|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:21:00 | WinXP | 77.209.75.50 (AIRTEL.NET): VODAFONE ESPANA S.A, ES. |
n/a | :www.google.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
12 of 32 | d94d21fc29 [Firefox: 6 hits: 12-28 to 05-21] |
9deff996b5 [0] | ASM:Graph |
ASProtect| | lines=423 embedded dns |
trace |
| T:00:22:00 | Win2K-f | 78.2.86.70 (T-COM.HR): T-COM CROATIA INTERNET NETWORK, ZAGREB, GRAD ZAGREB, HR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 00:25:00 | Win2K-f | 125.162.100.134 (-): TLKM_D1_BB_SPEEDY_PG, PALEMBANG, SUMATERA SELATAN, ID. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 01:00:00 | WinXP | 91.64.199.57 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 699d2b9731 NEW |
none[3] | none:none |
ASProtect| | none | trace |
| 01:28:00 | WinXP | 83.188.204.163 (SWIP.NET): SWIPNET, SE. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | e5b24507a9 NEW |
none[4] | none:none |
none|none | none | trace |
| 01:36:00 | Win2K-f | 85.186.76.138 (-): ASTRAL ZALAU DOCSIS, RO. (100Mbps) |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:84 hits: 12-27 to 05-21] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| 01:50:00 | WinXP | 92.40.75.231 (IKBCC.COM): EU-ZZ, UK. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 7a393628ea [Firefox: 2 hits: 05-12 to 05-15] |
none[4] | none:none |
ASProtect| | none | trace |
| 02:01:00 | WinXP | 58.90.237.227 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:606 hits: 07-11 to 05-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:04:00 | Win2K-f | 58.108.172.165 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:16:00 | Win2K-f | 122.99.28.148 (TOTALBB.NET.TW): KE-ING CO LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 02:19:00 | WinXP | 89.24.28.5 (4GINTERNET.CZ): GPRS/WBA CUSTOMER NETWORKS, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 02:26:00 | Win2K-f | 82.49.141.106 (POOL8249.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, CHIETI, ABRUZZI, IT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:00:00 | WinXP | 89.207.67.53 (-): JOINT STOCK COMPANY SVYAZIST, RU. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:22:00 | Win2K-f | 62.105.14.6 (ISURGUT.RU): OPEN JOINT-STOCK COMPANY URALSVIAZINFORM, RU. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 31 | 9b0c5ed538 [Firefox: 5 hits: 05-02 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 03:22:00 | Win2K-f | 125.175.81.163 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | e7db505624 NEW |
none[4] | none:none |
none|none | none | trace | |
| 03:50:00 | Win2K-f | 83.103.133.177 (ASTRAL.RO): ASTRAL-CJ-DOCSIS, CLUJ-NAPOCA, CLUJ, RO. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:04:07:00 | Win2K-f | 89.169.9.210 (-): INFOLINE ZAO, RU. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 32 | e5d062be59 [Firefox: 7 hits: 12-28 to 05-16] |
none[4] | none:none |
ASPack| | none | trace |
| 04:18:00 | WinXP | 62.11.118.252 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | EU:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:448 hits: 05-04 to 05-21] |
none[3] | none:none |
ASPack| | none | trace |
| T:04:19:00 | Win2K-f | 87.172.69.138 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:19:00 | Win2K-f | 81.84.191.43 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:22:00 | Win2K-f | 77.54.57.26 (REV.VODAFONE.PT): GPRS POOLS, POORTUGAAL, ZUID-HOLLAND, NL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:41:00 | WinXP | 79.163.43.114 (-): IDEA, PL. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | e54295a010 NEW |
none[4] | none:none |
none|none | none | trace |
| T:04:43:00 | Win2K-f | 200.165.219.41 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
209.250.232.240:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 04:48:00 | Win2K-f | 124.43.200.24 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, COLOMBO, CENTRAL, LK. (DIAL) |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 31 | fc9addab43 [Firefox: 5 hits: 05-08 to 05-15] |
none[4] | none:none |
none|none | none | trace |
| 05:07:00 | Win2K-f | 189.5.153.136 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, GOIâNIA, GOIáS, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:05:16:00 | WinXP | 125.162.101.71 (-): TLKM_D1_BB_SPEEDY_PG, PALEMBANG, SUMATERA SELATAN, ID. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:38:00 | Win2K-f | 92.113.108.73 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
209.250.232.240:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | fd0bf48a75 [Firefox:11 hits: 04-28 to 05-16] |
none[3] | none:none |
ASProtect| | none | trace |
| 05:54:00 | WinXP | 190.31.79.2 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:05:58:00 | WinXP | 218.172.63.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | :www.google.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:95 hits: 12-27 to 05-21] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| T:06:03:00 | Win2K-f | 79.112.226.20 (RDSNET.RO): RDS, BUCHAREST, BUCURESTI, RO. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 0ab222cebd NEW |
none[4] | none:none |
none|none | none | trace |
| 06:09:00 | WinXP | 89.218.9.20 (-): ALMATYTELECOM, KZ. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 12018ab830 NEW |
none[4] | none:none |
ASProtect| | none | trace |
| T:06:41:00 | WinXP | 79.126.37.130 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com HK:203.198.127.88:7000 US:209.250.232.240:7000 SA:89.108.28.20:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 15bee5b293 NEW |
none[4] | none:none |
StarForce| | none | trace |
| 06:55:00 | Win2K-f | 87.252.153.252 (-): T-MOBILE HRVATSKA D.O.O, HR. |
n/a | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:03:00 | Win2K-f | 85.139.107.30 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, OEIRAS, LISBOA, PT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:09:00 | WinXP | 213.63.153.67 (SERVIDORPT.COM): ARTELECOM, PT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 07:11:00 | Win2K-f | 88.147.251.202 (-): VTSARATOV, RU. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
12 of 30 | 76b4ab852e [Firefox:52 hits: 04-29 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| 07:19:00 | WinXP | 87.174.110.31 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MUNICH, BAYERN, DE. (DIAL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 910d190921 [Firefox: 3 hits: 05-03 to 05-05] |
none[4] | none:none |
none|none | none | trace |
| T:07:43:00 | Win2K-f | 124.43.62.158 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, LK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:08:04:00 | Win2K-f | 190.132.153.78 (ANTELDATA.NET.UY): ADMINISTRACION NACIONAL DE TELECOMUNICACIONES, MONTEVIDEO, MONTEVIDEO, UY. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:05:00 | Win2K-f | 190.54.169.111 (CHILESAT.NET): TELMEX SERVICIOS EMPRESARIALES S.A, CL. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 32 | e5d062be59 [Firefox: 7 hits: 12-28 to 05-16] |
none[4] | none:none |
ASPack| | none | trace |
| 08:14:00 | WinXP | 216.176.88.75 (CONSOLIDATED.NET): CONSOLIDATED COMMUNICATIONS INC, BEECHER CITY, ILLINOIS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:289 hits: 05-03 to 05-19] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 08:40:00 | Win2K-f | 79.211.78.69 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 08:44:00 | Win2K-f | 89.214.205.150 (-): TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA, PT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | e1e291f120 NEW |
none[4] | none:none |
none|none | none | trace |
| 09:08:00 | Win2K-f | 85.138.134.179 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 04c8709d9c NEW |
none[4] | none:none |
none|none | none | trace |
| T:09:16:00 | WinXP | 201.215.79.42 (VTR.NET): VTR BANDA ANCHA S.A, SANTIAGO, REGION METROPOLITANA, CL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:21:00 | Win2K-f | 87.226.183.62 (-): RTK, RU. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 249b417917 NEW |
none[4] | none:none |
none|none | none | trace |
| 09:37:00 | WinXP | 41.214.136.42 (-): . |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:09:40:00 | Win2K-f | 190.182.52.101 (METROTEL.NET.CO): METROTEL REDES S.A, CO. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 890fb4fa10 [Firefox:43 hits: 12-27 to 05-10] |
b9c7f08a57 [0] | ASM:Graph |
ASProtect| | lines=393 embedded dns |
trace |
| T:10:17:00 | WinXP | 86.155.188.85 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | ad63c09b6c NEW |
none[4] | none:none |
StarForce| | none | trace |
| T:11:03:00 | Win2K-f | 190.139.54.174 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:51 hits: 01-26 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 11:19:00 | WinXP | 89.43.148.99 (TVSATRM.RO): SC TV SAT 2002 SRL, BUZAU, BUZAU, RO. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 | 89bc2a6839 NEW |
33f8f7e2e1 [0] | ASM:Graph |
ASProtect| | lines=418 embedded dns |
trace |
| 11:20:00 | WinXP | 81.155.154.33 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 33 | ad63c09b6c NEW |
none[4] | none:none |
StarForce| | none | trace |
| 11:27:00 | WinXP | 79.126.20.150 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 15bee5b293 NEW |
none[4] | none:none |
StarForce| | none | trace |
| T:11:32:00 | Win2K-f | 92.19.51.62 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:47:00 | WinXP | 88.197.195.204 (-): FULL TELECOM, BE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:11:51:00 | Win2K-f | 85.177.107.51 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 12:29:00 | Win2K-f | 82.137.19.85 (RDSNET.RO): TEREZVAROS CABLE TELEVISION LTD, BUDAPEST, BUDAPEST, HU. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | f4b63ac1b1 NEW |
none[4] | none:none |
ASProtect| | none | trace | |
| 12:32:00 | WinXP | 78.84.191.203 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 12:45:00 | WinXP | 4.242.60.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPOKANE, WASHINGTON, US. (DIAL) |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 8f507184c7 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:12:46:00 | WinXP | 4.242.60.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPOKANE, WASHINGTON, US. (DIAL) |
85.114.137.60:80 | DE:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 DE:85.114.137.60:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | a99f17e623 [Firefox:20 hits: 03-28 to 04-24] |
87dfec58db [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| 12:47:00 | Win2K-f | 151.21.147.164 (25-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, BARI, PUGLIA, IT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 13:10:00 | WinXP | 189.7.166.118 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 13:34:00 | WinXP | 90.155.137.79 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 131351dd21 NEW |
none[4] | none:none |
none|none | none | trace | |
| 13:37:00 | WinXP | 220.219.37.17 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1294 hits: 12-31 to 05-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:38:00 | WinXP | 62.40.57.18 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:13:39:00 | WinXP | 220.219.37.17 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1294 hits: 12-31 to 05-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:44:00 | Win2K-f | 92.12.160.221 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:46:00 | WinXP | 201.252.50.53 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 14:33:00 | WinXP | 85.132.4.31 (AZ-IX.NET): PROVIDER LOCAL REGISTRY, BAKU, ABSERON, AZ. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 14:41:00 | WinXP | 201.31.105.87 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 38c1892a84 NEW |
none[4] | none:none |
none|none | none | trace |
| 14:46:00 | Win2K-f | 78.57.108.218 (ZEBRA.LT): LIETUVOS, VILNIUS, VILNIAUS APSKRITIS, LT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 15:02:00 | WinXP | 24.172.133.85 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:2992 hits: 12-31 to 05-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:21:00 | WinXP | 92.8.252.239 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:15:45:00 | WinXP | 190.48.219.91 (COM.AR): TELEFONICA DE ARGENTINA, MAR DEL PLATA, BUENOS AIRES, AR. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 31 | 14ef234ad3 [Firefox:15 hits: 04-29 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| 15:52:00 | Win2K-f | 79.153.81.58 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 15:53:00 | WinXP | 78.161.22.4 (-): TT ADSL-HUWAEI TTNET DYNAMIC_ULUS, ANKARA, ANKARA, TR. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 44ded303fe NEW |
none[4] | none:none |
none|none | none | trace |
| T:15:58:00 | WinXP | 190.17.73.108 (COM.AR): CABLEVISION S.A, AR. |
75.127.96.88:5001 | AT:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | 90aa68c64b NEW |
none[4] | none:none |
Armadillo| | none | trace |
| T:16:26:00 | WinXP | 200.70.134.26 (COM.AR): TELEFONICA DATA ARGENTINA S.A, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:16:48:00 | WinXP | 89.181.44.22 (NET.NOVIS.PT): IPGLOBAL, LISBON, LISBOA, PT. |
209.250.232.240:7000 | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 31 | af98fe0c94 [Firefox:71 hits: 04-27 to 05-21] |
480d076a0a [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| T:16:58:00 | Win2K-f | 190.48.101.228 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com :www.google.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 14ef234ad3 [Firefox:15 hits: 04-29 to 05-17] |
none[4] | none:none |
none|none | none | trace |
| T:17:02:00 | WinXP | 72.178.120.212 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1294 hits: 12-31 to 05-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 17:23:00 | WinXP | 201.93.37.165 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :www.google.com CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:17:26:00 | Win2K-f | 69.77.155.154 (SKYBEST.COM): SKYBEST COMMUNICATIONS INC, NEW BERN, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | 56ae35572e [Firefox: 3 hits: 05-01 to 05-10] |
none[4] | none:none |
none|none | none | trace | |
| T:17:38:00 | Win2K-f | 190.136.193.187 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 17:51:00 | Win2K-f | 170.51.150.168 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:18:00:00 | WinXP | 41.210.197.162 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1294 hits: 12-31 to 05-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:02:00 | WinXP | 76.168.121.237 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru EU:ebookfinaltrash.ru :wpad US:searchportal.information.com :www.proxy-socks.net DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1025 hits: 05-01 to 05-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:08:00 | WinXP | 60.53.194.40 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, TAIPING, PERAK, MY. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl CN:hail.dns2go.com :www.google.com DE:dl2.teenpassage.com IL:ymq.a1001186.wrs.mcboo.com CN:scorti1.dns2go.com IL:194.90.224.86:80 US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp irc http 50 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 28 of 32 |
1f92e7b9e3 NEW f34f0ae5a4 NEW |
1f92e7b9e3 [1] none [4] |
ASM:Graph none:none |
StarForce| none|none |
lines=6 none |
trace trace |
| 18:10:00 | Win2K-f | 190.17.73.108 (COM.AR): CABLEVISION S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f NEW |
none[4] | none:none |
Armadillo| | none | trace | |
| 18:20:00 | Win2K-f | 190.137.111.35 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 32 | 7e28dac8de [Firefox:24 hits: 04-27 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 18:22:00 | WinXP | 201.50.3.222 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 18:29:00 | WinXP | 70.126.111.225 (RR.COM): ROAD RUNNER HOLDCO LLC, PINELLAS PARK, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1294 hits: 12-31 to 05-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:43:00 | Win2K-f | 201.23.215.122 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 18:45:00 | Win2K-f | 190.49.159.231 (COM.AR): TELEFONICA DE ARGENTINA, MIRAMAR, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 18:54:00 | WinXP | 201.254.184.150 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:19:06:00 | WinXP | 58.156.35.172 (UCOM.NE.JP): IML, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:606 hits: 07-11 to 05-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:15:00 | Win2K-f | 124.10.134.167 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | a7e3664263 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:19:35:00 | WinXP | 190.134.1.111 (-): . |
209.250.232.240:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:19:37:00 | WinXP | 59.116.4.130 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
209.250.232.240:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:19:56:00 | Win2K-f | 125.162.108.237 (-): TLKM_D1_BB_SPEEDY_PG, PALEMBANG, SUMATERA SELATAN, ID. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 19:57:00 | Win2K-f | 59.116.4.130 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
209.250.232.240:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 19:58:00 | Win2K-f | 117.197.112.162 (-): . |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 58a922e43b NEW |
none[4] | none:none |
none|none | none | trace |
| T:20:05:00 | WinXP | 190.128.76.35 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:04:00 | Win2K-f | 206.248.213.247 (-): NTELOS - LADD PANNAWAY DSL, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 21:07:00 | WinXP | 194.88.239.45 (NETACCESS.RO): SC NETACCESS SRL, RO. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | ed458d58bb NEW |
none[4] | none:none |
none|none | none | trace |
| 21:11:00 | WinXP | 64.53.73.97 (-): PIEDMONT TELEPHONE, LAURENS, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 6c3c0f78a2 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:21:14:00 | WinXP | 200.227.94.94 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 21:21:00 | WinXP | 88.147.151.249 (SAN.RU): NETWORK OF SARATOV BRANCH OF OJSC VOLGATELECOM, SARATOV, SARATOVSKAYA OBLAST', RU. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | c99d0a41a1 NEW |
none[4] | none:none |
none|none | none | trace |
| 21:36:00 | Win2K-f | 92.46.28.173 (IKBCC.COM): EU-ZZ, UK. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 31 | af98fe0c94 [Firefox:71 hits: 04-27 to 05-21] |
480d076a0a [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| 22:07:00 | WinXP | 79.126.53.33 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 22:33:00 | Win2K-f | 89.104.28.26 (BNET.AT): B.NET BURGENLAND TELEKOM GMBH, GRAZ, STEIERMARK, AT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:38:00 | Win2K-f | 82.57.125.140 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, FLORENCE, TOSCANA, IT. |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 22:49:00 | Win2K-f | 88.246.56.124 (TTNET.NET.TR): TT ADSL-METEKSAN DINAMIK_ACI, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:22:51:00 | Win2K-f | 89.24.118.174 (4GINTERNET.CZ): RADIOMOBIL, CZ. |
209.250.232.240:7000 | CN:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 23:04:00 | Win2K-f | 118.100.180.201 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:14:00 | WinXP | 125.162.99.189 (-): TLKM_D1_BB_SPEEDY_PG, PALEMBANG, SUMATERA SELATAN, ID. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:17:00 | Win2K-f | 83.103.200.161 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
n/a | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:95 hits: 12-27 to 05-21] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| T:23:18:00 | WinXP | 124.43.204.50 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, COLOMBO, CENTRAL, LK. (DIAL) |
209.250.232.240:7000 | CN:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 31 | fc9addab43 [Firefox: 5 hits: 05-08 to 05-15] |
none[4] | none:none |
none|none | none | trace |
| T:23:34:00 | Win2K-f | 124.43.136.153 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, LK. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1414 hits: 04-27 to 05-21] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:23:54:00 | WinXP | 78.96.8.43 (-): ASTRAL TURDA DOCSIS, TURDA, CLUJ, RO. |
209.250.232.240:7000 | :www.google.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 32 | 1f455b02c6 [Firefox: 2 hits: 05-09 to 05-18] |
none[4] | none:none |
none|none | none | trace |
| T:23:55:00 | Win2K-f | 82.51.113.70 (POOL8251.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, PESCARA, ABRUZZI, IT. |
209.250.232.240:7000 | CN:hail.dns2go.com CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:240 hits: 05-05 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| T:23:57:00 | WinXP | 80.243.65.167 (80.IN-ADDR.ARPA): JSK NTC (NEW TELEPHONE COMPANY), VLADIVOSTOK, PRIMORSKIY KRAY, RU. |
209.250.232.240:7000 | CN:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:84 hits: 12-27 to 05-21] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |