|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:15:00 | WinXP | 58.0.43.60 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:592 hits: 07-11 to 05-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 00:39:00 | Win2K-f | 118.100.179.141 (-): . |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:00:45:00 | Win2K-f | 78.53.19.56 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:58:00 | Win2K-f | 60.46.190.143 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 01:03:00 | Win2K-f | 117.201.32.70 (-): . |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:01:05:00 | WinXP | 84.224.21.151 (PGSM.HU): PANNON GSM TELECOMMUNICATIONS INC, HU. |
n/a | US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 9c4dc40669 NEW |
none[none] | none:none |
none|none | none | none |
| 01:36:00 | WinXP | 123.48.66.18 (R-123-48-0-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:592 hits: 07-11 to 05-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:41:00 | Win2K-f | 78.60.206.86 (ZEBRA.LT): LIETUVOS, LT. |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 01:43:00 | WinXP | 119.17.102.126 (-): . |
n/a | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 3f5ec58a6b [Firefox:19 hits: 04-24 to 05-14] |
4a77430a59 [0] | ASM:Graph |
PolyEnE| | lines=70 | trace |
| T:01:44:00 | WinXP | 119.17.102.126 (-): . |
n/a | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 3f5ec58a6b [Firefox:19 hits: 04-24 to 05-14] |
4a77430a59 [0] | ASM:Graph |
PolyEnE| | lines=70 | trace |
| 01:44:00 | Win2K-f | 78.96.8.43 (-): ASTRAL TURDA DOCSIS, TURDA, CLUJ, RO. |
n/a | US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | 1f455b02c6 NEW |
none[4] | none:none |
none|none | none | trace |
| 02:00:00 | WinXP | 79.17.244.50 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 02:01:00 | WinXP | 88.197.194.51 (-): FULL TELECOM, BE. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 02:22:00 | Win2K-f | 89.218.252.218 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | d26312ea9e NEW |
none[none] | none:none |
none|none | none | none |
| T:02:36:00 | Win2K-f | 194.166.232.116 (AS1901.NET): EUNET-LAC-DYN-POOL, VIENNA, WIEN, AT. (DSL) |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:02:40:00 | WinXP | 124.43.103.22 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, LK. |
n/a | US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | 2e557d2c7e NEW |
none[4] | none:none |
none|none | none | trace |
| 02:45:00 | Win2K-f | 91.65.68.126 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | d319fdae4b NEW |
none[none] | none:none |
none|none | none | none |
| 02:51:00 | WinXP | 218.190.238.188 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
10 of 32 | 639a247ece [Firefox:31 hits: 04-28 to 05-16] |
29d53eec72 [0] | ASM:Graph |
StarForce| | lines=132 | trace |
| 02:54:00 | WinXP | 82.59.76.154 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, PRATO, TOSCANA, IT. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:03:09:00 | Win2K-f | 87.10.206.230 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MASSA, TOSCANA, IT. (DSL) |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:03:11:00 | WinXP | 77.209.160.30 (AIRTEL.NET): VODAFONE ESPANA S.A, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox: 5 hits: 05-12 to 05-14] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:03:24:00 | Win2K-f | 190.137.2.177 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:28:00 | WinXP | 203.109.226.189 (IHUG.CO.NZ): THE INTERNET GROUP LTD, AUCKLAND, AUCKLAND, NZ. (DIAL) |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:36:00 | WinXP | 116.206.39.160 (-): MOBIF WIRELESS BROADBAND SDN. BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:03:40:00 | Win2K-f | 196.201.242.164 (MENANET.NET): AFRINIC, CAIRO, AL QAHIRAH, EG. |
222.177.11.165:7000 | HK:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:03:42:00 | WinXP | 41.207.218.46 (ADSL-41-207-192-10.AVISO.CI): AFRINIC, CI. (DSL) |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:03:51:00 | WinXP | 117.201.82.131 (-): . |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:52:00 | Win2K-f | 89.110.204.74 (BEOBUG.COM): SMS.NET D.O.O, CS. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:54:00 | WinXP | 218.168.66.139 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:24:00 | WinXP | 85.24.168.45 (BAHNHOF.SE): BAHNHOF INTERNET AB, SE. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:04:25:00 | WinXP | 92.112.140.211 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:04:27:00 | WinXP | 77.102.96.154 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:38:00 | Win2K-f | 118.100.23.88 (-): . |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 05:08:00 | WinXP | 87.16.126.118 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, FLORENCE, TOSCANA, IT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:10:00 | Win2K-f | 124.43.131.51 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, LK. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 05:23:00 | WinXP | 92.40.53.200 (IKBCC.COM): EU-ZZ, UK. |
n/a | DE:proxim.ircgalaxy.pl DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 5ed8a3de6e NEW |
none[none] | none:none |
none|none | none | none |
| T:05:27:00 | WinXP | 125.232.84.73 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:29:00 | WinXP | 85.94.158.180 (NET.BA): HT D.O.O. MOSTAR, MOSTAR, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. (DSL) |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 06:06:00 | WinXP | 79.7.76.167 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:29:00 | Win2K-f | 189.7.166.41 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:06:32:00 | Win2K-f | 217.164.80.13 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:35:00 | WinXP | 64.203.157.235 (NTELOS.NET): NTELOS - ADSL DHCP NRP #, WAYNESBORO, VIRGINIA, US. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 06:42:00 | WinXP | 62.169.83.252 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. |
222.177.11.165:7000 | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:07:09:00 | WinXP | 189.48.140.173 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
222.177.11.165:7000 | HK:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:20:00 | WinXP | 88.44.109.133 (BUSINESS.TELECOMITALIA.IT): INTERBUSINESS, IT. (100Mbps) |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:07:33:00 | Win2K-f | 82.140.57.19 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DORTMUND, NORDRHEIN-WESTFALEN, DE. |
n/a | US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:90 hits: 12-27 to 05-17] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| 07:34:00 | WinXP | 189.49.191.70 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
12 of 30 | ccf7ce9bb5 [Firefox: 3 hits: 05-01 to 05-16] |
none[4] | none:none |
none|none | none | trace |
| 07:39:00 | WinXP | 12.74.197.253 (ATT.NET): AT&T WORLDNET SERVICES, DALLAS, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2983 hits: 12-31 to 05-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:41:00 | WinXP | 12.74.197.253 (ATT.NET): AT&T WORLDNET SERVICES, DALLAS, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2983 hits: 12-31 to 05-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:47:00 | Win2K-f | 124.13.4.171 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, MY. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:52:00 | WinXP | 82.50.80.134 (POOL8250.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MONZA, LOMBARDIA, IT. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:08:02:00 | Win2K-f | 87.18.98.197 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
222.177.11.165:7000 | HK:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| 08:20:00 | WinXP | 41.214.148.253 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:276 hits: 05-01 to 05-17] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 08:22:00 | WinXP | 118.100.86.110 (-): . |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:08:29:00 | Win2K-f | 62.47.20.25 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:34:00 | Win2K-f | 78.8.11.228 (NET.PL): DIALOG, WROCLAW, DOLNOSLASKIE, PL. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| 08:40:00 | WinXP | 118.240.83.146 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:592 hits: 07-11 to 05-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:42:00 | Win2K-f | 93.108.94.14 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:proxim.ircgalaxy.pl HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | ee4adbfee3 NEW |
none[none] | none:none |
none|none | none | none |
| 08:48:00 | WinXP | 4.244.60.53 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, REPUBLIC, MISSOURI, US. (DIAL) |
n/a | DE:siliconfireware.ru :www.proxy-socks.net :wpad DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 4667f9847c NEW |
none[none] | none:none |
none|none | none | none |
| T:08:59:00 | WinXP | 89.24.73.174 (4GINTERNET.CZ): GPRS/UMTS CUSTOMER NETWORK, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
n/a | DE:proxim.ircgalaxy.pl HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | e7456ee627 NEW |
none[none] | none:none |
none|none | none | none |
| 09:00:00 | WinXP | 60.48.112.127 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
222.177.11.165:7000 | HK:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:00:00 | WinXP | 12.219.66.31 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, OAK GROVE, KENTUCKY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:386 hits: 12-31 to 05-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:09:00 | Win2K-f | 78.99.16.61 (TELECOM.SK): SLOVAK TELECOM A. S, SK. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:214 hits: 05-05 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:09:12:00 | Win2K-f | 91.124.28.142 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:14:00 | WinXP | 78.106.100.2 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:09:28:00 | Win2K-f | 92.47.84.224 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:hail.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:46:00 | WinXP | 193.249.70.69 (ABO.WANADOO.FR): WANADOO FRANCE, BREST, BRETAGNE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:386 hits: 12-31 to 05-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:52:00 | Win2K-f | 64.4.96.116 (NTELOS.NET): NTELOS DHCP RANGE FOR DSL, CLIFTON FORGE, VIRGINIA, US. |
n/a | HK:hail.dns2go.com US:scorti1.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 10:09:00 | Win2K-f | 91.150.77.87 (ITSISP.NET): ITSYSTEM NIS, CS. |
n/a | HK:hail.dns2go.com CN:222.177.11.165:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 10:39:00 | WinXP | 83.188.193.40 (SWIP.NET): SWIPNET, SE. |
n/a | DE:proxim.ircgalaxy.pl UA:citi-bank.ru DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 88c2500f0d [Firefox: 2 hits: 04-26 to 05-15] |
b1738202b2 [0] | ASM:Graph |
PolyEnE| | lines=118 | trace |
| 10:53:00 | WinXP | 24.106.68.140 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2983 hits: 12-31 to 05-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:29:00 | WinXP | 78.156.202.215 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:15 hits: 03-24 to 05-17] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:00:00 | WinXP | 208.32.149.62 (BUGGS.NET): BUGGS NET TELEPHONE, LA CROSSE, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:84 hits: 05-03 to 05-15] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 12:31:00 | Win2K-f | 88.200.246.36 (SKSAMARA.RU): JSC VOLGATELECOM SAMARA BRANCH, RU. |
203.146.168.71:7000 | HK:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1303 hits: 04-27 to 05-17] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 12:35:00 | Win2K-f | 91.66.224.116 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:36:00 | Win2K-f | 91.66.224.116 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:36:00 | Win2K-f | 41.214.138.106 (-): . |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 12:37:00 | Win2K-f | 82.0.58.66 (NTL.COM): NTL INFRASTRUCTURE - MIDDLESBROUGH, MIDDLESBROUGH, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:37:00 | WinXP | 91.66.170.162 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | c86fc630d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:41:00 | WinXP | 90.189.242.113 (SNT.RU): OJSC SIBIRTELECOM, RU. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:41:00 | WinXP | 78.1.136.77 (T-COM.HR): HPTNET, HR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:46:00 | Win2K-f | 79.116.105.245 (RDSNET.RO): RDS, BUCHAREST, BUCURESTI, RO. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:50:00 | Win2K-f | 212.233.241.187 (-): NTL, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:52:00 | Win2K-f | 91.64.74.69 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:13:00:00 | WinXP | 70.75.10.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:706 hits: 05-01 to 05-16] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 13:00:00 | WinXP | 91.64.74.69 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 13:06:00 | Win2K-f | 91.66.47.49 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:13:09:00 | WinXP | 91.66.170.162 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | c86fc630d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:09:00 | Win2K-f | 91.66.165.57 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 13:09:00 | Win2K-f | 77.54.140.170 (REV.VODAFONE.PT): VODAFONE TELECEL COMUNICACOES PESSOAIS SA, PT. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:13:10:00 | WinXP | 87.205.182.1 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 13:12:00 | WinXP | 91.66.165.57 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 13:23:00 | WinXP | 91.67.54.232 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:31:00 | WinXP | 118.0.121.139 (-): . |
n/a | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:13:33:00 | Win2K-f | 91.66.47.49 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:34:00 | Win2K-f | 89.252.13.102 (FREENET.COM.UA): FOR FREENET CUSTOMERS AND INFRASTRUCTURE, UA. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:40:00 | WinXP | 212.233.241.187 (-): NTL, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:41:00 | WinXP | 80.1.88.145 (NTLI.NET): NTL-DAM3-POPLAR, LONDON, ENGLAND, UK. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2983 hits: 12-31 to 05-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:53:00 | Win2K-f | 91.67.54.232 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:195 hits: 03-31 to 05-09] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:14:45:00 | WinXP | 12.77.174.178 (ATT.NET): AT&T WORLDNET SERVICES, LITTLE ROCK, ARKANSAS, US. (DIAL) |
n/a | DE:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | feeab5c647 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:53:00 | WinXP | 76.200.159.13 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox: 6 hits: 12-14 to 05-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:40:00 | Win2K-f | 4.224.237.130 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FAIRBORN, OHIO, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:21:00 | WinXP | 4.250.153.29 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FAIR LAWN, NEW JERSEY, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:21:00 | WinXP | 92.40.201.111 (IKBCC.COM): EU-ZZ, UK. |
n/a | DE:proxim.ircgalaxy.pl DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 1ab4d3d7b6 [Firefox:10 hits: 04-10 to 05-17] |
cc366b3f6c [0] | ASM:Graph |
none|none | lines=287 embedded dns |
trace |
| T:18:18:00 | WinXP | 75.177.169.33 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:386 hits: 12-31 to 05-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:58:00 | Win2K-f | 4.237.237.173 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2630 hits: 12-31 to 05-17] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:02:00 | WinXP | 71.66.114.225 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENVILLE, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1289 hits: 12-31 to 05-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:03:00 | WinXP | 71.66.114.225 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENVILLE, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1289 hits: 12-31 to 05-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 21:01:00 | WinXP | 124.87.101.118 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:386 hits: 12-31 to 05-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:50:00 | WinXP | 76.94.150.232 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:287 hits: 05-03 to 05-14] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:22:36:00 | WinXP | 24.181.42.154 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 31 | a665b8ecc0 NEW |
b60f286f9a [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:49:00 | WinXP | 124.100.42.247 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:592 hits: 07-11 to 05-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:03:00 | WinXP | 85.181.41.249 (ALICEDSL.DE): HANSENET-ADSL, MUNICH, BAYERN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:46:00 | WinXP | 98.135.69.49 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |