/a US:best-home-finance.com
US:as.casalemedia.com
:images.ddc.com
:s7.addthis.com
US:cdn.optmd.com
US:domdex.com
:download.macromedia.com
US:i.casalemedia.com
US:140.174.24.162:80
US:204.152.184.139:80
GB:212.117.177.140:80
66.114.48.63:80 445 pcap raw alerts
ruleset http
irc
52 lines Argh : 0.3
profile none summary
tarball 0 of 41 7119bea170
NEW none[none] none:none
none|none none none

17:13:00 Win2K-f 211.160.203.3 (CITYNETCHINA.NET):
FIBRLINK COMMUNICATIONS CO. LTD,
BEIJING, BEIJING, CN. (DSL) n/a US:msn.com
:seekadvance.com
GB:www.businesstomb.com
US:204.152.184.139:80
GB:212.117.177.140:80
US:64.156.192.117:80 445 pcap raw alerts
ruleset http
http
http
irc
60 lines Argh : 0.3
profile none summary
tarball none none none none none none none

17:19:00 Win2K-f 64.52.58.38 (-):
CORP MPS ACCESS - 132 W 36TH ST,
NEW YORK, NEW YORK, US. (100Mbps) n/a US:cnn.com
US:search.smarturl.co.uk
US:204.152.184.139:80
GB:212.117.177.140:80
EU:77.68.59.22:80 445 pcap raw alerts
ruleset irc
http
43 lines Argh : 0.3
profile none summary
tarball none none none none none none none

17:32:00 Win2K-f 124.107.88.142 (-):
20-56269_BENSON G LAO,
MANILA, MANILA, PH. (100Mbps) n/a US:cnn.com
US:204.152.184.139:80
GB:212.117.177.140:80 445 pcap raw alerts
ruleset irc
http
39 lines Argh : 0.3
profile none summary
tarball none none none none none none none

17:37:00 Win2K-f 174.46.235.54 (TWTELECOM.NET):
TW TELECOM HOLDINGS INC,
LITTLETON, COLORADO, US. (DSL) n/a :google.com
EU:www.bigwebguide.co.uk
US:204.152.184.139:80
204.27.57.154:8392
GB:212.117.177.140:80 445 pcap raw alerts
ruleset http
irc
46 lines Argh : 0.3
profile none summary
tarball none none none none none none none

18:04:00 Win2K-f 78.8.126.185 (NET.PL):
DYNAMIC BROADBAND SERVICES,
LODZ, LODZKIE, PL. (DIAL) n/a US:gardendebt.com
US:microsoft.com
EE:www.starman.ee
:bfkq.com
US:msn.com
:www.kingfeeds.com
US:cnn.com
:millsindex.com
US:asrrest.info
FI:194.215.38.3:80
EE:195.50.195.10:443
EE:62.65.192.25:80 445 pcap raw alerts
ruleset http
irc
16 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:18:14:00 Win2K-f 208.105.228.201 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1009 lines Yeah : 1.3
profile none summary
tarball 17 of 41 e1693609f9
NEW none[3] none:none
none|none none trace

T:18:19:00 WinXP 70.123.98.113 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COPPELL, TEXAS, US. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d6df3972a0
NEW none[0] ASM:Graph
PolyEnE| lines=65 trace

18:45:00 Win2K-f 60.50.88.198 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a US:cnn.com
DE:proxim.ircgalaxy.pl
:bfkq.com
US:www.maxmind.com
:google.com
GB:www.businesstomb.com
:jsactivity.com
US:yahoo.com
:commerceclick.co.uk
US:microsoft.com
FR:193.104.94.11:65520
204.27.57.154:8392
GB:212.117.177.140:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset other
20 lines Argh : 0.3
profile none summary
tarball none none none none none none none

19:15:00 Win2K-f 83.21.234.149 (TPNET.PL):
NEOSTRADA PLUS,
WARSAW, WARSZAWA, PL. (DSL) 218.93.201.51:65520 US:yahoo.com
DE:proxim.ircgalaxy.pl
GB:212.117.177.140:80
DE:88.198.228.238:65520 445 pcap raw alerts
ruleset irc
29 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:15:00 Win2K-f 66.65.73.163 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

19:20:00 Win2K-f 114.36.190.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
:yvieah.net
US:zeevnd.info
:kjzepjprcgy.com
US:odlxkjrybgq.info
US:kdvkrf.info
:cecqkmhkvt.biz
:rplhnsjytq.net
:wfixcbodn.info
:etrbgkytz.net
:ahxjykkm.com
:yrxrqnzeb.com
:cxoihrgws.biz
:qvsjkhhaay.com
US:wocusbzzkk.info
:coyqqy.com
US:hykhnmwzgav.org
:avgmzyxfjn.biz
US:rfnammye.info
US:zbflfkuxcb.info
:ditymhjbw.com
:kjdzxgou.net
:krdmm.biz
US:sisegts.info
:qqpmlfcp.info
NL:tdqfidktf.info
:lvibp.net
:jhwulmxph.com
:migjaugdf.net
:pcgalbrb.biz
:sythrnyalo.biz
US:msn.com
US:204.152.184.139:80
GB:212.117.177.140:80
US:74.208.64.145:80 445 pcap raw alerts
ruleset http
irc
27 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:19:46:00 Win2K-f 125.4.7.190 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:20:49:00 Win2K-f 173.22.150.252 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 41 3bff218b8f
NEW
7eaf7b4470
NEW b570b734be [0]
8e0b194526[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:22:00:00 WinXP 4.154.51.216 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BURNSVILLE, NORTH CAROLINA, US. (DIAL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 40 046bc82ba6
NEW none[none] none:none
none|none none none

T:22:20:00 Win2K-f 61.219.21.179 (HINET.NET):
TAIWAN CELLPHONE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:30:00 WinXP 219.65.3.149 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
MUMBAI, MAHARASHTRA, IN. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
US:new.egg.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
50 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

T:23:21:00 WinXP 64.130.167.205 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 1415b0b9e5
NEW
51110a94f0
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

23:34:00 Win2K-f 85.17.213.78 (LEASEWEB.COM):
LEASEWEB,
NL. (DSL) n/a
FI:194.215.38.3:80
EE:195.50.195.10:443
EE:62.65.192.24:80 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none