Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 March 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:16:00 WinXP 59.161.67.132 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
DELHI, DELHI, IN. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:00:19:00 Win2K-f 116.123.81.225, 222.170.127.203 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 91.193.194.67:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:88.perfectexe.com
CN:w.perfectexe.com
CN:pl.perfectexe.com
CN:ck.perfectexe.com
US:onlinealarmsystem.net
CN:hn.yigeyuming.com
US:zoo.parkingspa.com
:a.95622.com
:1.95622.com
US:techcrunvh.com 135 pcap raw alerts
ruleset irc
http
182 lines Yeah : 1.8
profile none summary
tarball 28 of 42
38 of 40
38 of 40
29 of 43
41 of 43
18 of 42
none 8809b6417c
NEW
89f410e7cc
NEW
909270c172
NEW
b34e640329
NEW
e0fe45f2d6
NEW
f1f1ef900d
NEW
f7df702b31
NEW none[none]
2593cbda62[0]
55c25968a5[0]
none [none]
none [none]
none [none]
none [none] none:none
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none
none|none
none|none none
lines=91
lines=125
embedded dns
none
none
none
none none
trace
trace
none
none
none
none

T:00:26:00 Win2K-f 186.36.69.131 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. (DSL) n/a US:usedsrvsixthwheel.com
CN:s5.perfectexe.com
:cdn.dsultra.com
US:domdex.com
US:p.chango.com
US:38.125.36.11:80 445 pcap raw alerts
ruleset http
irc
62 lines Yeah : 0.8
profile none summary
tarball 9 of 42 e4240d7958
NEW none[none] none:none
none|none none none

T:00:41:00 WinXP 178.150.45.129 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 41 246f38a76e
NEW none[none] none:none
none|none none none

T:00:49:00 Win2K-f 77.35.145.93 (SAKHALIN.RU):
OPEN JOINT STOCK COMPANY FAR EAST TELECOMMUNICATIONS COMPANY,
VLADIVOSTOK, PRIMOR'YE, RU. (DSL) n/a US:mailsortingmachinesandsupplies.com
:ads.undertone.com
173.192.167.133:80
US:64.210.61.101:80
US:64.236.85.181:80
69.194.244.11:80
CA:74.122.140.122:80
75.101.205.96:80 445 pcap raw alerts
ruleset http
irc
84 lines Argh : 0.3
profile none summary
tarball none none none none none none none

01:12:00 WinXP 178.150.45.129 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 246f38a76e
NEW none[none] none:none
none|none none none

T:01:32:00 WinXP 124.241.146.8 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:01:46:00 WinXP 186.30.206.175 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 488d27fe97
NEW none[none] none:none
none|none none none

T:01:48:00 WinXP 213.169.89.96 (NAVEREX.NET):
NAVIGATOR,
UA. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 3071c647d9
NEW none[none] none:none
none|none none none

T:02:15:00 WinXP 79.149.15.254 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2008113582),
MADRID, MADRID, ES. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:02:23:00 WinXP 114.48.118.13 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:02:35:00 Win2K-f 220.157.202.61 (ASAHI-NET.OR.JP):
ASAHI NET INC,
TOKYO, TOKYO, JP. (DIAL) n/a 135 pcap raw alerts
ruleset other
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:02:53:00 WinXP 113.211.52.165 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 b269b15ffd
NEW none[none] none:none
none|none none none

T:03:17:00 WinXP 173.26.84.127 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SAN RAFAEL, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 40
38 of 40 474acf88e5
NEW
68f0c14692
NEW 1f53944b24 [0]
ccc1b24d53[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

03:28:00 WinXP 113.211.52.165 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 b269b15ffd
NEW none[none] none:none
none|none none none

T:03:49:00 WinXP 220.136.140.109 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
476 lines Yeah : 1.3
profile none summary
tarball none 172d7ed010
NEW none[none] none:none
none|none none none

T:04:33:00 WinXP 115.81.33.253 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

04:56:00 WinXP 180.218.172.86 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:05:13:00 Win2K-f 218.45.119.234 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 761a66b891
NEW
98d05c039b
NEW b469dac5dc [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:05:21:00 WinXP 123.99.14.217 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 89333786d3
NEW none[none] none:none
none|none none none

05:50:00 Win2K-f 180.222.218.148 (-):
. n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.getmyip.org
:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:06:14:00 WinXP 114.47.111.37 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 fa18d66b7d
NEW none[none] none:none
none|none none none

06:16:00 WinXP 114.47.111.37 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 fa18d66b7d
NEW none[none] none:none
none|none none none

T:07:08:00 WinXP 186.253.47.137 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:07:09:00 Win2K-f 124.241.157.196 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball none
none a676ff29c5
NEW
dfd6bb8595
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:07:12:00 WinXP 178.24.80.159 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:17:00 Win2K-f 218.162.81.166 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:21:00 WinXP 41.71.149.153 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 42 of 43 396bdcc8c3
NEW none[none] none:none
none|none none none

T:07:28:00 WinXP 187.82.225.147 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:07:29:00 WinXP 121.121.27.116 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru
:kidos-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 f3a1894898
NEW none[none] none:none
none|none none none

T:07:45:00 WinXP 119.77.146.66 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:28:00 Win2K-f 124.241.153.8 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
115 lines Yeah : 1.3
profile none summary
tarball 42 of 43
40 of 43 1b88348705
NEW
5eddc8fa8c
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:08:52:00 WinXP 110.227.95.27 (59.AIRTELBROADBAND.IN):
BHARTI AIRTEL LTD,
GURGAON, HARYANA, IN. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none 00ef844980
NEW none[none] none:none
none|none none none

T:09:01:00 WinXP 93.102.39.105 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:03:00 WinXP 93.102.203.116 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:12:00 WinXP 93.102.200.56 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:52:00 Win2K-f 24.155.45.5 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS WACO,
WOODWAY, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:11:26:00 WinXP 178.150.240.104 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:12:01:00 Win2K-f 123.192.211.113 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
649 lines Yeah : 1.3
profile none summary
tarball 40 of 41 ec8ab501b3
NEW bac4cc6eec [0] ASM:Graph
Armadillo| lines=218 trace

T:12:10:00 WinXP 77.54.50.242 (REV.VODAFONE.PT):
GPRS POOLS,
PT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:12:54:00 WinXP 92.251.152.2 (-):
H3G IRELAND SUBSCRIBERS,
IE. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none d232c514a8
NEW none[none] none:none
none|none none none

T:13:34:00 WinXP 200.100.140.65 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:34:00 Win2K-f 219.124.25.34 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 5bbb57c115
NEW
75ac189d9e
NEW 03e5cb3c4a [0]
705dbaa801[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:14:53:00 Win2K-f 46.162.10.74 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 43
41 of 42 41c4e767de
NEW
e46acdf784
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:21:00 WinXP 111.188.47.93 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:16:23:00 WinXP 92.251.132.55 (-):
H3G IRELAND SUBSCRIBERS,
IE. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:16:52:00 WinXP 50.80.75.90 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:25:00 WinXP 24.155.231.159 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS SAN MARCOS,
SAN MARCOS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:17:29:00 WinXP 24.138.192.11 (-):
LIBERTY CABLEVISION - CAGUAS,
CAGUAS, PUERTO RICO, PR. (100Mbps) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 e9fcd6f257
NEW 2e05bc2272 [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:37:00 Win2K-f 70.65.249.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:38:00 WinXP 189.49.225.115 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:18:45:00 WinXP 186.122.144.53 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:39:00 WinXP 114.36.220.183 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:21:01:00 WinXP 151.20.160.98 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:21:18:00 Win2K-f 72.45.23.102 (ATLANTICBB.NET):
ATLANTIC BROADBAND,
SMYRNA, DELAWARE, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:47:00 WinXP 151.66.62.180 (51-151.NET24.IT):
IUNET-BNET,
PAVIA, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

21:54:00 WinXP 151.20.160.98 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:22:09:00 Win2K-f 24.100.7.252 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
DEXTER, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1e4f8f9259
NEW e73db583fd [0] ASM:Graph
none|none lines=546 trace

T:22:15:00 WinXP 24.108.245.236 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
POWELL RIVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 0563ea7af7
NEW
7e1532574f
NEW bc2e11a802 [0]
e6930769d0[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=65
embedded dns
lines=91 trace
trace

T:22:20:00 Win2K-f 173.26.84.127 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SAN RAFAEL, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 40
38 of 40 474acf88e5
NEW
68f0c14692
NEW 1f53944b24 [0]
ccc1b24d53[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:23:18:00 WinXP 46.203.175.192 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 15576ae143
NEW none[none] none:none
none|none none none

T:23:38:00 WinXP 119.154.38.150 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none