Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 October 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:14:00 WinXP 152.48.222.64 (UNC.EDU):
NORTH CAROLINA RESEARCH AND EDUCATION NETWORK,
DURHAM, NORTH CAROLINA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:15:00 Win2K-f 122.146.227.7 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:29:00 WinXP 95.59.98.241 (-):
JSC KAZAKHTELECOM ASTANA AFFILIATE METRO ETHERNET NETWORK,
KZ. (DSL) n/a DE:citi-bank.ru
**:absurdistan.unas.cz
US:communityrespondalarm.com
TR:acibademinsaat.com
US:nightwatchonline.com
:eduguide.ae
US:pipl.org.in
US:acm-info.co.ma
:risabruno.com.br
TR:adiyamanlicigkoftecim.com
:www.aanshuman.com
US:maxoregypt.com
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 43 970ecf0e8b
NEW none[none] none:none
none|none none none

T:00:36:00 Win2K-f 75.38.94.36 (SBCGLOBAL.NET):
DANNY CHON DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:37:00 Win2K-f 76.204.141.30 (SBCGLOBAL.NET):
CAPTAIN MIKE S SHRIMP,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
74 lines Yeah : 1.3
profile none summary
tarball 1 of 33
33 of 33 4ca3056804
NEW
53bfe15e91
NEW none[0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| lines=90
lines=75
embedded dns trace
trace

T:00:41:00 WinXP 180.146.55.219 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 38 of 41 7b313206a2
NEW 0c866c8cce [0] ASM:Graph
none|none lines=59 trace

00:59:00 WinXP 124.13.118.7 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 42 8081b6b58c
NEW none[none] none:none
none|none none none

T:01:18:00 WinXP 121.120.187.146 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:01:29:00 WinXP 182.164.49.215 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 38 of 41 7b313206a2
NEW 0c866c8cce [0] ASM:Graph
none|none lines=59 trace

T:02:10:00 WinXP 79.163.117.65 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:02:23:00 WinXP 218.113.72.57 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
NAGASAKI, NAGASAKI, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:24:00 WinXP 24.78.40.170 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
158 lines Yeah : 1.3
profile none summary
tarball 37 of 42 ae16e77702
NEW none[none] none:none
none|none none none

T:02:50:00 WinXP 188.28.126.160 (THREE.CO.UK):
HUTCHISON 3G UK LIMITED,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:03:00:00 WinXP 121.123.42.47 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 98b322cff5
NEW none[none] none:none
none|none none none

03:07:00 WinXP 222.216.199.145 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
NANNING, GUANGXI, CN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:03:08:00 WinXP 117.254.227.127 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:03:12:00 Win2K-f 61.198.101.196 (THN.NE.JP):
TOKAI CORPORATION,
FUJI, SHIZUOKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 6b315f5dbc
NEW
7938865f8c
NEW 7604b94520 [0]
a9b9e4904b[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:03:58:00 WinXP 121.120.180.139 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:05:09:00 WinXP 120.138.174.160 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
129 lines Yeah : 1.3
profile none summary
tarball 39 of 40
39 of 39 b8e6f4caf7
NEW
fb92b91fe7
NEW f81eac6379 [0]
fe88ab8768[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:05:21:00 WinXP 190.58.1.209 (TSTT.NET.TT):
TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO,
TT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:05:34:00 Win2K-f 70.182.94.31 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. (DSL) 83.133.119.206:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kukerq.com
:streqa.com
EU:bestkind.ru
:greatenamedomain.in
173.192.153.178:80
EU:91.217.162.104:80 135 pcap raw alerts
ruleset irc
http
135 lines Yeah : 1.8
profile none summary
tarball 18 of 42
26 of 43
14 of 43
32 of 36
21 of 43
12 of 43
13 of 41
35 of 36 281fce5bd5
NEW
b1c5b647b5
NEW
bb1847a216
NEW
bea8cb1865
NEW
d378b31d95
NEW
d9a6f7e683
NEW
dd07d07376
NEW
fac78fde16
NEW none[none]
none [none]
none [none]
154de51a66[0]
none [none]
none [none]
none [none]
882896ab05[0] none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
Armadillo|
none|none
none|none
none|none
tElock| none
none
none
lines=91
none
none
none
lines=126
embedded dns none
none
none
trace
none
none
none
trace

T:05:35:00 Win2K-f 217.203.70.226 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 42 6049c3efc1
NEW none[none] none:none
none|none none none

T:05:35:00 WinXP 114.137.198.102 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a **:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 0.8
profile none summary
tarball 38 of 41 8887d42f5c
NEW afaf06d6cd [0] ASM:Graph
pex| lines=42 trace

T:05:36:00 Win2K-f 96.24.150.226 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
CHARLOTTE, NORTH CAROLINA, US. (100Mbps) n/a **:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:37:00 WinXP 112.78.83.34 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:05:41:00 WinXP 87.246.5.104 (-):
NETWORKS FOR CABLE CUSTOMERS OF CABLETEL IN VARNA,
VARNA, VARNA, BG. (DSL) n/a **:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:44:00 WinXP 188.73.203.239 (CAMPUSEAI.ORG):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:05:44:00 Win2K-f 94.251.144.177 (-):
CUSTOMERS IN SOSNOWIEC,
WARSAW, WARSZAWA, PL. (DSL) n/a **:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:53:00 WinXP 78.88.60.16 (VECTRANET.PL):
BROADBAND USERS OF VECTRA S.A,
BIELSKO-BIALA, SLASKIE, PL. (DSL) n/a **:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:02:00 WinXP 79.163.180.79 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
PL. (DSL) n/a DE:citi-bank.ru
:parex-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:06:27:00 WinXP 121.121.11.61 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:14:00 WinXP 4.167.94.109 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ABERDEEN, MISSISSIPPI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:07:15:00 WinXP 203.77.80.90 (GCN.NET.TW):
GLOBAL COMMUNICATION NETWORK CORP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:06:00 WinXP 117.254.14.245 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 41 bacfed7f1b
NEW none[none] none:none
none|none none none

T:10:03:00 WinXP 79.163.55.33 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:10:03:00 WinXP 109.54.32.197 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 97465e5d46
NEW none[none] none:none
none|none none none

T:10:30:00 WinXP 174.116.60.242 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:41:00 WinXP 121.120.75.105 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:11:13:00 Win2K-f 203.95.48.106 (THN.NE.JP):
TOKAI CORPORATION,
FUJI, SHIZUOKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:11:15:00 Win2K-f 58.226.38.55, 173.192.153.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 83.133.119.206:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kukerq.com
CN:exe3.perfectexe.com
:streqa.com
:sb.perfectexe.com
EU:bestkind.ru
EU:nonamedomain.in
CN:122.224.6.48:255
173.224.212.93:443
CN:60.190.222.139:65520 135 pcap raw alerts
ruleset irc
http
160 lines Yeah : 1.8
profile none summary
tarball 28 of 42
40 of 42
26 of 43
41 of 43
14 of 43
36 of 43
38 of 41
21 of 43
18 of 39 33873846ff
NEW
79fac06cf1
NEW
b1c5b647b5
NEW
b4afa1df1d
NEW
bb1847a216
NEW
c69512a223
NEW
ca04d3db9c
NEW
d378b31d95
NEW
db9def4e81
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none
none
none none
none
none
none
none
none
none
none
none

T:11:19:00 Win2K-f 174.100.43.185 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GARRETTSVILLE, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:23:00 WinXP 88.31.219.40 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
PUERTO DE LA CRUZ, CANARIAS, ES. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:54:00 WinXP 121.120.202.199 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:56:00 Win2K-f 95.25.50.44 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) 83.133.119.206:65520 US:microsoft.com
CN:exe3.perfectexe.com
EU:bestkind.ru
:sb.perfectexe.com
CN:proxim.ircgalaxy.pl
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kdddaber.com
LV:kukerq.com
:streqa.com
173.192.153.178:80
173.224.212.93:443
184.82.18.196:443
CA:74.117.63.232:443 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 18 of 42
18 of 41
14 of 43
4 of 36
36 of 43
13 of 41 281fce5bd5
NEW
35e22a9132
NEW
bb1847a216
NEW
bcfea5eaf1
NEW
c69512a223
NEW
dd07d07376
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none none
none
none
none
none
none

T:12:02:00 WinXP 188.28.173.217 (THREE.CO.UK):
HUTCHISON 3G UK LIMITED,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 39 4e81db1ee2
NEW b2211a8d42 [none] none:none
none|none none none

T:12:27:00 Win2K-f 59.120.228.224 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
NEW none[0] none:none
Armadillo| lines=90 trace

T:12:45:00 WinXP 112.78.73.17 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:13:11:00 WinXP 121.121.12.65 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:13:28:00 WinXP 184.80.69.109 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:43:00 WinXP 111.88.47.201 (HOSTS-WORLDCALL.NET.PK):
WORLDCALL TELECOM LTD,
PK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:47:00 WinXP 70.183.164.197 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

15:18:00 WinXP 212.225.196.160 (PTVTELECOM.COM):
ES-PROCONO-AS,
CóRDOBA, ANDALUCIA, ES. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:15:22:00 WinXP 152.48.222.64 (UNC.EDU):
NORTH CAROLINA RESEARCH AND EDUCATION NETWORK,
DURHAM, NORTH CAROLINA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:28:00 WinXP 81.9.170.241 (CM-81-9-237-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:16:10:00 WinXP 109.175.192.48 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 37 of 43 5ed0874084
NEW none[none] none:none
none|none none none

T:16:50:00 WinXP 109.227.228.153 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:17:51:00 Win2K-f 72.48.82.208 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS ODESSA HUB,
MIDLAND, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:30:00 WinXP 173.29.253.104 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:41:00 Win2K-f 76.189.154.103 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEVELAND, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:56:00 WinXP 115.80.207.235 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:19:15:00 WinXP 110.93.111.225 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 5bbb57c115
NEW
75ac189d9e
NEW 03e5cb3c4a [0]
705dbaa801[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:19:31:00 Win2K-f 58.123.70.138 (HANANET.NET):
HANARO TELECOM INC,
KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 3 of 41
33 of 33 8b41cb7a41
NEW
97fef473b9
NEW ef18d720f3 [0]
ff4e7d6992[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=90
lines=64
embedded dns trace
trace

T:19:34:00 WinXP 189.66.99.228 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SALVADOR, BAHIA, BR. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:19:35:00 WinXP 174.100.158.192 (RR.COM):
ROAD RUNNER HOLDCO LLC,
STOW, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:10:00 Win2K-f 194.19.234.252 (-):
BTG,
RIGA, RIGA, LV. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:41:00 Win2K-f 63.28.170.41 (UU.NET):
UUNET TECHNOLOGIES INC,
EATONTOWN, NEW JERSEY, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1060 lines Yeah : 1.3
profile none summary
tarball 15 of 43 cae7df658a
NEW none[none] none:none
none|none none none

T:20:48:00 WinXP 222.13.71.120 (DION.NE.JP):
DION (KDDI CORPORATION),
SAPPORO, HOKKAIDO, JP. (DIAL) 62.193.249.122:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
609 lines Yeah : 1.8
profile none summary
tarball 43 of 43 27b8ca6a46
NEW none[none] none:none
none|none none none

T:21:09:00 Win2K-f 24.249.131.40 (COX.NET):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. (DSL) 83.133.119.206:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl
LV:ad.ghura.pl
:bb.iwillhavebigdick.com
LV:kukerq.com
:streqa.com
EU:bestkind.ru
EU:nonamedomain.in
109.196.143.133:80
173.192.153.178:80
184.82.18.196:443
CN:60.190.222.139:65520
CA:74.117.63.232:443 135 pcap raw alerts
ruleset irc
http
245 lines Yeah : 1.8
profile none summary
tarball 39 of 41
26 of 43
14 of 43
21 of 43
41 of 43
12 of 43
18 of 39 205be1cf80
NEW
b1c5b647b5
NEW
bb1847a216
NEW
d378b31d95
NEW
d995585331
NEW
d9a6f7e683
NEW
db9def4e81
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none none
none
none
none
none
none
none

21:50:00 WinXP 117.254.85.158 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:22:08:00 WinXP 111.125.94.59 (-):
INTERNET SERVICE PROVIDER,
PH. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:22:12:00 WinXP 123.220.211.201 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
YOKOSUKA, KANAGAWA, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:22:22:00 Win2K-f 184.74.84.108 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:02:00 Win2K-f 24.208.160.30 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BUCYRUS, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 53aa804019
NEW
95ddd4a823
NEW 29c6cdbf45 [0]
9e78315a6d[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:23:22:00 WinXP 114.198.164.239 (-):
GLOBALVIEW CATV CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 ef96217736
NEW none[none] none:none
none|none none none

T:23:46:00 Win2K-f 114.74.255.13 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
MELBOURNE, VICTORIA, AU. (DSL) n/a 135 pcap raw alerts
ruleset other
820 lines Yeah : 1.3
profile none summary
tarball 28 of 41 b8076e37ae
NEW 52953fed05 [0] none:none
StarForce| none trace