Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 December 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:31:00 WinXP 121.121.244.42 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:00:35:00 Win2K-f 174.116.12.117 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:40:00 WinXP 182.209.21.230 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:00:44:00 WinXP 117.254.14.151 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 9716d7995a
NEW c3a5354b6f [0] ASM:Graph
PolyEnE| lines=68 trace

00:47:00 WinXP 95.58.153.74 (DIAL.ONLINE.KZ):
JSC KAZAKHTELECOM PAVLODAR AFFILIATE,
PAVLODAR, PAVLODAR, KZ. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 88f3393e20
NEW none[none] none:none
none|none none none

T:01:57:00 WinXP 121.121.99.134 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 43 4410d5ed68
NEW none[none] none:none
none|none none none

02:13:00 WinXP 121.121.157.106 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 42 de4624560d
NEW none[none] none:none
none|none none none

T:02:15:00 WinXP 188.176.68.94 (DSL.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:02:55:00 Win2K-f 4.159.164.27 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:32:00 WinXP 112.78.68.253 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 cf346981b5
NEW 2eb6c94f0a [0] ASM:Graph
PolyEnE| lines=73 trace

T:03:39:00 WinXP 93.177.143.13 (CAUCASUS.NET):
CAUCASUS ONLINE BROADBAND NETWORK,
GE. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 88f3393e20
NEW none[none] none:none
none|none none none

T:03:46:00 WinXP 115.80.126.125 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 14745df42e
NEW none[none] none:none
none|none none none

T:03:49:00 WinXP 174.107.232.255 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
NEW
53bfe15e91
NEW none[0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| lines=90
lines=75
embedded dns trace
trace

T:04:20:00 WinXP 24.155.7.19 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO,
WOODWAY, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:24:00 WinXP 115.82.41.89 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 43 4410d5ed68
NEW none[none] none:none
none|none none none

T:04:57:00 WinXP 211.5.12.136 (DION.NE.JP):
DION (KDDI CORPORATION),
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
74 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:16:00 WinXP 89.218.119.95 (DIAL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 42 05d523080c
NEW none[none] none:none
none|none none none

T:05:28:00 WinXP 113.210.32.225 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
6 lines Yeah : 1.3
profile none summary
tarball 43 of 43 25f1af65c3
NEW none[none] none:none
none|none none none

T:06:13:00 WinXP 87.16.5.148 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
ROME, LAZIO, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:51:00 WinXP 24.138.192.138 (-):
LIBERTY CABLEVISION - CAGUAS,
CAGUAS, PUERTO RICO, PR. (100Mbps) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 e9fcd6f257
NEW 2e05bc2272 [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:55:00 WinXP 94.51.201.91 (PERMONLINE.RU):
DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES,
MOSCOW, MOSCOW CITY, RU. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:07:02:00 WinXP 61.228.151.238 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:07:49:00 WinXP 180.218.0.30 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 42 751685117f
NEW none[none] none:none
none|none none none

T:08:16:00 WinXP 85.180.85.113 (ALICEDSL.DE):
HANSENET-ADSL,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 40 of 41 3693a3a4a4
NEW none[none] none:none
none|none none none

T:08:26:00 WinXP 123.193.213.34 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

T:08:26:00 WinXP 210.209.143.32 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:kukutrustnet777.info
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 41 866ac9b262
NEW none[none] none:none
none|none none none

T:08:29:00 WinXP 75.92.23.227 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
SPRINGDALE, ARKANSAS, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

08:43:00 WinXP 123.193.213.34 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

T:09:18:00 WinXP 178.36.120.127 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

T:09:32:00 WinXP 64.175.160.91 (PACBELL.NET):
AT&T INTERNET SERVICES,
CARLSBAD, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:32:00 WinXP 98.135.42.118 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
YANKTON, SOUTH DAKOTA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:09:39:00 WinXP 119.154.114.208 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 0cfab99612
NEW none[0] none:none
PolyEnE| lines=68 trace

09:39:00 WinXP 62.169.125.30 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 fd5d54282a
NEW none[none] none:none
none|none none none

T:09:56:00 WinXP 109.86.105.84 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:10:13:00 WinXP 46.130.65.102 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:20:00 WinXP 184.74.84.108 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:21:00 WinXP 178.90.13.109 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 95d1a78f0d
NEW none[none] none:none
none|none none none

T:11:32:00 WinXP 121.123.70.130 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MALACCA, MELAKA, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 420b1a76c4
NEW none[none] none:none
none|none none none

11:47:00 WinXP 92.251.213.174 (NETWORK-IE.NET):
PROVIDER LOCAL REGISTRY,
IE. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:59:00 WinXP 95.37.219.226 (MTS-NN.RU):
NETWORK FOR PPPOE CLIENTS TERMINATIONS IN,
NIZHNIY NOVGOROD, NIZHEGOROD, RU. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:29:00 WinXP 59.103.213.21 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:12:37:00 WinXP 121.121.33.192 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 0393e25f86
NEW 51aaf10e18 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:47:00 WinXP 24.106.163.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 0563ea7af7
NEW
7e1532574f
NEW bc2e11a802 [0]
e6930769d0[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=65
embedded dns
lines=91 trace
trace

T:12:57:00 WinXP 93.175.199.210 (TVNET.IF.UA):
DISCOVERY LTD,
KIEV, KYYIV, UA. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:13:15:00 WinXP 64.109.20.16 (AMERITECH.NET):
DIAL POOL TNT1.SPFDIL,
SPRINGFIELD, ILLINOIS, US. (DIAL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:13:50:00 WinXP 76.189.230.178 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TWINSBURG, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

14:24:00 WinXP 121.121.33.192 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 0393e25f86
NEW 51aaf10e18 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:25:00 WinXP 120.138.135.246 (STARCAT.NE.JP):
KMN CORPORATION,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 40
39 of 39 b8e6f4caf7
NEW
fb92b91fe7
NEW f81eac6379 [0]
fe88ab8768[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:16:50:00 WinXP 151.82.85.195 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 58b0504ae9
NEW none[none] none:none
none|none none none

T:17:08:00 WinXP 99.147.79.39 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:18:17:00 WinXP 69.217.205.32 (PACBELL.NET):
AT&T INTERNET SERVICES,
LAKE VILLA, ILLINOIS, US. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

18:22:00 WinXP 178.92.193.59 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 745f3ba11e
NEW none[none] none:none
none|none none none

T:19:07:00 WinXP 174.39.239.33 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
LINCOLN, NEBRASKA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 42 14d265a635
NEW none[none] none:none
none|none none none

T:19:09:00 Win2K-f 211.135.46.205 (ZAQ.NE.JP):
K CABLE TELEVISION CORPORATION INC,
OSAKA, OSAKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| lines=90
lines=75
embedded dns trace
trace

T:19:21:00 WinXP 64.130.183.105 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:19:52:00 WinXP 12.64.6.11 (PRSERV.NET):
AT&T GLOBAL SERVICES,
MC CORDSVILLE, INDIANA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:20:17:00 WinXP 69.221.61.245 (AMERITECH.NET):
AT&T INTERNET SERVICES,
CHICAGO, ILLINOIS, US. (DIAL) n/a RU:moscow-advokat.ru
109.70.26.36:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

20:35:00 WinXP 64.130.183.105 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:21:30:00 Win2K-f 4.159.160.201 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
48 lines Yeah : 1.3
profile none summary
tarball 1 of 36 a1ae461b68
NEW none[none] none:none
none|none none none

T:21:53:00 WinXP 119.154.104.110 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:22:44:00 WinXP 186.180.75.223 (-):
. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 40 d457bbf76d
NEW none[none] none:none
none|none none none

T:22:55:00 WinXP 112.202.131.171 (PLDT.NET):
IPG,
PH. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace