|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:34:00 | WinXP | 193.126.160.162 (NET.KPNQWEST.PT): KPNQWEST PORTUGAL / IOL ISP, LEIRIA, LEIRIA, PT. |
222.177.11.165:7000 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 | a050cd54ff NEW |
none[4] | none:none |
none|none | none | trace |
| T:00:39:00 | WinXP | 89.136.106.63 (-): ASTRAL MANGALIA DOCSIS, RO. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 32 | e5d062be59 [Firefox: 4 hits: 12-28 to 05-13] |
none[4] | none:none |
ASPack| | none | trace |
| 00:57:00 | Win2K-f | 85.69.0.16 (BDX.MODULONET.FR): BORDEAUX CABLE MODEM USERS, ROUEN, HAUTE-NORMANDIE, FR. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2616 hits: 12-31 to 05-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 01:20:00 | WinXP | 82.231.164.234 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 0d01a84899 NEW |
none[4] | none:none |
none|none | none | trace |
| 01:32:00 | Win2K-f | 41.245.109.190 (FAUXTEL.COM): AFRINIC, ZA. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:01:33:00 | Win2K-f | 92.20.210.81 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com DE:dl2.teenpassage.com IL:ymq.a1001186.wrs.mcboo.com CN:scorti1.dns2go.com IL:194.90.224.86:80 CN:222.177.11.165:7000 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 44 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 21 of 32 |
0b7a05f783 NEW 54df1dbf7e NEW |
none[4] 54df1dbf7e[1] |
none:none ASM:Graph |
none|none StarForce| |
none lines=6 |
trace trace |
| 01:41:00 | WinXP | 89.124.89.205 (IRISHBROADBAND.IE): ESB CLAREGALWAY CUSTOMER EXPANSION, IE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 02:04:00 | Win2K-f | 82.253.236.157 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | d1f07d95e4 NEW |
none[4] | none:none |
none|none | none | trace |
| 02:14:00 | Win2K-f | 130.13.135.221 (QWEST.NET): QWEST BROADBAND SERVICES INC, CAVE CREEK, ARIZONA, US. |
222.51.25.90:18067 | CN:bniu.househot.com | 445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 32 | 9928a1e660 [Firefox:18 hits: 10-06 to 05-13] |
28c8dadabf [0] | ASM:Graph |
none|none | lines=104 embedded dns |
trace |
| 02:29:00 | Win2K-f | 89.218.10.51 (-): ALMATYTELECOM, KZ. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 31 | af98fe0c94 [Firefox:60 hits: 04-27 to 05-14] |
480d076a0a [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| T:02:38:00 | Win2K-f | 83.103.134.42 (ASTRAL.RO): ASTRAL-CJ-DOCSIS, CLUJ-NAPOCA, CLUJ, RO. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:05:00 | Win2K-f | 78.38.137.140 (-): INFORMATION TECHNOLOGY COMPANY (ITC), IR. |
n/a | CA:russia.blacktiehsbdcs.com CA:dirty.eiheihre3.com CA:abc.ihshsd8.com CA:72.10.172.218:2569 CA:72.10.172.218:7575 CA:72.10.172.218:9283 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | a0aa9c441e NEW |
none[4] | none:none |
none|none | none | trace |
| T:03:06:00 | Win2K-f | 125.232.112.66 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | b62ebddc0c [Firefox: 2 hits: 04-29 to 05-10] |
none[3] | none:none |
none|none | none | trace |
| 03:08:00 | Win2K-f | 212.30.190.22 (MTU.RU): ZAO MTU-INTEL, MOSCOW, MOSKVA, RU. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 31 | cb89ccfe52 [Firefox: 9 hits: 04-29 to 05-13] |
881f6fa4b7 [0] | ASM:Graph |
TXT2COM| | lines=406 embedded dns |
trace |
| 03:13:00 | Win2K-f | 89.184.2.149 (MI.RU): KAZAN RUSSIA, KAZAN, TATARSTAN, RU. |
222.177.11.165:7000 | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | 4f887ca272 [Firefox:35 hits: 01-26 to 05-10] |
4f887ca272 [1] | ASM:Graph |
Stranik| | lines=6 | trace |
| T:03:14:00 | Win2K-f | 79.126.16.91 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | adb1b87fea NEW |
none[4] | none:none |
none|none | none | trace |
| 04:02:00 | Win2K-f | 202.83.170.164 (NTC.NET.PK): NATIONAL TELECOM CORPORATION, LAHORE, PUNJAB, PK. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 32 | f54a76fb5b [Firefox: 3 hits: 04-28 to 05-07] |
none[4] | none:none |
none|none | none | trace |
| 04:04:00 | WinXP | 92.232.223.88 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:09:00 | Win2K-f | 60.49.119.128 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, PETALING JAYA, SELANGOR, MY. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:04:25:00 | Win2K-f | 212.233.194.141 (-): NTL, FR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:32:00 | Win2K-f | 92.53.51.15 (IKBCC.COM): EU-ZZ, UK. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 31 | f0e02bee5f [Firefox: 2 hits: 04-27 to 04-30] |
none[4] | none:none |
none|none | none | trace |
| 04:41:00 | Win2K-f | 81.28.161.214 (-): AIST GATEWAYS FOR WIRELESS ISDN AND LEASED LINES CLIENTS, RU. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:45:00 | Win2K-f | 89.24.95.207 (4GINTERNET.CZ): GPRS/UMTS CUSTOMER NETWORK, CZ. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:04:54:00 | WinXP | 92.12.16.14 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:05:00 | Win2K-f | 125.233.251.65 (-): CHTD CHUNGHWA TELECOM CO. LTD, HO CHI MINH CITY, HO CHI MINH, VN. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 05:23:00 | Win2K-f | 85.70.121.30 (IOL.CZ): XDSL NETWORK-ADSL, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:05:36:00 | WinXP | 88.204.205.206 (-): ALMATYTELECOM, ALMATY, ALMATY, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:44:00 | Win2K-f | 78.60.206.86 (ZEBRA.LT): LIETUVOS, LT. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 05:49:00 | WinXP | 190.48.227.11 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 31 | 14ef234ad3 [Firefox:11 hits: 04-29 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:05:51:00 | Win2K-f | 92.113.207.240 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 31 | c1f12e0109 [Firefox:16 hits: 04-28 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 05:56:00 | WinXP | 122.126.28.239 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:06:03:00 | Win2K-f | 88.182.16.105 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:07:00 | WinXP | 82.207.102.96 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK, UA. |
222.177.11.165:7000 | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 31 | af98fe0c94 [Firefox:60 hits: 04-27 to 05-14] |
480d076a0a [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| 06:16:00 | WinXP | 125.162.105.228 (-): TLKM_D1_BB_SPEEDY_PG, PALEMBANG, SUMATERA SELATAN, ID. |
n/a | 445 | pcap | raw alerts ruleset |
other 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:21:00 | WinXP | 84.119.35.28 (SWIPNET.SE): PROVIDER LOCAL REGISTRY, SE. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
12 of 30 | 76b4ab852e [Firefox:46 hits: 04-29 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 06:31:00 | Win2K-f | 189.3.144.22 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, VOLTA REDONDA, RIO DE JANEIRO, BR. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 06:46:00 | WinXP | 151.54.232.252 (38-151.NET24.IT): IUNET-BNET, IT. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 06:46:00 | WinXP | 124.8.123.147 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 0ca621ef51 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:06:53:00 | WinXP | 213.165.52.162 (ZAJOUL.NET.SA): ZAJOUL NET, SA. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:45 hits: 01-26 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:06:55:00 | Win2K-f | 79.138.248.191 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 06:59:00 | Win2K-f | 190.137.0.122 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:12:00 | WinXP | 79.136.85.67 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 07:15:00 | Win2K-f | 62.214.213.22 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, HEILBRONN, BADEN-WURTTEMBERG, DE. |
n/a | DE:proxima.ircgalaxy.pl CN:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | b9a28a4b68 [Firefox: 2 hits: 04-28 to 05-03] |
none[4] | none:none |
TXT2COM| | none | trace |
| T:07:15:00 | WinXP | 189.3.144.22 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, VOLTA REDONDA, RIO DE JANEIRO, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:07:20:00 | Win2K-f | 92.46.134.226 (IKBCC.COM): EU-ZZ, UK. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1 profile |
none | summary tarball |
21 of 31 | c1f12e0109 [Firefox:16 hits: 04-28 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 07:21:00 | Win2K-f | 83.8.127.47 (TPNET.PL): NEOSTRADA PLUS, PL. |
84.244.5.183:2345 | US:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 32 | 60ccb46de8 NEW |
60ccb46de8 [1] | ASM:Graph |
StarForce| | lines=88 | trace |
| T:07:46:00 | Win2K-f | 59.115.21.244 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:46:00 | WinXP | 93.81.11.68 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
222.177.11.165:7000 | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:84 hits: 12-27 to 05-12] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| 07:48:00 | WinXP | 89.136.23.68 (-): ASTRAL ALBA IULIA DOCSIS NETWORK, RO. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | c693a711f1 NEW |
none[4] | none:none |
none|none | none | trace |
| 08:12:00 | Win2K-f | 189.26.127.74 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 08:14:00 | Win2K-f | 212.220.96.241 (URTC.RU): JSC URALSVIAZINFORM PPPOE ADDRESS POOLS, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. (DIAL) |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 33 | a900bb9be4 NEW |
none[4] | none:none |
TXT2COM| | none | trace |
| 08:16:00 | Win2K-f | 84.51.80.229 (IPAPER.COM): BLOCK FOR PI ASSIGNMENTS, UK. |
n/a | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 33 | 51456fed6c NEW |
none[4] | none:none |
none|none | none | trace |
| 08:16:00 | WinXP | 124.43.212.162 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, COLOMBO, CENTRAL, LK. (DIAL) |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 31 | fc9addab43 [Firefox: 4 hits: 05-08 to 05-12] |
none[4] | none:none |
none|none | none | trace |
| 08:22:00 | WinXP | 212.233.194.141 (-): NTL, FR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:08:23:00 | WinXP | 196.202.197.231 (ACCESSKENYA.COM): AFRINIC, KE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:09:00 | Win2K-f | 77.125.236.198 (INTER.NET.IL): EURONET DIGITAL COMMUNICATIONS, IL. |
n/a | 445 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:15:00 | Win2K-f | 85.13.80.217 (LIDOS.CZ): LIDOS-KLATOVY-CDT-NET, KLATOVY, PLZENSKY KRAJ, CZ. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:16:00 | Win2K-f | 212.151.116.121 (SWIPNET.SE): PROVIDER LOCAL REGISTRY, SE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:09:36:00 | Win2K-f | 62.72.249.240 (MULTI.FI): - OY MULTI.FI FINLAND AB LTD, FI. (DSL) |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 32 | cf3d5bc088 NEW |
none[4] | none:none |
none|none | none | trace |
| T:09:45:00 | WinXP | 91.154.237.15 (ELISA-LAAJAKAISTA.FI): ELISA, FI. |
n/a | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 88c2500f0d NEW |
b1738202b2 [0] | ASM:Graph |
PolyEnE| | lines=118 | trace |
| 09:51:00 | WinXP | 190.189.180.103 (NET.AR): PRIMA S.A, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 10:12:00 | Win2K-f | 85.197.157.69 (BIKAB.COM): BREDBAND I KRISTIANSTAD AB - ABK CUSTOMERS, KRISTIANSTAD, SKANE, SE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 10:15:00 | Win2K-f | 151.21.65.95 (21-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, ROME, LAZIO, IT. (DIAL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:10:18:00 | Win2K-f | 91.140.208.184 (-): GULFNET, KW. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 10:24:00 | Win2K-f | 65.83.201.124 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. (DSL) |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 31 | e21ca9f78a NEW |
none[4] | none:none |
none|none | none | trace |
| T:10:27:00 | Win2K-f | 60.51.96.137 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:10:44:00 | WinXP | 65.83.201.124 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 31 | e21ca9f78a NEW |
none[4] | none:none |
none|none | none | trace |
| T:11:01:00 | Win2K-f | 190.92.20.92 (-): CABLECOLOR S.A, TEGUCIGALPA, FRANCISCO MORAZAN, HN. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 11:15:00 | Win2K-f | 88.102.199.203 (IOL.CZ): XDSL NETWORK-ADSL, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
12 of 30 | 76b4ab852e [Firefox:46 hits: 04-29 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 11:20:00 | WinXP | 190.136.172.79 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:11:21:00 | Win2K-f | 91.125.27.71 (BRIGHTVIEW.COM): BRIGHTVIEW GROUP LIMITED, LONDON, ENGLAND, UK. (DSL) |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | b4ad631671 [Firefox: 7 hits: 04-29 to 05-14] |
5890f017cc [0] | ASM:Graph |
StarForce| | lines=28 | trace |
| T:11:23:00 | WinXP | 201.29.47.150 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:25 hits: 09-28 to 05-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 11:38:00 | WinXP | 200.68.80.237 (IPLANNETWORKS.NET): NSS S.A, LA PLATA, BUENOS AIRES, AR. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:74 hits: 12-27 to 05-13] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| T:11:39:00 | WinXP | 195.174.17.22 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 883ebad119 [Firefox: 2 hits: 03-26 to 04-06] |
11cb10abde [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:42:00 | WinXP | 85.185.70.237 (-): PARS GOSTARAN BABOL, IR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:49:00 | Win2K-f | 78.57.85.200 (ZEBRA.LT): LIETUVOS, VILNIUS, VILNIAUS APSKRITIS, LT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:02:00 | WinXP | 201.212.77.193 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:12:11:00 | WinXP | 190.48.205.195 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 14ef234ad3 [Firefox:11 hits: 04-29 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 12:18:00 | Win2K-f | 89.136.106.63 (-): ASTRAL MANGALIA DOCSIS, RO. |
222.177.11.165:7000 | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
11 of 32 | e5d062be59 [Firefox: 4 hits: 12-28 to 05-13] |
none[4] | none:none |
ASPack| | none | trace |
| 12:24:00 | WinXP | 92.113.61.73 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:42:00 | Win2K-f | 190.138.241.136 (NET.AR): TELECOM ARGENTINA S.A, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 12:44:00 | WinXP | 190.48.209.9 (COM.AR): TELEFONICA DE ARGENTINA, CIPOLLETTI, NEUQUEN, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 14ef234ad3 [Firefox:11 hits: 04-29 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 13:04:00 | Win2K-f | 201.254.26.44 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 13:17:00 | Win2K-f | 79.138.188.198 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 13:42:00 | Win2K-f | 88.174.205.141 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 63db27d106 NEW |
none[4] | none:none |
none|none | none | trace |
| T:13:50:00 | Win2K-f | 91.65.180.46 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | 2889133858 NEW |
none[4] | none:none |
ASProtect| | none | trace |
| T:13:58:00 | WinXP | 200.38.21.94 (TELNOR.NET): TELEFONOS DEL NOROESTE S.A. DE C.V, TIJUANA, MEXICO, MX. |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.212.12:80 GB:217.145.225.22:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1015 hits: 05-01 to 05-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:14:08:00 | Win2K-f | 194.125.72.130 (IOL.IE): IRELAND ON-LINE BROADBAND CUSTOMERS, IE. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 14:39:00 | Win2K-f | 201.93.4.165 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:14:42:00 | Win2K-f | 201.255.229.107 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 14:42:00 | Win2K-f | 92.9.10.234 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl DE:dl2.teenpassage.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 92e44b9c84 NEW |
none[2] | none:none |
none|none | none | trace |
| 15:10:00 | WinXP | 200.175.33.27 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 15:42:00 | WinXP | 200.59.102.195 (COM.AR): SINECTIS S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | 4768669fd3 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 16:08:00 | Win2K-f | 189.5.91.219 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:10:00 | Win2K-f | 190.46.53.156 (VTR.NET): VTR BANDA ANCHA S.A, PATERSON, NEW JERSEY, US. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:84 hits: 12-27 to 05-12] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| 17:08:00 | Win2K-f | 89.242.209.147 (-): OPAL TELECOM DSL, UK. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 32 | 364f00c00e NEW |
none[4] | none:none |
none|none | none | trace |
| T:17:12:00 | WinXP | 189.129.91.229 (PROD-INFINITUM.COM.MX): UNINET S.A. DE C.V, VERACRUZ, VERACRUZ-LLAVE, MX. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:15:00 | Win2K-f | 190.84.24.172 (CABLE.NET.CO): TV CABLE S.A, SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | 7e28dac8de [Firefox:17 hits: 04-27 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:17:17:00 | Win2K-f | 130.13.131.243 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
222.51.25.90:18067 | CN:bniu.househot.com | 445 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 32 | 9928a1e660 [Firefox:18 hits: 10-06 to 05-13] |
28c8dadabf [0] | ASM:Graph |
none|none | lines=104 embedded dns |
trace |
| T:17:54:00 | WinXP | 201.214.203.86 (VTR.NET): VTR BANDA ANCHA S.A, SANTIAGO, REGION METROPOLITANA, CL. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 17:57:00 | Win2K-f | 170.51.211.111 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:18:04:00 | WinXP | 68.150.194.44 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SHERWOOD PARK, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:06:00 | WinXP | 190.224.211.36 (-): . |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 18:11:00 | WinXP | 190.92.20.74 (-): CABLECOLOR S.A, TEGUCIGALPA, FRANCISCO MORAZAN, HN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2973 hits: 12-31 to 05-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:21:00 | WinXP | 190.172.199.44 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 19:07:00 | Win2K-f | 124.6.133.119 (-): NETWORK_CEBU_DIALUP_POOL, CEBU, CEBU CITY, PH. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:16:00 | Win2K-f | 200.175.192.86 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:84 hits: 12-27 to 05-12] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| T:19:23:00 | WinXP | 75.82.55.51 (RR.COM): ROAD RUNNER HOLDCO LLC, SANTA ANA, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:25 hits: 09-28 to 05-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:19:45:00 | Win2K-f | 189.43.24.126 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 19:47:00 | WinXP | 189.5.84.10 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 20:00:00 | WinXP | 60.53.114.80 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 20:07:00 | WinXP | 190.7.159.152 (-): EMTELSA S.A. E.S.P, CO. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:20:07:00 | WinXP | 201.160.131.90 (CABLEONLINE.COM.MX): TELECABLE DE CHIHUAHUA SA DE CV, TIJUANA, MEXICO, MX. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:22:00 | WinXP | 61.20.160.37 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org SE:vancouver.dal.net :flanders.be.eu.undernet.org NO:london.uk.eu.undernet.org AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1285 hits: 12-31 to 05-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:40:00 | Win2K-f | 125.24.121.251 (TOTBB.NET): TOT ADSL IP ADDRESS POOL, BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 31 | 362b6c6470 [Firefox: 3 hits: 05-07 to 05-12] |
none[4] | none:none |
none|none | none | trace |
| T:20:40:00 | WinXP | 76.174.49.47 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:83 hits: 05-03 to 05-06] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:21:01:00 | WinXP | 92.40.16.159 (IKBCC.COM): EU-ZZ, UK. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http irc 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 7a393628ea NEW |
none[4] | none:none |
ASProtect| | none | trace |
| 21:08:00 | Win2K-f | 200.41.26.90 (NET.AR): IMPSAT ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:21:35:00 | WinXP | 220.208.150.36 (CORALNET.OR.JP): TONAMI TRANSPORTATION CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:587 hits: 07-11 to 05-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:21:36:00 | Win2K-f | 91.141.97.41 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 32 | c83a34840a NEW |
none[4] | none:none |
none|none | none | trace |
| 21:57:00 | Win2K-f | 130.13.131.243 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
222.51.25.90:18067 | CN:bniu.househot.com | 445 | pcap | raw alerts ruleset |
other 9 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 32 | 9928a1e660 [Firefox:18 hits: 10-06 to 05-13] |
28c8dadabf [0] | ASM:Graph |
none|none | lines=104 embedded dns |
trace |
| T:22:15:00 | Win2K-f | 85.26.55.163 (217-117-34-10.TELEDISNET.BE): TELEDISNET ISP, BE. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 30 | ccf7ce9bb5 NEW |
none[4] | none:none |
none|none | none | trace |
| T:22:32:00 | Win2K-f | 190.31.183.214 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| T:22:38:00 | WinXP | 118.100.193.76 (-): . |
222.177.11.165:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:186 hits: 05-05 to 05-14] |
none[4] | none:none |
none|none | none | trace |
| 22:41:00 | WinXP | 194.187.122.185 (-): SC PACRIS SRL, CONSTANTA, CONSTANTA, RO. |
222.177.11.165:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:74 hits: 12-27 to 05-13] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| 23:17:00 | Win2K-f | 116.206.57.29 (-): MOBIF WIRELESS BROADBAND SDN. BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 23:34:00 | WinXP | 59.104.255.151 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 882376da2b NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 23:50:00 | Win2K-f | 89.254.212.235 (-): JSC VOLGATELECOM, RU. |
n/a | CN:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 31 | af98fe0c94 [Firefox:60 hits: 04-27 to 05-14] |
480d076a0a [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| T:23:59:00 | WinXP | 92.12.81.189 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
222.177.11.165:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1189 hits: 04-27 to 05-14] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |