Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 November 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:07:00 Win2K-f 116.121.76.177 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:13:00 Win2K-f 174.6.229.170 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CA. (DSL) 70.107.249.167:7000 US:dns.aswend.com 135 pcap raw alerts
ruleset irc
433 lines Yeah : 1.8
profile none summary
tarball 40 of 43 b55df243e2
NEW none[none] none:none
none|none none none

00:41:00 Win2K-f 202.56.202.168 (125.AIRTEL.IN):
BHARTI INFOTEL LTD,
PUNE, MAHARASHTRA, IN. (100Mbps) n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
:www.vouchercodes.com
EU:checkip.dyndns.org
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
112 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:50:00 Win2K-f 202.56.202.168 (125.AIRTEL.IN):
BHARTI INFOTEL LTD,
PUNE, MAHARASHTRA, IN. (100Mbps) n/a US:www.maxmind.com
EU:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:00:00 WinXP 202.147.195.166 (INFOKOM.NET):
INFOKOM ELEKTRINDO INC,
JAKARTA, JAKARTA RAYA, ID. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:01:27:00 WinXP 113.27.148.105 (-):
SHANXI TELECOM TAIYUAN CDMA NET IP NODE LINKS TO CUSTOMER IP ADDRESS,
TAIYUAN, BEIJING, CN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 c19c8a2776
NEW none[none] none:none
none|none none none

T:01:40:00 WinXP 92.41.42.136 (THREE.CO.UK):
MOBILE BROADBAND SERVICE,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:01:15:00 WinXP 166.164.82.214 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
SALINA, UTAH, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:01:17:00 Win2K-f 114.204.13.23 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 83.133.119.206:65520 GB:proxim.ircgalaxy.pl
US:microsoft.com
GB:ad.ghura.pl
GB:www.derquda.com
:streqa.com
EU:bestkind.ru
EU:anotherdomainname.in
:sb.perfectexe.com
CN:exe3.perfectexe.com
184.82.18.196:443
US:63.223.117.12:443
CA:74.117.63.232:443 135 pcap raw alerts
ruleset irc
http
177 lines Yeah : 1.8
profile none summary
tarball 5 of 43
38 of 40
14 of 43
27 of 41
19 of 42
17 of 42
25 of 43
17 of 38
38 of 40 2deb2753bb
NEW
66863cfb13
NEW
827e44840a
NEW
84beeea4ef
NEW
8fa9f641e6
NEW
99e40412c8
NEW
b6a0b73e41
NEW
b8fb945b41
NEW
e8dfca0741
NEW none[none]
fca240f318[0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
20dfd2147c[0] none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
Armadillo|
none|none
none|none
none|none
none|none
none|none
none|none
tElock| none
lines=91
none
none
none
none
none
none
lines=125
embedded dns none
trace
none
none
none
none
none
none
trace

T:01:39:00 Win2K-f 188.73.219.53, 173.192.153.178 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 194.8.251.67:65520 CN:exe3.perfectexe.com
EU:bestkind.ru
CN:lb.perfectexe.com
GB:proxim.ircgalaxy.pl
GB:ad.ghura.pl
GB:www.derquda.com
:amazon.americaneaglemarketing.com
:streqa.com
:sb.perfectexe.com
CN:122.224.6.48:255
CN:122.224.6.48:88 445 pcap raw alerts
ruleset http
irc
147 lines Yeah : 1.3
profile none summary
tarball 10 of 42
5 of 43
25 of 41
14 of 43
17 of 42
34 of 39
41 of 43
25 of 43
1 of 43 08c468b3c2
NEW
2deb2753bb
NEW
36bb7118f0
NEW
827e44840a
NEW
99e40412c8
NEW
9b5bd50972
NEW
b4afa1df1d
NEW
b6a0b73e41
NEW
f2c83ae118
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none
none
none none
none
none
none
none
none
none
none
none

T:01:44:00 WinXP 94.253.177.189 (XNET.HR):
BNET HRVATSKA,
HR. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 420b1a76c4
NEW none[none] none:none
none|none none none

T:01:46:00 WinXP 111.88.7.7 (HOSTS-WORLDCALL.NET.PK):
WORLDCALL TELECOM LTD,
PK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:01:47:00 WinXP 183.83.15.15 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

02:15:00 WinXP 92.243.103.154 (92-243-104-010.NTS.SU):
NEW TELESYSTEMS LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:02:29:00 WinXP 121.120.18.125 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 41 866ac9b262
NEW none[none] none:none
none|none none none

T:02:37:00 WinXP 109.53.28.67 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:02:59:00 WinXP 183.83.3.213 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 8fc7967af9
NEW none[none] none:none
none|none none none

T:03:10:00 WinXP 121.121.122.117 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 6e6fde936f
NEW none[none] none:none
none|none none none

T:03:11:00 WinXP 109.53.77.91 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:03:29:00 Win2K-f 24.155.63.218 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS CORPUS CHRISTI HUB,
CORPUS CHRISTI, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:35:00 WinXP 219.115.239.252 (ZAQ.NE.JP):
K CABLE TELEVISION CORPORATION INC,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| lines=90
lines=75
embedded dns trace
trace

T:03:57:00 Win2K-f 173.25.88.195 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
GOLD BAR, WASHINGTON, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
39 of 41 10759405e0
NEW
d08e00dfaf
NEW 292d343248 [0]
854c49d8c4[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:04:08:00 WinXP 178.92.161.51 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:04:10:00 WinXP 4.225.169.22 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ITALY, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:04:15:00 WinXP 50.9.53.129 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:52:00 WinXP 61.46.131.82 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:05:24:00 Win2K-f 211.203.39.47 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 40 of 41
38 of 41 3dc6500eb1
NEW
ff3843f312
NEW none[none]
30a7e641cf[0] none:none
ASM:Graph
none|none
Armadillo| none
lines=90 none
trace

T:05:42:00 WinXP 213.191.227.146 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

05:50:00 WinXP 94.50.185.194 (PERMONLINE.RU):
DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:06:00:00 WinXP 122.146.240.41 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:51:00 WinXP 87.3.97.249 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CATANIA, SICILIA, IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:06:57:00 WinXP 151.81.89.172 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 b01a29daeb
NEW none[none] none:none
none|none none none

T:07:12:00 Win2K-f 61.205.155.229 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:07:44:00 WinXP 121.121.64.197 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 6e6fde936f
NEW none[none] none:none
none|none none none

T:07:58:00 WinXP 64.33.132.47 (AIRSTREAMCOMM.NET):
TRI COUNTY TELEPHONE,
WISCONSIN, US. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 29 of 29 0cfab99612
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:16:00 Win2K-f 220.225.242.90 (PHOTONINFOTECH.COM):
RELIANCE COMMUNICATIONS LTD,
DELHI, DELHI, IN. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 71e6f60517
NEW
ab4e3226c4
NEW 1ef1781501 [0]
c2d0313e73[0] ASM:Graph
none:none
Armadillo|
tElock| lines=91
none trace
trace

T:08:25:00 WinXP 97.97.36.15 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VALRICO, FLORIDA, US. (DSL) 62.193.249.122:3305 EU:cx10man.weedns.com
JP:fx010413.whyI.org
FR:62.193.249.122:3305 135 pcap raw alerts
ruleset irc
706 lines Yeah : 1.8
profile none summary
tarball 43 of 43 9783554cde
NEW none[none] none:none
none|none none none

T:08:43:00 WinXP 121.120.99.76 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 6e6fde936f
NEW none[none] none:none
none|none none none

T:08:45:00 WinXP 27.248.164.150 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

08:57:00 WinXP 121.120.99.76 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 6e6fde936f
NEW none[none] none:none
none|none none none

T:09:46:00 WinXP 121.121.134.97 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW none[0] none:none
PolyEnE| lines=73 trace

T:10:06:00 WinXP 151.82.133.176 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 95d1a78f0d
NEW none[none] none:none
none|none none none

T:10:41:00 WinXP 78.8.96.21 (NET.PL):
DYNAMIC BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:10:45:00 WinXP 93.102.6.35 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
COIMBRA, COIMBRA, PT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 42 acfd2b2a1f
NEW none[none] none:none
none|none none none

T:10:53:00 WinXP 94.197.61.73 (THREE.CO.UK):
MOBILE BROADBAND SERVICE,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 42 0865832e89
NEW none[none] none:none
none|none none none

T:11:27:00 WinXP 24.79.9.138 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 42
39 of 42 a1fac31325
NEW
c018e17b5b
NEW 0fd057b5e2 [0]
8caee80d88[0] none:none
none:none
Armadillo|
StarForce| none
none trace
trace

T:11:59:00 WinXP 173.168.162.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:15:00 WinXP 116.121.76.177 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:21:00 WinXP 66.53.120.193 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SACRAMENTO, CALIFORNIA, US. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:12:46:00 WinXP 78.130.24.188 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:22:00 Win2K-f 4.139.253.184 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ELKTON, MARYLAND, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:38:00 Win2K-f 208.82.42.43 (ENERGIZE.NET):
PULASKI ELECTRIC SYSTEM,
PULASKI, TENNESSEE, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:14:42:00 WinXP 83.97.157.226 (CM-83-97-159-10.TELECABLE.ES):
TELECABLE,
BARCELONA, CATALONIA, ES. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:44:00 Win2K-f 64.188.188.142 (-):
WINDJAMMER COMMUNICATIONS LLC,
BOSTON, MASSACHUSETTS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
624 lines Yeah : 1.3
profile none summary
tarball 41 of 42 f5286bdcaf
NEW none[none] none:none
none|none none none

T:15:32:00 Win2K-f 173.169.146.48 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) 62.193.249.122:3305 FR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
705 lines Yeah : 1.8
profile none summary
tarball 42 of 43 4e53336b38
NEW none[none] none:none
none|none none none

T:15:40:00 WinXP 189.53.119.166 (EMBRATEL.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:15:57:00 Win2K-f 76.186.52.196 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FLOWER MOUND, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:09:00 WinXP 92.40.228.64 (THREE.CO.UK):
MOBILE BROADBAND SERVICE,
MANCHESTER, ENGLAND, UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 42 dc2dc01b37
NEW none[none] none:none
none|none none none

T:17:40:00 WinXP 98.135.73.155 (WINDSTREAM.NET):
ALLTEL SIP CUSTOMERS - ATLANTA,
VALDOSTA, GEORGIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 53aa804019
NEW
95ddd4a823
NEW 29c6cdbf45 [0]
9e78315a6d[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:17:41:00 WinXP 24.79.3.23 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 42 1c8c2e955d
NEW none[none] none:none
none|none none none

T:18:20:00 WinXP 96.26.67.255 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
LUBBOCK, TEXAS, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:18:56:00 WinXP 121.120.0.86 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 866ac9b262
NEW none[none] none:none
none|none none none

T:19:42:00 WinXP 124.241.150.81 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:06:00 WinXP 174.39.224.102 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
SCHUYLER, NEBRASKA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:39:00 Win2K-f 174.42.217.166 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - WARRENSVILLE HEIGHTS,
COLUMBIA, SOUTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 53aa804019
NEW
95ddd4a823
NEW 29c6cdbf45 [0]
9e78315a6d[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

20:44:00 WinXP 112.210.226.224 (PLDT.NET):
IPG,
PH. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 04578df60a
NEW none[none] none:none
none|none none none

T:21:46:00 Win2K-f 24.26.16.222 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

22:19:00 WinXP 95.58.111.94 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM ATYRAU AFFILIATE,
KZ. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 8e8fff0d13
NEW none[none] none:none
none|none none none

T:22:54:00 WinXP 115.80.94.134 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 da62a7e86e
NEW none[none] none:none
none|none none none

T:22:57:00 WinXP 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none