Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 May 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:24:00 Win2K-f 112.197.200.3 (-):
SAIGON TOURIST CABLE TELEVISION,
VN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 38 c645a73bd2
NEW none[3] none:none
tElock| none trace

T:00:34:00 Win2K-f 112.197.200.3 (-):
SAIGON TOURIST CABLE TELEVISION,
VN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80
208.78.70.70:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 26 of 38 c645a73bd2
NEW none[3] none:none
tElock| none trace

T:03:41:00 Win2K-f 208.110.57.2 (-):
PRIVATE CABLE ISP SUBSCRIBER (SCHAUMBURG IL MARKET),
JONESBORO, GEORGIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
71 lines Yeah : 1.3
profile none summary
tarball 3 of 33 73ce2b74da
NEW none[0] none:none
Armadillo| lines=90 trace

T:04:01:00 WinXP 95.246.171.135 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA WIRELINE SERVICES,
ROME, LAZIO, IT. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

T:05:06:00 WinXP 87.110.170.191 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:05:21:00 WinXP 211.207.195.132 (FRONTIEROIL.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 83.133.119.206:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:ad.lometr.pl
CN:ku1.installstorm.com
UA:bunker.org.ua
:www.imagemfolheados.com.br
JP:www.aandd.jp
PL:ssl.aukro.ua
UA:spooky.cartoons.org.ua
:apply.reedexpo.co.jp
BR:www.digimer.com.br
JP:bookweb.kinokuniya.co.jp
BR:www.imusica.com.br
GB:forum.gryada.org.ua
JP:131.113.221.138:443
US:140.177.205.56:443
UA:195.214.214.53:443
BR:200.192.143.87:443
JP:202.218.203.244:443
US:64.41.142.74:443
US:69.61.11.226:443 135 pcap raw alerts
ruleset irc
http
167 lines Yeah : 1.8
profile none summary
tarball 36 of 41
40 of 41
18 of 41
40 of 41 138360a64d
NEW
54f6a48ee7
NEW
a1fdcee696
NEW
bdc4efdb73
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:05:42:00 Win2K-f 24.76.5.147 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SELKIRK, MANITOBA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 15 of 41 770a04a72c
NEW none[3] none:none
none|none none trace

T:06:14:00 Win2K-f 76.93.200.166 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HILO, HAWAII, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:20:00 WinXP 110.20.24.201 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
AU. (DSL) n/a 135 pcap raw alerts
ruleset other
793 lines Yeah : 1.3
profile none summary
tarball 39 of 41 63f2b29a87
NEW none[none] none:none
none|none none none

T:06:31:00 WinXP 70.184.104.142 (COX.NET):
COX COMMUNICATIONS,
CHANDLER, ARIZONA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 3b3a6d7615
NEW
b7a694b220
NEW ed7beb96f5 [0]
9f0354af30[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:06:39:00 Win2K-f 125.58.108.208 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:56:00 WinXP 81.84.97.4 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PORTO, PORTO, PT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 912a073945
NEW 7874c7f21e [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:21:00 WinXP 115.81.8.193 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:07:54:00 Win2K-f 70.184.208.123 (COX.NET):
COX COMMUNICATIONS,
COUNCIL BLUFFS, IOWA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 3b3a6d7615
NEW
b7a694b220
NEW ed7beb96f5 [0]
9f0354af30[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:08:06:00 WinXP 4.163.196.54 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ELBERT, COLORADO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 41 of 42
40 of 42 7549900329
NEW
b71514f095
NEW 4b13f1921b [0]
f6aa3689d1[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

08:29:00 WinXP 115.81.8.193 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:32:00 Win2K-f 110.11.99.39 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:ad.lometr.pl
JP:direct.ips.co.jp
UA:www.indev.kiev.ua
:www.imagemfolheados.com.br
PL:ssl.aukro.ua
JP:www.myeclipseide.jp
JP:www.irtvnet.jp
UA:195.214.214.53:443
JP:202.218.111.122:443
JP:203.179.38.26:443
JP:203.79.51.238:443
JP:210.171.131.16:443
UA:212.111.198.59:443
CN:60.190.222.139:65520
US:64.131.68.169:443
US:69.61.11.226:443
UA:77.120.104.50:443
UA:82.193.122.190:443 135 pcap raw alerts
ruleset irc
http
115 lines Yeah : 1.8
profile none summary
tarball 36 of 41
34 of 36
29 of 32 05265022c4
NEW
99b248336f
NEW
9d677c3f70
NEW none[none]
c64bd1a776[0]
77e75ff10f[0] none:none
ASM:Graph
ASM:Graph
none|none
Armadillo|
tElock| none
lines=91
lines=120
embedded dns none
trace
trace

08:36:00 WinXP 186.122.47.97 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 3a86516526
NEW none[none] none:none
none|none none none

T:08:39:00 Win2K-f 95.26.121.65 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. (DSL) 83.133.119.206:65520 CN:proxima.ircgalaxy.pl
CN:ad.lometr.pl
US:136.57.39.129:443
174.123.60.178:443
191.4.157.190:443
BR:200.143.10.165:443
JP:202.214.40.79:443
JP:210.147.30.22:443
UA:212.111.198.59:443
JP:222.146.58.38:443
US:69.57.128.35:443
US:69.61.11.226:443 445 pcap raw alerts
ruleset irc
http
11 lines Yeah : 1.3
profile none summary
tarball 36 of 41 f0a4409bf8
NEW none[none] none:none
none|none none none

T:08:48:00 WinXP 198.182.77.8 (ACES.NET):
LOGIN INC,
PORTLAND, OREGON, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:08:52:00 Win2K-f 67.253.44.251 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:09:00 Win2K-f 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:26:00 WinXP 12.150.255.67 (WATVC.COM):
WEST ALABAMA TV CABLE CO,
HAMILTON, ALABAMA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 42 f867780714
NEW dc97a50911 [0] none:none
PolyEnE| none trace

T:10:51:00 WinXP 99.146.97.198 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:27:00 WinXP 194.12.228.165 (LIREX.NET):
CENTRUM GROUP,
SOFIA, GRAD SOFIYA, BG. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
US:new.egg.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
52 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

T:11:57:00 WinXP 65.184.49.38 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WILMINGTON, NORTH CAROLINA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 38 of 40
36 of 41 84ace068d1
NEW
c584af4fcd
NEW c822a7d0e4 [0]
bdfcf0a930[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:12:27:00 Win2K-f 216.211.248.110 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
37 of 41 c89b154681
NEW
d2b40c91a1
NEW 58d02dbffa [0]
fbaa414397[0] ASM:Graph
ASM:Graph
StarForce|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:12:28:00 WinXP 12.181.26.227 (WATVC.COM):
WEST ALABAMA TV CABLE CO,
WINFIELD, ALABAMA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:20:00 Win2K-f 71.67.105.157 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:56:00 Win2K-f 184.80.69.109 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:14:00:00 Win2K-f 118.83.39.23 (HTOJ.J-CNET.JP):
JCN-HTMNET,
JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0b951c2832
NEW
e4ed4df0f0
NEW 5fe761661a [0]
de471fc380[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:14:26:00 WinXP 208.103.155.180 (CORETEL.NET):
CORETEL AMERICA INC,
MYERSTOWN, PENNSYLVANIA, US. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 40 6362c8686d
NEW 38239af1c3 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:59:00 WinXP 116.197.96.103 (-):
DIGI TELECOMMUNICATIONS SDN BHD,
SHAH ALAM, SELANGOR, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 41 fb85113a6e
NEW none[none] none:none
none|none none none

T:15:19:00 WinXP 216.19.20.78 (COMMSPEED.NET):
COMMSPEED ARIZONA LLC,
CHINO VALLEY, ARIZONA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:15:47:00 WinXP 95.180.175.211 (88.IN-ADDR.ARPA):
NEOTEL DOO EXPORT-IMPORT SKOPJE,
SKOPJE, KARPOS, MK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1feaf8491d
NEW none[none] none:none
none|none none none

T:15:53:00 WinXP 186.122.57.189 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 bba59c950d
NEW none[none] none:none
none|none none none

T:16:27:00 Win2K-f 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

17:42:00 Win2K-f 203.77.226.34 (CENTRAL.NET.ID):
PT. TOTAL INFO KHARISMA,
JAKARTA, JAKARTA RAYA, ID. (DSL) n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:17:45:00 Win2K-f 203.90.121.145 (AKAMAITECHNOLOGIES.COM):
HCL INFINET LIMITED,
BANGALORE, KARNATAKA, IN. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:09:00 WinXP 4.246.201.162 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAKE ISABELLA, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:12:00 Win2K-f 66.57.57.121 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CARY, NORTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 40 d08635ca20
NEW
e2479cbb98
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:17:00 WinXP 116.125.0.152 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 41 of 41
6 of 41 5213395833
NEW
9fdf6de4a9
NEW 515eacbc36 [0]
794f9a1087[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=56
embedded dns
lines=90 trace
trace

T:18:19:00 WinXP 186.9.221.240 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:18:28:00 Win2K-f 172.190.90.242 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
167 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:53:00 WinXP 186.10.148.182 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:19:32:00 Win2K-f 70.74.177.3 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 37 of 41
38 of 41 4180c19d91
NEW
b6e91e001c
NEW 9f3f2de385 [0]
d2275a6cf5[0] ASM:Graph
ASM:Graph
Armadillo|
PolyEnE| lines=91
lines=64
embedded dns trace
trace

T:19:47:00 Win2K-f 59.120.228.224 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
NEW none[0] none:none
Armadillo| lines=90 trace

T:20:27:00 WinXP 114.48.75.11 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 07cd99a10b
NEW f8f0f72da6 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:37:00 Win2K-f 175.114.85.243 (-):
. n/a US:microsoft.com
CN:irc.zief.pl
CN:ad.lometr.pl
GB:forum.gryada.org.ua
UA:www.epravda.com.ua
JP:center.umin.ac.jp
EU:wow.merlin.org.ua
US:www.iknow.co.jp
UA:hosting.cnrg.com.ua
JP:130.69.92.68:443
BR:201.20.45.207:443
UA:212.42.72.183:443
US:64.79.197.143:443
US:69.61.11.226:443
UA:77.120.110.76:443
EU:91.203.146.30:443 135 pcap raw alerts
ruleset irc
http
289 lines Yeah : 1.3
profile none summary
tarball 37 of 41
40 of 41
36 of 41 34cd9e2f76
NEW
376a6b6ecd
NEW
f0a4409bf8
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:20:57:00 Win2K-f 186.10.65.189 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
CL. (DSL) n/a US:forums.ubuntulinux.jp
BR:loja.tray.com.br
US:www.iknow.co.jp
:itmedia.smartseminar.jp
JP:center.umin.ac.jp
JP:130.69.92.68:443
JP:133.87.45.189:443
US:140.177.205.56:443
174.123.60.178:443
191.4.157.190:443
UA:195.214.214.53:443
BR:201.20.35.20:443
BR:201.20.45.207:443
UA:212.111.198.59:443
UA:213.186.115.36:443
CN:60.190.222.139:80
US:69.57.128.35:443
US:69.61.11.226:443
UA:82.193.122.190:443
EU:91.196.95.24:443 445 pcap raw alerts
ruleset irc
13 lines Argh : 0.3
profile none summary
tarball none none none none none none none

21:17:00 WinXP 206.246.29.101 (-):
SENECA TELEPHONE,
SENECA, MISSOURI, US. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:20:00 WinXP 189.66.190.70 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
RIO DE JANEIRO, RIO DE JANEIRO, BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 2d74521143
NEW none[none] none:none
none|none none none

T:21:29:00 WinXP 75.24.12.227 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
YOUNGSTOWN, OHIO, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 32 24137d8412
NEW 73a916deb4 [0] none:none
PolyEnE| none trace

T:21:50:00 WinXP 110.227.105.72 (59.AIRTELBROADBAND.IN):
BHARTI AIRTEL LTD,
GURGAON, HARYANA, IN. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:21:58:00 Win2K-f 99.110.83.116 (-):
. n/a US:microsoft.com
JP:www.myeclipseide.jp
UA:shop.pozitiv.ks.ua
UA:www.indev.kiev.ua
JP:center.umin.ac.jp
:www.mlh.co.jp
BR:loja.tray.com.br
JP:newsletter.gov-online.go.jp
US:forums.ubuntulinux.jp
UA:souvenirs.auction.ua
JP:www.gsec.keio.ac.jp
US:www.iknow.co.jp
JP:www.irtvnet.jp
JP:m-repo.lib.meiji.ac.jp
EU:wow.merlin.org.ua
JP:www.marantz.jp
JP:ss1.coressl.jp
UA:www.epravda.com.ua
:nodes.com.ua
UA:masterkey.com.ua
US:64.79.197.143:443
US:69.61.11.226:443 135 pcap raw alerts
ruleset other
7 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:21:59:00 Win2K-f 110.11.142.130 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 40 of 41
5 of 41 14f47ffd1e
NEW
50437008d9
NEW 90bf4b99ff [0]
c1b09ac5d7[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=56
embedded dns
lines=90 trace
trace

T:23:15:00 WinXP 58.150.155.23 (KRLINE.NET):
KRNIC,
KR. (DSL) 60.190.222.139:65520 CN:ad.lometr.pl
JP:form.cao.go.jp
US:www.iknow.co.jp
EU:accounts.comodo.od.ua
JP:www.jica.go.jp
JP:www.aandd.jp
JP:ir.kagoshima-u.ac.jp
:apply.reedexpo.co.jp
JP:m-repo.lib.meiji.ac.jp
UA:bunker.org.ua
UA:weather.co.ua
116.87.0.0:443
JP:131.113.221.138:443
JP:163.209.180.1:443
UA:195.214.214.53:443
JP:202.218.170.179:443
JP:202.218.203.244:443
JP:203.179.38.26:443
UA:212.82.216.42:443
US:64.131.68.169:443
US:65.74.140.3:443
US:69.61.11.226:443
UA:77.120.99.240:443
EU:91.196.95.24:443 139 pcap raw alerts
ruleset irc
http
26 lines Yeah : 1.3
profile none summary
tarball 36 of 41 05265022c4
NEW none[none] none:none
none|none none none

23:18:00 Win2K-f 58.150.155.23 (KRLINE.NET):
KRNIC,
KR. (DSL) 60.190.222.139:65520 CN:proxim.ircgalaxy.pl
CN:ad.lometr.pl
JP:bookweb.kinokuniya.co.jp
BR:loja.tray.com.br
UA:www.indev.kiev.ua
:la2.meganet.org.ua
BR:www.billboxrecords.com.br
UA:bunker.org.ua
BR:ssl876.locaweb.com.br
JP:www.gsec.keio.ac.jp
JP:ss1.coressl.jp
JP:sv37.wadax.ne.jp
115.125.150.227:443
JP:131.113.221.138:443
JP:133.87.45.189:443
UA:195.214.214.53:443
BR:201.20.45.207:443
BR:201.76.41.87:443
JP:210.171.131.16:443
JP:211.133.134.87:443
US:69.57.128.35:443
US:69.61.11.226:443
US:69.72.149.166:443
EU:79.171.122.236:443 139 pcap raw alerts
ruleset irc
http
38 lines Yeah : 1.3
profile none summary
tarball 36 of 41
40 of 41 05265022c4
NEW
baac0412ef
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

23:24:00 Win2K-f 93.108.68.42 (REV.VODAFONE.PT):
GPRS POOLS,
PT. (DSL) n/a JP:www.science-forum.co.jp
JP:ssl.form-mailer.jp
UA:opensvit.ua
EU:wow.merlin.org.ua
UA:masterkey.com.ua
:apply.reedexpo.co.jp
UA:weather.co.ua
:www.imagemfolheados.com.br
US:forums.ubuntulinux.jp
UA:isu2.tup.km.ua
JP:133.87.45.189:443
UA:195.214.214.53:443
PR:200.5.0.0:443
JP:202.218.111.122:443
JP:202.226.91.62:443
UA:212.111.198.59:443
UA:212.42.72.183:443
UA:212.82.216.42:443
US:69.57.128.35:443
EU:91.196.95.24:443 445 pcap raw alerts
ruleset irc
32 lines Argh : 0.3
profile none summary
tarball none none none none none none none

23:29:00 Win2K-f 220.137.73.132 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a BR:www.sextoy.com.br
US:mst.com.ua
JP:center.umin.ac.jp
UA:hosting.cnrg.com.ua
JP:130.69.92.68:443
JP:131.113.221.138:443
UA:195.214.214.53:443
BR:200.192.143.87:443
JP:202.214.40.79:443
JP:203.179.38.26:443
US:207.44.220.4:443
UA:212.82.216.42:443
JP:222.146.58.38:443
US:69.61.11.226:443
UA:82.193.122.190:443 445 pcap raw alerts
ruleset irc
32 lines Argh : 0.3
profile none summary
tarball none none none none none none none

23:34:00 Win2K-f 202.60.81.80 (NETLOGISTICS.COM.AU):
NET LOGISTICS,
SYDNEY, NEW SOUTH WALES, AU. (DSL) n/a
JP:131.206.55.11:443
174.123.60.178:443
191.132.154.190:443
PR:200.5.0.0:443
BR:201.20.45.207:443
US:204.13.248.107:443
US:69.57.128.35:443 445 pcap raw alerts
ruleset http
irc
38 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

23:40:00 Win2K-f 76.189.93.199 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. (DSL) n/a :checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
EU:78.40.35.134:80 445 pcap raw alerts
ruleset irc
http
22 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:42:00 Win2K-f 202.60.81.80 (NETLOGISTICS.COM.AU):
NET LOGISTICS,
SYDNEY, NEW SOUTH WALES, AU. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

23:50:00 Win2K-f 189.201.78.3 (IUSACELL.NET):
GRUPO IUSACELL CELULAR S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. (100Mbps) n/a BR:loja.tray.com.br
:rastu.com.ua
JP:ssl.form-mailer.jp
JP:www.jaif.or.jp
JP:130.69.92.68:443
JP:131.113.221.138:443
US:140.177.205.54:443
JP:163.209.180.1:443
JP:164.46.227.120:443
191.132.154.190:443
BR:201.20.35.20:443
JP:202.218.170.179:443
US:67.15.97.220:443
UA:77.120.104.50:443
UA:77.120.99.240:443
95.169.190.41:443 445 pcap raw alerts
ruleset irc
28 lines Argh : 0.3
profile none summary
tarball none none none none none none none