Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

03 May 2011
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:13:00 WinXP 4.224.141.130 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:00:47:00 WinXP 208.95.69.169 (LCOM.NET):
LIBERTY COMMUNICATIONS,
WEST LIBERTY, OHIO, US. (DSL) 		n/a :gg.arrancar.org 135 pcap raw alerts
ruleset 		other
188 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 1db29886ac
NEW 		none[none] none:none
 none|none none none
T:01:16:00 WinXP 164.132.99.37 (-):
IUNET S.P.A,
MILANO, LOMBARDIA, IT. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:01:18:00 WinXP 49.15.24.91 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.8
profile 		none summary
tarball 		41 of 43 fb486908b0
NEW 		none[none] none:none
 none|none none none
T:02:07:00 WinXP 111.81.169.39 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		42 of 43 420b1a76c4
NEW 		none[none] none:none
 none|none none none
T:03:33:00 Win2K-f 14.96.116.246 (-):
. 		n/a DE:ilo.brenz.pl 135 pcap raw alerts
ruleset 		other
282 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 41
35 of 41		 9e5f0f01cf
NEW
d946f78c12
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:03:57:00 WinXP 189.118.148.153 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:04:06:00 Win2K-f 98.103.22.88 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 		n/a DE:ant.trenz.pl
CN:cool.perfectexe.com
CN:60.190.223.75:9 		135 pcap raw alerts
ruleset 		other
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:24:00 WinXP 111.81.169.39 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		42 of 43 420b1a76c4
NEW 		none[none] none:none
 none|none none none
T:04:45:00 WinXP 109.99.204.98 (JWS.COM):
EU-ZZ,
UK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:05:27:00 WinXP 93.177.237.176 (LVDATS.LV):
LVDATS-NET,
RIGA, RIGA, LV. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		42 of 43 88f3393e20
NEW 		none[none] none:none
 none|none none none
T:05:55:00 Win2K-f 65.110.121.236 (WESTPA.NET):
WESTPANET INC,
WARREN, PENNSYLVANIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
186 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 43 0afff56a4c
NEW 		none[none] none:none
 none|none none none
T:06:50:00 WinXP 111.88.2.203 (HOSTS-WORLDCALL.NET.PK):
WORLDCALL TELECOM LTD,
PK. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:07:16:00 Win2K-f 63.162.8.152 (ICONTECH.NET):
ICON TECHNOLOGIES,
SAN ANTONIO, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
153 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40
38 of 41		 ae4bd44962
NEW
c48d5a281d
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:18:00 WinXP 121.120.20.210 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 42 751685117f
NEW 		none[none] none:none
 none|none none none
T:07:50:00 WinXP 114.37.171.6 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:08:17:00 WinXP 98.134.241.62 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - LITTLE ROCK,
SPRINGFIELD, MISSOURI, US. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 42 3df86eba85
NEW 		f0c55dd699 [0] none:none
 PolyEnE| none trace
08:17:00 Win2K-f 182.18.134.186 (-):
. 		n/a US:www.maxmind.com
:www.getmyip.org
EU:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:08:26:00 Win2K-f 182.18.134.186 (-):
. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:08:45:00 WinXP 113.210.44.166 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		42 of 43 574f4631d8
NEW 		none[none] none:none
 none|none none none
T:09:02:00 WinXP 112.110.175.38 (-):
GPRS VAS SERVICES,
IN. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 0c5162a78e
NEW 		none[none] none:none
 none|none none none
09:26:00 WinXP 112.110.175.38 (-):
GPRS VAS SERVICES,
IN. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 0c5162a78e
NEW 		none[none] none:none
 none|none none none
T:09:34:00 Win2K-f 117.104.24.143 (T-COM.NE.JP):
TOKAI CORPORATION,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 6b315f5dbc
NEW
7938865f8c
NEW 		7604b94520 [0]
a9b9e4904b[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:09:39:00 WinXP 201.69.174.51 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 74b65dcdab
NEW 		none[none] none:none
 none|none none none
T:09:41:00 Win2K-f 4.159.161.25 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:09:47:00 WinXP 210.0.207.190 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1002 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 42 73ea935efa
NEW 		none[none] none:none
 none|none none none
T:10:09:00 WinXP 109.52.46.62 (JWS.COM):
EU-ZZ,
UK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 0f74a58af4
NEW 		none[none] none:none
 none|none none none
T:10:09:00 WinXP 111.88.38.9 (HOSTS-WORLDCALL.NET.PK):
WORLDCALL TELECOM LTD,
PK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
10:10:00 WinXP 79.163.15.3 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 5e8ccc4190
NEW 		8d5f86583f [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:18:00 WinXP 187.82.78.37 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		42 of 43 95d1a78f0d
NEW 		none[none] none:none
 none|none none none
T:10:22:00 WinXP 123.193.223.20 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 9276456bf8
NEW 		none[none] none:none
 none|none none none
10:24:00 WinXP 123.193.223.20 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 9276456bf8
NEW 		none[none] none:none
 none|none none none
T:10:49:00 WinXP 208.90.194.54 (CLEARRATE.COM):
CLEAR RATE COMMUNICATIONS INC,
SOUTHFIELD, MICHIGAN, US. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 5e8ccc4190
NEW 		8d5f86583f [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:39:00 WinXP 4.84.10.33 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WINDSOR, CONNECTICUT, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:11:51:00 WinXP 92.251.240.172 (NETWORK-IE.NET):
PROVIDER LOCAL REGISTRY,
IE. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:12:31:00 Win2K-f 70.112.223.203 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AUSTIN, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:51:00 WinXP 24.238.184.187 (MINDSPRING.COM):
EARTHLINK INC,
DALLAS, TEXAS, US. (DSL) 		n/a EU:ii.kakzhe.com
EU:adcavern.com
CN:cool.perfectexe.com
:wpad
CN:w.nucleardiscover.com
CN:ck.nucleardiscover.com
US:australiadogs.com
US:images01.tzimg.com
US:images01.trafficz.com
US:domdex.com
CN:s5.perfectexe.com
CN:ck2.nucleardiscover.com
CN:60.190.223.75:88
CN:60.190.223.75:888 		139 pcap raw alerts
ruleset 		irc
http
146 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 42
12 of 41
11 of 41
14 of 42
30 of 42
9 of 42		 079e4f1ca0
NEW
0afbed3d78
NEW
3d2efbcc5b
NEW
5515006ede
NEW
bcf17a6dbe
NEW
e4240d7958
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none 		none
none
none
none
none
none
13:23:00 Win2K-f 77.104.74.34 (-):
RESPINA NETWORKS & BEYOND,
IR. (100Mbps) 		n/a US:www.maxmind.com
:checkip.dyndns.org
EU:getmyip.co.uk
US:www.vouchercodes.net
DE:131.220.6.26:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1006 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:13:31:00 Win2K-f 77.104.74.34 (-):
RESPINA NETWORKS & BEYOND,
IR. (100Mbps) 		n/a US:www.maxmind.com
:www.getmyip.org
US:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:14:53:00 Win2K-f 175.121.176.237 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:15:00 Win2K-f 98.135.63.76 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
TYNDALL, SOUTH DAKOTA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 42
40 of 41		 24def61b26
NEW
cb624aad12
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
15:16:00 Win2K-f 203.114.105.43 (TOTBB.NET):
TOT PUBLIC COMPANY LIMITED,
BANGKOK, KRUNG THEP, TH. (100Mbps) 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:208.43.124.51:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		4 of 37 8ce32ded17
NEW 		none[3] none:none
 Armadillo| none trace
T:15:25:00 Win2K-f 203.114.105.43 (TOTBB.NET):
TOT PUBLIC COMPANY LIMITED,
BANGKOK, KRUNG THEP, TH. (100Mbps) 		n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
US:www.vouchercodes.net
EU:checkip.dyndns.org
DE:131.220.6.26:80
US:217.160.239.39:80 		445 pcap raw alerts
ruleset 		http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		4 of 37 8ce32ded17
NEW 		none[3] none:none
 Armadillo| none trace
T:15:28:00 WinXP 94.253.179.217 (XNET.HR):
BNET HRVATSKA,
HR. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		41 of 43 6e6fde936f
NEW 		none[none] none:none
 none|none none none
T:15:52:00 WinXP 189.87.191.118 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:16:33:00 WinXP 121.120.112.2 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:16:37:00 Win2K-f 4.159.167.182 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:44:00 WinXP 89.204.179.70 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		43 of 43 9d0e1cdb4a
NEW 		none[none] none:none
 none|none none none
T:16:54:00 Win2K-f 72.45.24.45 (ATLANTICBB.NET):
ATLANTIC BROADBAND,
STEVENSVILLE, MARYLAND, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
38 of 41		 d031b42d3f
NEW
fa14802705
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:17:23:00 WinXP 121.120.20.1 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:17:24:00 WinXP 182.173.146.158 (-):
. 		213.155.0.224:80 DE:citi-bank.ru
US:barakamediaproduction.com 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 43 0f77d6439f
NEW 		none[none] none:none
 none|none none none
T:17:40:00 WinXP 186.25.55.94 (-):
. 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
18:54:00 Win2K-f 186.40.44.126 (E-CORPNET.ORG):
TELEFONICA MOVIL DE CHILE S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a US:www.maxmind.com
:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
US:www.vouchercodes.net
DE:131.220.6.26:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1006 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:00:00 WinXP 180.207.233.151 (-):
. 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 843d305863
NEW 		none[none] none:none
 none|none none none
T:19:03:00 Win2K-f 186.40.44.126 (E-CORPNET.ORG):
TELEFONICA MOVIL DE CHILE S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
US:www.vouchercodes.net
US:checkip.dyndns.org
DE:131.220.6.26:80
US:217.160.239.39:80 		445 pcap raw alerts
ruleset 		http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:20:02:00 WinXP 117.108.13.239 (KCN.NE.JP):
KCN-NET INTERNET SERVICE PROVIDER,
TOKYO, TOKYO, JP. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 1f6bcbaaef
NEW 		none[none] none:none
 none|none none none
20:53:00 Win2K-f 113.19.252.13 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
IN. (DSL) 		n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
EU:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:02:00 Win2K-f 113.19.252.13 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
IN. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.vouchercodes.net
:www.getmyip.org
EU:checkip.dyndns.org
DE:131.220.6.26:80
US:217.160.239.39:80 		445 pcap raw alerts
ruleset 		http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:30:00 Win2K-f 60.248.45.175 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 39
35 of 38		 2205443cc8
NEW
b9297745a1
NEW 		04ce1ed773 [none]
4294884d84[0] 		none:none
ASM:Graph
 none|none
tElock| 		none
lines=64
embedded dns 		none
trace
22:15:00 Win2K-f 190.56.166.134 (INTELNET.NET.GT):
TELGUA,
GUATEMALA, GUATEMALA, GT. (DSL) 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
EU:getmyip.co.uk
:www.getmyip.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:22:24:00 Win2K-f 190.56.166.134 (INTELNET.NET.GT):
TELGUA,
GUATEMALA, GUATEMALA, GT. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:23:12:00 Win2K-f 50.81.49.214 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:23:41:00 WinXP 58.109.61.31 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
23:57:00 Win2K-f 222.66.0.237 (SAVILLS-SH.COM):
SHANGHAI TELECOM SMARTEL BROADBAND NETWORK COMPANY,
SHANGHAI, SHANGHAI, CN. (100Mbps) 		n/a US:www.maxmind.com
:www.getmyip.org
US:checkip.dyndns.org
EU:getmyip.co.uk
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		139 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace