Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

14 September 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:08:00 WinXP 115.83.12.76 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:25:00 WinXP 203.91.162.129 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:44:00 WinXP 122.148.143.123 (DODO.COM.AU):
LAYER 2 BROADBAND CUSTOMER NETWORK,
SYDNEY, NEW SOUTH WALES, AU. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:01:51:00 Win2K-f 75.37.173.251 (SBCGLOBAL.NET):
JASON LEE,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:07:00 Win2K-f 118.83.14.189 (HTOJ.J-CNET.JP):
JCN-HTMNET,
HACHIOJI, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
122 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0b951c2832
NEW
e4ed4df0f0
NEW 5fe761661a [0]
de471fc380[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

02:39:00 WinXP 217.203.33.96 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 43 b5804bdd2d
NEW none[none] none:none
none|none none none

T:03:53:00 WinXP 175.113.47.207 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 41 of 43
41 of 43 178b0be402
NEW
c4be4e4a28
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:07:00 WinXP 72.48.216.109 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO HUB,
HEWITT, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:59:00 WinXP 219.127.8.113 (WAKWAK.NE.JP):
XEPHION(NTT-ME CORPORATION),
OKAYAMA, OKAYAMA, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:05:15:00 WinXP 4.246.237.21 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] none:none
PolyEnE| lines=73 trace

T:05:16:00 WinXP 110.9.189.231, 173.192.153.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 60.190.222.139:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kdert.com
CN:exe2.perfectexe.com
:x.liruna.com
:sb.perfectexe.com
:smtp.mail.ru
CN:cao.iwillhavebigdick.com
CN:sy2.perfectexe.com
CN:2b.perfectexe.com
:in.7cy.net
:in1.7cy.net
LV:91.188.60.16:80 135 pcap raw alerts
ruleset irc
http
http
125 lines Yeah : 1.8
profile none summary
tarball 18 of 43
7 of 43
31 of 33
16 of 43
16 of 43
39 of 41
41 of 43
36 of 43
9 of 43 074de43294
NEW
15e7457e8a
NEW
168aab35a3
NEW
36ea92775a
NEW
901fde8bf5
NEW
aa6d257461
NEW
b4afa1df1d
NEW
c69512a223
NEW
ca760bb824
NEW none[none]
none [none]
60b730b97e[0]
none [none]
none [none]
6aca567868[0]
none [none]
none [none]
none [none] none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
none:none
none:none
none:none
none|none
none|none
tElock|
none|none
none|none
Armadillo|
none|none
none|none
none|none none
none
lines=120
embedded dns
none
none
lines=91
none
none
none none
none
trace
none
none
trace
none
none
none

T:06:09:00 WinXP 121.121.166.105 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] none:none
PolyEnE| lines=73 trace

T:06:20:00 Win2K-f 71.98.213.167 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CLEARWATER, FLORIDA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 459d2bddeb
NEW 10fac04dd2 [0] ASM:Graph
none|none lines=546 trace

T:06:24:00 Win2K-f 60.248.116.212 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:19:00 WinXP 200.234.43.23 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:07:31:00 Win2K-f 219.115.218.171 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOYONAKA, OSAKA, JP. (DSL) 194.109.11.65:6556 NL:0x80.online-software.org
NL:0x80.martiansong.com
NL:194.109.11.65:1023
NL:194.109.11.65:6556 135 pcap raw alerts
ruleset other
188 lines Yeah : 1.8
profile none summary
tarball 36 of 36 0c01728b7e
NEW none[none] none:none
none|none none none

T:07:48:00 WinXP 80.171.143.36 (ALICEDSL.DE):
HANSENET-ADSL,
ELMSHORN, SCHLESWIG-HOLSTEIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:07:49:00 Win2K-f 61.205.157.86 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:07:56:00 WinXP 58.126.220.115 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:42:00 WinXP 174.5.75.15 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:08:56:00 WinXP 85.65.205.141 (BARAK-ONLINE.NET):
BARAK I.T.C,
HOLON, TEL AVIV, IL. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:09:08:00 WinXP 115.164.44.206 (-):
DIGI TELECOMMUNICATIONS SDN BHD,
SHAH ALAM, SELANGOR, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:12:00 Win2K-f 24.155.115.1 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS SAN ANTONIO HUB,
SAN ANTONIO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:15:00 Win2K-f 173.30.194.67 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
FEDERAL WAY, WASHINGTON, US. (DSL) 62.193.249.122:3305 FR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
577 lines Yeah : 1.8
profile none summary
tarball 22 of 41 75af48afe4
NEW 7a25f9e3cf [0] ASM:Graph
StarForce| lines=3273
embedded dns trace

T:10:28:00 WinXP 72.48.73.140 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS SAN MARCOS,
SAN MARCOS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:10:56:00 WinXP 178.34.132.11 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

11:18:00 WinXP 174.39.141.213 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
NORTH PLATTE, NEBRASKA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 d1b3b1de91
NEW none[none] none:none
none|none none none

T:11:24:00 Win2K-f 219.255.25.29 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 US:microsoft.com
CN:proxima.ircgalaxy.pl
LV:ad.ghura.pl
UA:hosting.cnrg.com.ua
JP:cg.ces.kyutech.ac.jp
JP:133.26.200.10:443
UA:193.178.147.110:443
IE:193.95.154.4:443
JP:203.179.38.26:443
JP:203.79.51.228:443
US:204.13.248.107:443
UA:213.133.164.203:443
JP:222.146.58.38:443
US:68.232.187.4:443
UA:77.120.121.35:443 135 pcap raw alerts
ruleset irc
http
162 lines Yeah : 1.8
profile none summary
tarball 8 of 43
40 of 41
26 of 43
36 of 43 0d4c9b9be2
NEW
1824c59f34
NEW
c3c08e6ba6
NEW
c69512a223
NEW none[none]
da8a48fc3a[0]
none [none]
none [none] none:none
ASM:Graph
none:none
none:none
none|none
tElock|
none|none
none|none none
lines=112
embedded dns
none
none none
trace
none
none

T:11:28:00 WinXP 4.163.194.201 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
227 lines Yeah : 1.3
profile none summary
tarball 41 of 42
40 of 42 7549900329
NEW
b71514f095
NEW 4b13f1921b [0]
f6aa3689d1[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:11:45:00 Win2K-f 67.206.201.131 (CENTENNIALPR.NET):
CENTENNIAL DE PUERTO RICO,
SAN JUAN, PUERTO RICO, PR. (DSL) n/a
174.123.60.178:443
191.132.154.190:443
UA:195.214.214.53:443
PR:200.5.0.0:443
BR:201.20.45.207:443
JP:202.226.91.62:443
US:66.197.152.245:443
US:69.57.128.35:443
US:69.72.149.166:443
UA:77.120.121.35:443
UA:77.120.99.240:443 445 pcap raw alerts
ruleset other
11 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:11:50:00 Win2K-f 76.235.206.122, 173.192.153.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 60.190.222.139:65520 CN:proxima.ircgalaxy.pl
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kdert.com
CN:exe2.perfectexe.com
:x.liruna.com
:sb.perfectexe.com
:www.epra
US:www.saredrogarias.com.br
EU:accounts.comodo.od.ua
JP:www.science-forum.co.jp
:www.pirateparty.in.ua
115.125.150.227:443
BR:200.143.10.165:443
JP:202.164.228.11:443
JP:210.171.131.16:443
JP:211.133.134.87:443
JP:222.146.58.38:443
US:64.131.68.169:443
US:68.232.187.4:443
US:74.52.66.226:443
EU:91.196.95.24:443 445 pcap raw alerts
ruleset irc
http
22 lines Yeah : 1.3
profile none summary
tarball 18 of 43
16 of 43
36 of 43
22 of 43 074de43294
NEW
901fde8bf5
NEW
c69512a223
NEW
cdd56d3622
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:11:54:00 WinXP 189.65.137.15 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 4e6a61ec5f
NEW none[none] none:none
none|none none none

T:12:44:00 Win2K-f 61.218.191.251 (-):
LIAN HONG BUSINESS CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 761a66b891
NEW
98d05c039b
NEW b469dac5dc [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:13:44:00 WinXP 4.86.5.161 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CANTON, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:28:00 Win2K-f 70.128.25.15 (PARAGOULD.NET):
PARAGOULD CITY LIGHT & WATER,
PARAGOULD, ARKANSAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 42
41 of 42 4d91db06f4
NEW
80ad2a0006
NEW 67419c8838 [0]
06729732e0[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:14:32:00 WinXP 174.39.142.21 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
NORTH PLATTE, NEBRASKA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 7fd985b16b
NEW none[none] none:none
none|none none none

T:15:31:00 WinXP 85.204.123.46 (C-SOLUTION.RO):
SC C SOLUTION SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:15:49:00 Win2K-f 67.87.54.35 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BRIDGEPORT, CONNECTICUT, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:02:00 WinXP 194.19.234.252 (-):
BTG,
RIGA, RIGA, LV. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:24:00 WinXP 173.168.162.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:33:00 Win2K-f 211.23.226.98 (-):
LIOU-TZUNG-YI-TC,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
37 of 40 5d445c59d8
NEW
8a54950abb
NEW 892e12db7b [0]
f6b9e43917[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:16:57:00 WinXP 122.196.16.65 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:17:28:00 WinXP 24.77.238.198 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 39 of 41 4d7eb70cf5
NEW none[none] none:none
none|none none none

T:18:20:00 WinXP 64.188.187.185 (-):
WINDJAMMER COMMUNICATIONS LLC,
BOSTON, MASSACHUSETTS, US. (DSL) n/a :siliconfireware.ru
RU:ebookfinaltrash.ru
:wpad 445 pcap raw alerts
ruleset http
http
3 lines Yeah : 0.8
profile none summary
tarball 40 of 41 db03c02347
NEW none[none] none:none
none|none none none

T:19:45:00 WinXP 69.193.78.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:19:56:00 WinXP 169.204.248.174 (WA.US):
WASHINGTON SCHOOL INFORMATION PROCESSING COOPERATIVE,
MORTON, WASHINGTON, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:20:29:00 Win2K-f 63.246.125.200 (ALTUSCGI.NET):
PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET),
GEORGETOWN, SOUTH CAROLINA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:33:00 Win2K-f 70.66.19.243 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NANAIMO, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 35 of 42
39 of 41 598fd8ba00
NEW
b3bf8ce518
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:20:33:00 WinXP 75.92.30.118 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
SPRINGDALE, ARKANSAS, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:21:03:00 Win2K-f 216.188.245.13 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO HUB,
WACO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:21:11:00 WinXP 99.224.140.190 (ROGERS.COM):
ROGERS CABLE INC. FLFRD,
NEPEAN, ONTARIO, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:21:32:00 WinXP 4.131.73.185 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FLINT, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:22:00 Win2K-f 99.148.255.46 (PACBELL.NET):
AT&T INTERNET SERVICES,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:22:29:00 WinXP 111.82.197.111 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:22:43:00 Win2K-f 66.54.124.185 (DIGICELBROADBAND.COM):
DIGICEL CAYMAN,
KY. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 40 d08635ca20
NEW
e2479cbb98
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:54:00 WinXP 180.70.142.47 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
JP:www.ristex.jp
RU:www.treasuryislandcasino.com.ua
JP:form.cao.go.jp
GB:forum.gryada.org.ua
JP:k.jfc.go.jp
:www.mlh.co.jp
:secure.fox
JP:122.219.252.105:443
GB:193.169.188.64:443
JP:202.164.228.11:443
JP:202.218.203.244:443
JP:203.180.136.89:443
JP:211.125.95.245:443
UA:212.82.216.42:443
JP:222.146.58.38:443
US:68.232.187.4:443 135 pcap raw alerts
ruleset irc
http
160 lines Yeah : 1.8
profile none summary
tarball 39 of 41
26 of 43
31 of 33 ab9c4b5f21
NEW
c3c08e6ba6
NEW
d789c8d157
NEW 5fe48b2dcc [0]
none [none]
5f6572479f[0] ASM:Graph
none:none
ASM:Graph
Armadillo|
none|none
PolyEnE| lines=42
none
lines=113
embedded dns trace
none
trace