Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

15 September 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:28:00 Win2K-f 117.1.12.30 (-):
DAI IP CHO DICH VU ADSL HNI,
VN. (DSL) n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
DE:131.220.6.26:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:40:00 Win2K-f 173.28.193.111 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:09:00 Win2K-f 61.215.141.165 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 761a66b891
NEW
98d05c039b
NEW b469dac5dc [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:01:24:00 WinXP 79.163.104.94 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:01:24:00 Win2K-f 60.250.246.160 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:02:01:00 Win2K-f 70.75.150.64 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 37 of 41
38 of 41 4180c19d91
NEW
b6e91e001c
NEW 9f3f2de385 [0]
d2275a6cf5[0] ASM:Graph
ASM:Graph
Armadillo|
PolyEnE| lines=91
lines=64
embedded dns trace
trace

T:02:51:00 WinXP 151.83.183.24 (SER-PR2-MAX.IUNET.IT):
INFOSTRADA,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 42 of 43 d1d34f8be5
NEW none[none] none:none
none|none none none

T:03:01:00 Win2K-f 211.75.159.211 (KENNY.COM.TW):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:20:00 WinXP 70.72.166.241 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 39 of 41 ee64c59318
NEW b2cd748f5d [0] ASM:Graph
none|none lines=546 trace

T:04:18:00 WinXP 60.248.155.224 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:04:25:00 WinXP 117.254.218.147 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 42 of 43 48537b2ba5
NEW none[none] none:none
none|none none none

T:04:31:00 WinXP 112.78.68.254 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 cf346981b5
NEW 2eb6c94f0a [0] ASM:Graph
PolyEnE| lines=73 trace

T:04:46:00 Win2K-f 75.37.173.251 (SBCGLOBAL.NET):
JASON LEE,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:06:00 Win2K-f 112.201.32.20 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) 62.193.249.122:3305 FR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
610 lines Yeah : 1.8
profile none summary
tarball 43 of 43 ce53ef9b02
NEW none[none] none:none
none|none none none

05:08:00 WinXP 95.74.213.142 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 43 cfc736766e
NEW none[none] none:none
none|none none none

T:05:29:00 Win2K-f 110.93.96.251 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 5bbb57c115
NEW
75ac189d9e
NEW 03e5cb3c4a [0]
705dbaa801[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:05:34:00 WinXP 99.167.106.198 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
HAMDEN, CONNECTICUT, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:06:08:00 Win2K-f 115.165.36.108 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
TOKYO, TOKYO, JP. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:06:13:00 WinXP 187.80.26.61 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:07:00:00 WinXP 203.91.174.188 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 62.193.249.122:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
573 lines Yeah : 1.8
profile none summary
tarball 39 of 40 70ec5c4b3f
NEW f697adabdd [0] none:none
StarForce| none trace

T:07:33:00 WinXP 189.53.119.76 (EMBRATEL.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

07:37:00 Win2K-f 114.105.119.242 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
HEFEI, ANHUI, CN. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
EU:getmyip.co.uk
:www.getmyip.org
DE:131.220.6.26:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:14:00 Win2K-f 97.97.36.159 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VALRICO, FLORIDA, US. (DSL) 62.193.249.122:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
607 lines Yeah : 1.8
profile none summary
tarball 43 of 43 9783554cde
NEW none[none] none:none
none|none none none

T:08:30:00 WinXP 151.82.85.130 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 43 bc3e2bb76d
NEW none[none] none:none
none|none none none

T:08:31:00 Win2K-f 216.210.87.84 (SPEAKEASY.NET):
US. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:00:00 WinXP 92.115.136.205 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:02:00 Win2K-f 4.175.255.220 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PITTSBURGH, PENNSYLVANIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:21:00 Win2K-f 173.31.97.190 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MIDDLETOWN, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:15:00 Win2K-f 4.248.75.48 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PLAINFIELD, NEW JERSEY, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

10:21:00 Win2K-f 59.114.198.57 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
EU:checkip.dyndns.org
US:67.15.94.80:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:30:00 Win2K-f 59.114.198.57 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:03:00 Win2K-f 175.114.27.232 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 40 of 41
5 of 41 14f47ffd1e
NEW
50437008d9
NEW 90bf4b99ff [0]
c1b09ac5d7[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=56
embedded dns
lines=90 trace
trace

T:11:09:00 WinXP 79.232.50.61 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:11:33:00 WinXP 188.195.190.16 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 42 of 42 c46f4552da
NEW ce6ff736cf [0] none:none
none|none none trace

T:11:42:00 WinXP 92.40.147.129 (THREE.CO.UK):
MOBILE BROADBAND SERVICE,
MANCHESTER, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:11:49:00 WinXP 92.46.142.156 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM KARAGANDA AFFILIATE,
KARAGANDA, WEST KAZAKHSTAN, KZ. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:24:00 Win2K-f 70.76.40.183 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 37 of 41
38 of 41 4180c19d91
NEW
b6e91e001c
NEW 9f3f2de385 [0]
d2275a6cf5[0] ASM:Graph
ASM:Graph
Armadillo|
PolyEnE| lines=91
lines=64
embedded dns trace
trace

T:13:44:00 WinXP 4.246.3.108 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DIAL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] none:none
PolyEnE| lines=73 trace

T:14:14:00 WinXP 79.162.150.1 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:25:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
QUZHOU, ZHEJIANG, CN. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:11:00 WinXP 79.163.143.165 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WROCLAW, DOLNOSLASKIE, PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:15:33:00 Win2K-f 96.8.228.168 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
116 lines Yeah : 1.3
profile none summary
tarball 40 of 42
40 of 42 377ae8c2fd
NEW
7cfdf42414
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:56:00 Win2K-f 4.163.193.106 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 41 of 42
40 of 42 7549900329
NEW
b71514f095
NEW 4b13f1921b [0]
f6aa3689d1[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:16:24:00 WinXP 60.248.116.212 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:16:25:00 Win2K-f 180.70.142.16 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 83.133.119.206:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
EU:wow.merlin.org.ua
JP:direct.ips.co.jp
EU:accounts.comodo.od.ua
US:www.stone.co.ua
:cps-h3.ep.sci.hokudai.ac.jp
JP:www.gsec.keio.ac.jp
:www.epra
JP:www.aandd.jp
:bb.iwillhavebigdick.com
LV:kdert.com
JP:131.113.221.138:443
JP:202.218.203.244:443
JP:202.226.91.62:443
US:64.131.68.169:443
US:67.15.97.220:443
UA:77.120.121.35:443
LV:91.188.60.16:80
EU:91.196.95.24:443 135 pcap raw alerts
ruleset irc
http
162 lines Yeah : 1.8
profile none summary
tarball 18 of 43
16 of 43
39 of 41
31 of 33 65e302400b
NEW
901fde8bf5
NEW
ab9c4b5f21
NEW
d789c8d157
NEW none[none]
none [none]
5fe48b2dcc[0]
5f6572479f[0] none:none
none:none
ASM:Graph
ASM:Graph
none|none
none|none
Armadillo|
PolyEnE| none
none
lines=42
lines=113
embedded dns none
none
trace
trace

T:16:36:00 WinXP 189.67.169.235 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 aad01847fa
NEW none[none] none:none
none|none none none

T:16:58:00 Win2K-f 72.152.147.52 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. (DSL) n/a :in.7cy.net
:in1.7cy.net
US:searchportal.information.com
:cdn.dsultra.com
US:domdex.com
:b.collective-media.net
:segment-pixel.invitemedia.com
CA:idcs.interclick.com
:ad.doubleclick.net
US:ib.adnxs.com
US:b3.mookie1.com
US:208.71.123.131:80
67.228.101.130:80
CA:74.122.140.23:80
75.101.205.96:80 445 pcap raw alerts
ruleset http
irc
37 lines Yeah : 0.8
profile none summary
tarball 7 of 43 b76c839fa8
NEW none[none] none:none
none|none none none

T:17:33:00 Win2K-f 70.60.199.198 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MONROE, NORTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:39:00 WinXP 121.120.39.234 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 b46489628e
NEW none[none] none:none
none|none none none

T:18:48:00 WinXP 75.44.55.254 (SBCGLOBAL.NET):
RBACK6B.MILWWI.20060913,
MILWAUKEE, WISCONSIN, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
NEW none[0] none:none
none|none lines=64 trace

T:19:07:00 Win2K-f 184.74.74.92 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:19:08:00 Win2K-f 66.60.106.38 (FIRSTDIGITAL.COM):
FIRSTDIGITAL COMMUNICATIONS LLC,
ROSEVILLE, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 40 d08635ca20
NEW
e2479cbb98
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:34:00 Win2K-f 174.6.21.151 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:00:00 WinXP 118.83.14.189 (HTOJ.J-CNET.JP):
JCN-HTMNET,
HACHIOJI, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
122 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0b951c2832
NEW
e4ed4df0f0
NEW 5fe761661a [0]
de471fc380[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:20:49:00 WinXP 67.77.69.228 (EMBARQHSD.NET):
EMBARQ CORPORATION,
MONTALBA, TEXAS, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:21:00:00 WinXP 122.25.116.219 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:22:25:00 WinXP 66.72.68.55 (AMERITECH.NET):
AT&T INTERNET SERVICES,
NASHVILLE, INDIANA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:22:49:00 Win2K-f 64.175.160.91 (PACBELL.NET):
AT&T INTERNET SERVICES,
CARLSBAD, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:01:00 WinXP 70.61.173.252 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, OHIO, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1001 lines Yeah : 1.3
profile none summary
tarball 32 of 41 43b8f21924
NEW none[3] none:none
none|none none trace