Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 September 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:44:00 Win2K-f 173.18.38.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 10759405e0
NEW
d08e00dfaf
NEW 		292d343248 [0]
854c49d8c4[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=91
lines=64
embedded dns 		trace
trace
T:00:45:00 WinXP 92.243.100.176 (92-243-104-010.NTS.SU):
NEW TELESYSTEMS LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 b502f83a7c
NEW 		28f5be93b0 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:00:48:00 WinXP 211.58.58.104 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
NEW
53bfe15e91
NEW 		none[0]
1473091351[0] 		none:none
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=75
embedded dns 		trace
trace
T:01:22:00 WinXP 61.219.152.12 (HINET.NET):
HAPPY NETWORK INFORMATION BREAU,
KAOHSIUNG, T'AI-WAN, TW. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
01:52:00 WinXP 188.176.68.165 (DSL.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 b502f83a7c
NEW 		28f5be93b0 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:02:11:00 WinXP 79.165.232.84 (QWERTY.RU):
BRAS E-320-04 DHCP-POOL,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a RU:siliconfireware.ru
RU:auction.nic.ru
:www.google-analytics.com
RU:domain-parking.ru
US:new.egg.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
62 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:02:42:00 Win2K-f 61.101.186.136 (KRLINE.NET):
KRNIC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=56
embedded dns
lines=90 		trace
trace
T:03:26:00 WinXP 208.86.62.41 (C3BB.COM):
CITY OF SCOTTSBURG,
SCOTTSBURG, INDIANA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
03:27:00 WinXP 121.121.102.231 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:03:43:00 Win2K-f 61.198.101.194 (THN.NE.JP):
TOKAI CORPORATION,
FUJI, SHIZUOKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 6b315f5dbc
NEW
7938865f8c
NEW 		7604b94520 [0]
a9b9e4904b[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:03:54:00 WinXP 89.194.135.115 (-):
ORANGE HIGH SPEED INTERNET,
LONDON, ENGLAND, UK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40 68e76ac69b
NEW 		none[none] none:none
 none|none none none
T:04:01:00 WinXP 125.230.115.55 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:04:06:00 WinXP 174.44.24.39 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 7a10f959b5
NEW 		none[none] none:none
 none|none none none
T:05:35:00 Win2K-f 184.74.74.92 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:05:47:00 WinXP 183.83.228.162 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
05:49:00 Win2K-f 93.94.176.133 (IRKCITY.RU):
JSC MEGAPOLIS-TELECOM ISP,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a US:www.maxmind.com
US:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 d60e538e72
NEW 		none[3] none:none
 UPX| none trace
T:05:58:00 Win2K-f 93.94.176.133 (IRKCITY.RU):
JSC MEGAPOLIS-TELECOM ISP,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a US:www.maxmind.com
:www.getmyip.org
EU:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 d60e538e72
NEW 		none[3] none:none
 UPX| none trace
T:06:26:00 WinXP 180.66.213.43 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41
33 of 33		 8b41cb7a41
NEW
97fef473b9
NEW 		ef18d720f3 [0]
ff4e7d6992[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=64
embedded dns 		trace
trace
T:06:39:00 WinXP 114.137.144.81 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:07:23:00 WinXP 95.75.157.89 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 34 d20f157117
NEW 		738f555183 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:07:55:00 WinXP 115.82.117.80 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 b502f83a7c
NEW 		28f5be93b0 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:08:01:00 WinXP 116.126.210.23 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
:www.epra
JP:g105.secure.ne.jp
:www.imagemfolheados.com.br
BR:www.billboxrecords.com.br
US:www.saredrogarias.com.br
JP:www.nrw.co.jp
RU:www.treasuryislandcasino.com.ua
US:mst.com.ua
BR:loja.tray.com.br
UA:isu2.tup.km.ua
US:forums.ubuntulinux.jp
JP:cg.ces.kyutech.ac.jp
GB:forum.gryada.org.ua
UA:hosting.cnrg.com.ua
:bb.iwillhavebigdick.com
JP:www.aandd.jp
US:www.wolfram.co.jp
UA:masterkey.com.ua
JP:form.cao.go.jp
LV:kdert.com
UA:www.rulez.org.ua
:www.jaif.or.jp
JP:www.okilogistics.co.jp
JP:ir.kagoshima-u.ac.jp
JP:www.ristex.jp
:cps-h3.ep.sci.hokudai.ac.jp
US:www.iknow.co.jp
US:www.stone.co.ua
PL:ssl.aukro.ua
:shop.poziti
:www.inde
:la2.meganet.org.ua
:www.irt
UA:weather.co.ua
DE:www.miltenyibiotec.co.jp
:rastu.com.ua
BR:www.imusica.com.br
JP:www.myeclipseide.jp
:itmedia.smartseminar.jp
EU:wow.merlin.org.ua
:www.pirateparty.in.ua
:newsletter.go
BR:www.guiaseshop.com.br
BR:www.sextoy.com.br
JP:www.kajima.co.jp
JP:ss1.coressl.jp
JP:ssl.form-mailer.jp
JP:www.jica.go.jp
:nodes.com.ua
UA:bunker.org.ua
JP:www.gsec.keio.ac.jp
:www.mlh.co.jp
UA:global-host.com.ua
:black.nightphantom.com
JP:center.umin.ac.jp
JP:k.jfc.go.jp
US:cheburash.com
JP:www.science-forum.co.jp
US:www.365.e-secom.jp
JP:bookweb.kinokuniya.co.jp
JP:direct.ips.co.jp
EU:accounts.comodo.od.ua
JP:www.marantz.jp
UA:spooky.cartoons.org.ua
:ex2.broadser
:www.digimer.com.br
BR:ssl876.locaweb.com.br
UA:193.178.147.110:443
BR:201.20.45.207:443
JP:202.164.228.11:443
US:207.44.220.4:443
JP:210.171.131.16:443
UA:212.111.198.59:443
US:69.57.128.35:443
US:69.64.68.151:443 		135 pcap raw alerts
ruleset 		irc
http
183 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 43
39 of 41
31 of 33		 3a894ba0c8
NEW
ab9c4b5f21
NEW
d789c8d157
NEW 		none[none]
5fe48b2dcc[0]
5f6572479f[0] 		none:none
ASM:Graph
ASM:Graph
 none|none
Armadillo|
PolyEnE| 		none
lines=42
lines=113
embedded dns 		none
trace
trace
T:08:01:00 WinXP 46.109.58.124 (-):
. 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 42 9b285231fe
NEW 		a9a8f0a26f [0] none:none
 PolyEnE| none trace
T:08:01:00 WinXP 151.83.151.100 (SER-PR2-MAX.IUNET.IT):
INFOSTRADA,
IT. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:08:20:00 WinXP 119.154.50.251 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
LAHORE, PUNJAB, PK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 1595515522
NEW 		none[none] none:none
 none|none none none
T:09:07:00 WinXP 218.220.249.46 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOYONAKA, OSAKA, JP. (DSL) 		62.193.249.122:3305 EU:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
695 lines 		Yeah : 1.8
profile 		none summary
tarball 		38 of 41 ecfbf321d3
NEW 		none[none] none:none
 none|none none none
T:09:35:00 WinXP 189.53.118.92 (EMBRATEL.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:09:38:00 WinXP 79.163.172.240 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
PL. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 5c6df5141d
NEW 		none[none] none:none
 none|none none none
T:09:46:00 WinXP 188.231.172.49 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:10:43:00 WinXP 151.81.195.247 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 8d649f854f
NEW 		none[none] none:none
 none|none none none
T:11:41:00 WinXP 211.178.145.63 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41
33 of 33		 8b41cb7a41
NEW
97fef473b9
NEW 		ef18d720f3 [0]
ff4e7d6992[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=64
embedded dns 		trace
trace
T:12:24:00 WinXP 85.176.225.2 (ALICEDSL.DE):
HANSENET-ADSL,
WURZBURG, BAYERN, DE. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
NEW 		none[0] none:none
 PolyEnE| lines=57 trace
13:14:00 WinXP 75.92.45.167 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
SPRINGDALE, ARKANSAS, US. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:14:29:00 Win2K-f 24.79.3.115 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 42
39 of 42		 a1fac31325
NEW
c018e17b5b
NEW 		0fd057b5e2 [0]
8caee80d88[0] 		none:none
none:none
 Armadillo|
StarForce| 		none
none 		trace
trace
T:15:01:00 WinXP 96.15.170.0 (-):
ALLTEL SIP CUSTOMERS - LITTLE ROCK,
HALLSVILLE, TEXAS, US. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
NEW 		none[0] none:none
 PolyEnE| lines=57 trace
T:15:08:00 Win2K-f 24.100.25.59 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
MURRAY, KENTUCKY, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 0563ea7af7
NEW
7e1532574f
NEW 		bc2e11a802 [0]
e6930769d0[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=65
embedded dns
lines=91 		trace
trace
T:16:05:00 Win2K-f 202.177.88.174 (MB-ICTV.JP):
IRUMA CABLE TV,
TOKYO, TOKYO, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1002 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 43 409e5ba7fa
NEW 		none[none] none:none
 none|none none none
T:16:16:00 Win2K-f 208.100.231.246 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW YORK, NEW YORK, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
175 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 8c11263d93
NEW 		none[none] none:none
 none|none none none
T:17:20:00 Win2K-f 118.83.143.32 (NKNO.J-CNET.JP):
CITY TV NAKANO LIMITED,
JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 0b951c2832
NEW
e4ed4df0f0
NEW 		5fe761661a [0]
de471fc380[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=91
lines=64
embedded dns 		trace
trace
T:18:42:00 WinXP 76.189.154.103 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEVELAND, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:42:00 Win2K-f 216.211.244.134 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
37 of 41		 c89b154681
NEW
d2b40c91a1
NEW 		58d02dbffa [0]
fbaa414397[0] 		ASM:Graph
ASM:Graph
 StarForce|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:19:44:00 WinXP 174.39.239.212 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
LINCOLN, NEBRASKA, US. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 34 d20f157117
NEW 		738f555183 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:06:00 Win2K-f 221.142.123.162 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
BR:www.guiaseshop.com.br
JP:center.umin.ac.jp
:secure.fox
:itmedia.smartseminar.jp
JP:ss1.coressl.jp
JP:www.myeclipseide.jp
UA:spooky.cartoons.org.ua
US:www.stone.co.ua
BR:ssl876.locaweb.com.br
UA:weather.co.ua
JP:130.69.92.68:443
UA:193.178.147.110:443
BR:201.20.45.207:443
JP:210.171.131.16:443
JP:211.125.95.245:443
US:69.57.128.35:443
US:69.64.68.151:443
UA:77.120.110.76:443 		135 pcap raw alerts
ruleset 		irc
http
172 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 43
39 of 41
31 of 33		 ab65121be3
NEW
ab9c4b5f21
NEW
d789c8d157
NEW 		none[none]
5fe48b2dcc[0]
5f6572479f[0] 		none:none
ASM:Graph
ASM:Graph
 none|none
Armadillo|
PolyEnE| 		none
lines=42
lines=113
embedded dns 		none
trace
trace
T:20:15:00 Win2K-f 213.85.165.32 (CNT.RU):
RUSSIAN CENTRAL TELEGRAPH MOSCOW,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a JP:direct.ips.co.jp
EU:accounts.comodo.od.ua
JP:164.46.227.120:443
191.4.157.190:443
GB:193.169.188.64:443
UA:195.214.214.53:443
BR:201.20.45.207:443
US:66.197.152.245:443
US:67.15.97.220:443
US:69.72.149.166:443
EU:91.196.95.24:443 		445 pcap raw alerts
ruleset 		other
6 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:20:21:00 Win2K-f 189.244.74.102, 173.192.153.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 		83.133.119.206:65520 LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kdert.com
LV:streq.cn
LV:bestkind.ru
CN:exe2.perfectexe.com
:sb.perfectexe.com
CN:2b.perfectexe.com
CN:sy2.perfectexe.com
CN:122.224.6.48:255
LV:91.188.60.16:80
LV:91.188.60.177:80 		445 pcap raw alerts
ruleset 		irc
http
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 43
28 of 43
25 of 41
14 of 40
41 of 43
16 of 43
22 of 43
4 of 42		 304b663ce7
NEW
34d6e95d5b
NEW
36bb7118f0
NEW
77902a6eb2
NEW
b4afa1df1d
NEW
cd7ebac873
NEW
d0a070b647
NEW
f34ba103d5
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none
none 		none
none
none
none
none
none
none
none
20:48:00 WinXP 174.39.239.212 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
LINCOLN, NEBRASKA, US. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 34 d20f157117
NEW 		738f555183 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:21:09:00 Win2K-f 110.93.111.89 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 5bbb57c115
NEW
75ac189d9e
NEW 		03e5cb3c4a [0]
705dbaa801[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=91
lines=64
embedded dns 		trace
trace
T:21:31:00 WinXP 97.89.9.121 (CHARTER.COM):
CHARTER COMMUNICATIONS,
MCDONOUGH, GEORGIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 42
40 of 42		 1692cd58db
NEW
fe6db79f7f
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:22:26:00 WinXP 79.163.235.94 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
PL. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:23:19:00 WinXP 87.228.45.60 (-):
INFOLINE ZAO,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a RU:siliconfireware.ru
RU:domain-parking.ru
RU:auction.nic.ru
:www.google-analytics.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
60 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:23:20:00 WinXP 182.63.20.116 (-):
. 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:23:22:00 WinXP 219.80.255.41 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
1 of 33		 53bfe15e91
NEW
c562e2226d
NEW 		1473091351 [0]
none [none] 		ASM:Graph
none:none
 tElock|
none|none 		lines=75
embedded dns
none 		trace
none
T:23:41:00 WinXP 79.163.255.124 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
PL. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		42 of 43 0c31f1ffd4
NEW 		none[none] none:none
 none|none none none