Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 March 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:20:00 WinXP 67.167.180.174 (COMCAST.NET):
COMCAST CABLE COMMUNICATIONS IP SERVICES,
LANSING, MICHIGAN, US. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:00:24:00 WinXP 114.48.205.14 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

00:33:00 WinXP 114.48.205.14 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

00:55:00 Win2K-f 123.195.217.7 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org 445 pcap raw alerts
ruleset http
14 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:00:00 Win2K-f 70.64.142.57 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:01:04:00 Win2K-f 123.195.217.7 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.vouchercodes.net
EU:checkip.dyndns.org
US:217.160.239.39:80 445 pcap raw alerts
ruleset http
20 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:04:00 WinXP 111.188.129.135 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:01:11:00 WinXP 109.86.228.117 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:01:40:00 Win2K-f 173.247.8.188 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 43 0e186d31c8
NEW none[none] none:none
none|none none none

T:01:52:00 WinXP 111.188.172.122 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:02:05:00 WinXP 70.182.174.45 (COX.NET):
COX COMMUNICATIONS,
EUREKA SPRINGS, ARKANSAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:07:00 WinXP 151.82.115.227 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 81ab2c42d1
NEW none[none] none:none
none|none none none

T:02:46:00 WinXP 77.64.136.210 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
CHEMNITZ, SACHSEN, DE. (DSL) n/a US:m.DRD3H.COM
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball none 13541553f3
NEW none[none] none:none
none|none none none

T:03:01:00 WinXP 121.120.125.230 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:03:02:00 Win2K-f 24.77.234.121 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 43 327cc7cb3d
NEW none[none] none:none
none|none none none

T:03:05:00 WinXP 113.210.1.208 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 0f77d6439f
NEW none[none] none:none
none|none none none

03:10:00 WinXP 121.120.230.107 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:03:21:00 Win2K-f 202.162.219.218 (ICONPLN.NET.ID):
PT INDONESIA COMNETS PLUS,
SEMARANG, JAWA TENGAH, ID. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:03:39:00 WinXP 114.48.184.253 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:04:20:00 Win2K-f 218.45.118.102 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 761a66b891
NEW
98d05c039b
NEW b469dac5dc [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:04:26:00 WinXP 125.230.99.102 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:04:38:00 WinXP 112.205.117.217 (PLDT.NET):
IPG,
PH. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 43 2e1de2483f
NEW none[none] none:none
none|none none none

T:04:53:00 Win2K-f 211.75.234.92 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
1004 lines Yeah : 1.3
profile none summary
tarball 17 of 41 e1693609f9
NEW none[3] none:none
none|none none trace

04:58:00 WinXP 186.180.0.90 (-):
. n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:05:11:00 WinXP 24.155.168.155 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS,
ARLINGTON, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

05:22:00 WinXP 121.121.25.65 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 2c94e3fd00
NEW none[none] none:none
none|none none none

05:30:00 WinXP 91.66.92.75 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BAYREUTH, BAYERN, DE. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 1511a3f219
NEW none[none] none:none
none|none none none

T:05:36:00 WinXP 97.78.31.175 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (DSL) n/a US:m.drd3h.com
US:70.107.249.167:6668 139 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 0.8
profile none summary
tarball 34 of 40 0448650359
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:06:19:00 Win2K-f 24.100.87.179 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
CORBIN, KENTUCKY, US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 7ea0317789
NEW 18ff3687ad [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:06:22:00 WinXP 220.136.142.95 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 0f77d6439f
NEW none[none] none:none
none|none none none

T:07:20:00 WinXP 117.53.2.19 (ADACHI.NE.JP):
CABLE TELEVISION ADACHI CORP,
MIYAZAKI, MIYAZAKI, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 43 beb88170ce
NEW none[none] none:none
none|none none none

T:07:37:00 WinXP 95.68.128.222 (ESOO.RU):
OJSC VOLGATELECOM,
RU. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:07:44:00 WinXP 186.110.112.229 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:08:03:00 Win2K-f 123.192.218.242 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

08:03:00 WinXP 112.205.223.51 (PLDT.NET):
IPG,
PH. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 0f74a58af4
NEW none[none] none:none
none|none none none

T:08:07:00 WinXP 119.63.31.13 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:08:45:00 WinXP 178.24.74.22 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:08:48:00 Win2K-f 210.196.11.104 (DION.NE.JP):
DION (KDDI CORPORATION),
TOKYO, TOKYO, JP. (DSL) n/a 135 pcap raw alerts
ruleset other
73 lines Yeah : 1.3
profile none summary
tarball 0 of 33 a08f3b74a4
NEW none[0] none:none
Armadillo| lines=90 trace

T:09:06:00 Win2K-f 121.124.210.122 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
127 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 42 14f47ffd1e
NEW
6a73d63341
NEW 90bf4b99ff [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=56
embedded dns
none trace
none

T:09:42:00 WinXP 123.194.14.213 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:54:00 WinXP 223.180.164.107 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

10:35:00 WinXP 223.180.164.107 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:58:00 WinXP 183.82.210.86 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 42 33ffb2cb88
NEW none[none] none:none
none|none none none

T:11:04:00 WinXP 1.114.194.206 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:11:05:00 WinXP 151.66.56.83 (51-151.NET24.IT):
IUNET-BNET,
BRESCIA, LOMBARDIA, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:11:17:00 WinXP 121.120.4.224 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:11:19:00 WinXP 75.92.212.186 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
FAYETTEVILLE, ARKANSAS, US. (100Mbps) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

11:28:00 WinXP 75.92.212.186 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
FAYETTEVILLE, ARKANSAS, US. (100Mbps) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

12:01:00 WinXP 178.24.74.22 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:17:00 WinXP 97.96.10.90 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VALRICO, FLORIDA, US. (100Mbps) n/a :gg.arrancar.org 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1e4f8f9259
NEW e73db583fd [0] ASM:Graph
none|none lines=546 trace

T:13:41:00 Win2K-f 98.103.22.25 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 37 of 42
37 of 41 359d245014
NEW
3d25e55087
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:04:00 WinXP 125.230.99.102 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:16:37:00 WinXP 151.80.179.201 (51-151.NET24.IT):
IUNET-BNET,
TRIESTE, FRIULI-VENEZIA GIULIA, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 37 of 41 aa44d2cb72
NEW none[none] none:none
none|none none none

T:17:02:00 WinXP 216.139.121.52 (GRM.NET):
GRAND RIVER MUTUAL TELEPHONE CORPORATION,
BETHANY, MISSOURI, US. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:27:00 WinXP 69.26.17.13 (WESTRIV.COM):
WEST RIVER TELECOMMUNICATIONS,
UNDERWOOD, MINNESOTA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 46112c6cd7
NEW none[none] none:none
none|none none none

T:17:54:00 Win2K-f 24.29.225.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KENT, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:00:00 WinXP 187.82.95.165 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 95d1a78f0d
NEW none[none] none:none
none|none none none

T:19:24:00 WinXP 93.102.182.165 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:19:37:00 WinXP 189.67.151.22 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 40 d6997f4bc2
NEW none[none] none:none
none|none none none

T:20:12:00 WinXP 113.210.32.40 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:35:00 WinXP 187.80.123.133 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 6eda5f32a0
NEW none[none] none:none
none|none none none

T:20:55:00 WinXP 113.210.180.35 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

20:56:00 WinXP 113.210.32.40 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 2c94e3fd00
NEW none[none] none:none
none|none none none

T:21:03:00 Win2K-f 65.19.251.75 (VNET-INC.COM):
TRIANGLE TELEPHONE,
ENNIS, MONTANA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:21:06:00 WinXP 61.150.5.66 (163DATA.COM.CN):
XI'AN DATA BRANCH XIAN CITY SHAANXI PROVINCE,
XIAN, SHAANXI, CN. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 40 of 41
41 of 43 5799ab6538
NEW
ddbe111920
NEW 2713679411 [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:21:47:00 Win2K-f 218.219.219.52 (ASAHI-NET.OR.JP):
ASAHI-NET-CIDR-BLK,
NAGOYA, TOKYO, JP. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 10c560fc02
NEW
1b8d146832
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:21:58:00 Win2K-f 173.200.73.19 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:04:00 WinXP 69.26.23.54 (WESTRIV.COM):
WEST RIVER TELECOMMUNICATIONS,
UNDERWOOD, MINNESOTA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 42 of 43 46112c6cd7
NEW none[none] none:none
none|none none none

T:22:14:00 WinXP 123.195.14.58 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 37 of 41 1f6bcbaaef
NEW none[none] none:none
none|none none none

22:20:00 WinXP 178.167.184.204 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:22:38:00 WinXP 151.20.163.98 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:22:58:00 Win2K-f 184.74.109.226 (-):
. n/a 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 39 of 40 10980f4df2
NEW 1fd3385a95 [0] ASM:Graph
none|none lines=556 trace

T:23:10:00 WinXP 117.20.172.165 (-):
STARHUB HSPA,
SINGAPORE, SINGAPORE, SG. (DSL) n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 4d6cc81b9e
NEW none[none] none:none
none|none none none

T:23:56:00 WinXP 123.64.230.156 (JWS.COM):
CHINA TIETONG TELECOMMUNICATIONS CORPORATION,
BEIJING, BEIJING, CN. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none c049e988f2
NEW none[none] none:none
none|none none none