|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:40:00 | WinXP | 125.0.239.62 (INFOWEB.NE.JP): FUJITSU LIMITED, TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:596 hits: 07-11 to 05-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:21:00 | Win2K-f | 220.139.93.18 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:59:00 | WinXP | 61.216.113.80 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2631 hits: 12-31 to 05-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:03:08:00 | WinXP | 77.209.141.13 (AIRTEL.NET): VODAFONE ESPANA S.A, ES. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Argh : 0.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox: 7 hits: 12-14 to 05-18] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 03:16:00 | WinXP | 219.99.115.81 (YOURNET.NE.JP): FREEBIT CO. LTD, JP. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2987 hits: 12-31 to 05-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:08:00 | WinXP | 85.176.104.62 (ALICEDSL.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl DE:dl2.teenpassage.com CZ:217.170.244.2:443 CZ:82.114.64.251:443 DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
shell ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 32 | b60ca8e834 NEW |
none[none] | none:none |
none|none | none | none |
| 06:49:00 | WinXP | 218.162.197.110 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:390 hits: 12-31 to 05-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:44:00 | WinXP | 67.150.11.156 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:proxim.ircgalaxy.pl CZ:217.170.244.2:443 CZ:82.114.64.251:443 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | d537727656 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:44:00 | WinXP | 24.76.71.117 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:49:00 | Win2K-f | 61.230.21.94 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2631 hits: 12-31 to 05-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:37:00 | WinXP | 118.174.171.48 (-): . |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:445 hits: 05-04 to 05-14] |
none[3] | none:none |
ASPack| | none | trace |
| 08:57:00 | WinXP | 93.108.5.57 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox: 6 hits: 05-12 to 05-18] |
none[4] | none:none |
PolyEnE| | none | trace |
| 09:04:00 | WinXP | 76.94.150.232 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:288 hits: 05-03 to 05-18] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:09:31:00 | Win2K-f | 85.176.112.179 (ALICEDSL.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:41:00 | WinXP | 170.51.195.212 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2987 hits: 12-31 to 05-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:08:00 | WinXP | 66.103.239.83 (MIPOPS.COM): GLISNET INC, CLINTON TOWNSHIP, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:25:00 | Win2K-f | 82.253.84.76 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | US:wow.blackirc.us SE:tap.radioprishtina.net SE:84.244.5.183:2345 |
445 | pcap | raw alerts ruleset |
http 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 69474721cb NEW |
none[none] | none:none |
none|none | none | none |
| 11:22:00 | Win2K-f | 85.181.29.184 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:40:00 | WinXP | 213.16.163.245 (FORTHNET.GR): FORTHNET-NOC-ATH, GR. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell shell shell 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:25:00 | WinXP | 77.54.134.253 (REV.VODAFONE.PT): VODAFONE TELECEL COMUNICACOES PESSOAIS SA, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox: 6 hits: 05-12 to 05-18] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:13:34:00 | Win2K-f | 118.161.19.19 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:48:00 | WinXP | 97.89.6.114 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2987 hits: 12-31 to 05-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:08:00 | WinXP | 85.84.176.108 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com HK:203.198.127.88:7000 US:209.250.232.249:7000 US:65.117.119.162:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 14:10:00 | Win2K-f | 91.64.74.225 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
209.250.232.249:7000 | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 32 | a58f7f760c NEW |
c80d05a4a4 [0] | ASM:Graph |
ASProtect| | line=1 | trace |
| 14:28:00 | WinXP | 24.33.234.84 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.212.12:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1020 hits: 05-01 to 05-17] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:14:52:00 | WinXP | 4.229.198.51 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f592d52f3c [Firefox:26 hits: 06-12 to 04-26] |
85a7174aed [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 15:29:00 | WinXP | 67.9.244.157 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:707 hits: 05-01 to 05-18] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 15:41:00 | WinXP | 213.133.14.14 (-): SPINN INTERNATIONAL APS, DK. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:221 hits: 05-05 to 05-18] |
none[4] | none:none |
none|none | none | trace |
| T:16:28:00 | WinXP | 86.175.1.124 (BTOPENWORLD.COM): BT PUBLIC INTERNET SERVICE, UK. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 31 | a08374e5ca NEW |
none[4] | none:none |
none|none | none | trace |
| 16:33:00 | WinXP | 24.162.152.228 (RR.COM): ROAD RUNNER HOLDCO LLC, KILLEEN, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :www.google.com GB:new.egg.com :wpad GB:welcome3.smile.co.uk GB:195.92.84.198:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 28 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1020 hits: 05-01 to 05-17] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:34:00 | Win2K-f | 63.27.216.115 (UU.NET): UUNET TECHNOLOGIES INC, DEKALB, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:44:00 | Win2K-f | 85.26.71.37 (217-117-34-10.TELEDISNET.BE): TELEDISNET ISP, BE. |
n/a | :www.google.com | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | e1e2bddf79 NEW |
none[4] | none:none |
none|none | none | trace |
| T:17:10:00 | Win2K-f | 125.232.104.172 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | 9da2780758 NEW |
none[none] | none:none |
none|none | none | none |
| 17:22:00 | WinXP | 121.73.80.78 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | fd57febe23 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:24:00 | WinXP | 201.74.95.27 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 17:28:00 | WinXP | 190.84.12.172 (CABLE.NET.CO): TV CABLE S.A, SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) |
n/a | :www.google.com | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | b4ad631671 [Firefox: 9 hits: 04-29 to 05-17] |
5890f017cc [0] | ASM:Graph |
StarForce| | lines=28 | trace |
| T:17:37:00 | Win2K-f | 201.254.127.218 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 17:45:00 | WinXP | 170.51.190.101 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | fc018d2839 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:46:00 | WinXP | 170.51.190.101 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | fc018d2839 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:48:00 | WinXP | 200.59.102.149 (COM.AR): SINECTIS S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 18:07:00 | Win2K-f | 190.50.197.210 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:221 hits: 05-05 to 05-18] |
none[4] | none:none |
none|none | none | trace |
| T:18:23:00 | WinXP | 200.55.35.166 (ORG.AR): IMPSAT ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. (DIAL) |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:18:44:00 | WinXP | 76.90.251.97 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1291 hits: 12-31 to 05-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:49:00 | Win2K-f | 41.210.232.188 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 195cff1d64 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:19:12:00 | Win2K-f | 41.210.232.188 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:23:00 | WinXP | 190.2.184.251 (NODE-BE02A00A.SCARLET.AN): ANTILLEAN NETWORK MANAGEMENT N.V, AN. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:19:39:00 | WinXP | 68.146.201.80 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:40:00 | Win2K-f | 220.219.45.51 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:46:00 | WinXP | 4.227.44.91 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MEMPHIS, TENNESSEE, US. (DIAL) |
n/a | DE:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 33adba7615 NEW |
none[none] | none:none |
none|none | none | none |
| 19:49:00 | WinXP | 200.226.3.211 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 32 | f59ba8e6f5 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:54:00 | WinXP | 64.85.220.32 (SOCKET.NET): SOCKET INTERNET SERVICES CORPORATION, MEXICO, MISSOURI, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:707 hits: 05-01 to 05-18] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 20:00:00 | Win2K-f | 201.254.179.156 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:20:11:00 | Win2K-f | 124.106.235.8 (PLDT.NET): SPCC10K01_MYDSLLITE, MANILA, MANILA, PH. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:54:00 | Win2K-f | 190.51.56.62 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 20:59:00 | Win2K-f | 200.74.86.230 (VTR.NET): VTR BANDA ANCHA S.A, SANTIAGO, REGION METROPOLITANA, CL. |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1335 hits: 04-27 to 05-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 21:15:00 | WinXP | 190.51.62.221 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:221 hits: 05-05 to 05-18] |
none[4] | none:none |
none|none | none | trace |
| 21:16:00 | WinXP | 76.211.222.29 (SBCGLOBAL.NET): PPPOX POOL - RBACK5.HRLNTX 100406-1511, MCALLEN, TEXAS, US. (DSL) |
n/a | DE:siliconfireware.ru :wpad EU:ebookfinaltrash.ru DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:445 hits: 05-04 to 05-14] |
none[3] | none:none |
ASPack| | none | trace |
| T:21:39:00 | Win2K-f | 61.116.193.117 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), TOKYO, TOKYO, JP. (DIAL) |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 32 | 5949c549f5 NEW |
none[none] | none:none |
none|none | none | none |
| 21:43:00 | Win2K-f | 217.49.223.28 (MEDIAWAYS.NET): AOL-CLIENT-MODEMPOOL, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | b4ad631671 [Firefox: 9 hits: 04-29 to 05-17] |
5890f017cc [0] | ASM:Graph |
StarForce| | lines=28 | trace | |
| 21:47:00 | WinXP | 190.164.223.34 (-): . |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:78 hits: 12-27 to 05-17] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| T:21:57:00 | WinXP | 220.239.103.22 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, MELBOURNE, VICTORIA, AU. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2987 hits: 12-31 to 05-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:57:00 | WinXP | 91.23.207.221 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
209.250.232.240:7000 | US:scorti1.dns2go.com :www.google.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.8 profile |
none | summary tarball |
4 of 32 | 1900b49c25 [Firefox:20 hits: 12-28 to 01-27] |
none[none] | none:none |
none|none | none | none |
| 23:25:00 | Win2K-f | 117.201.83.70 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | dad909dd0c NEW |
none[none] | none:none |
none|none | none | none | |
| 23:54:00 | WinXP | 82.141.127.246 (KOTINET.COM): POHJANMAAN PPO OY, YLIVIESKA, OULUN LAANI, FI. (DSL) |
85.114.137.60:65520 209.250.232.240:7000 | DE:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:scorti1.dns2go.com DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 | 94eaf8f169 NEW |
none[none] | none:none |
none|none | none | none |