|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:37:00 | WinXP | 91.66.222.164 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
85.114.137.60:65520 69.42.216.90:9890 | DE:proxim.ircgalaxy.pl :f.unicat.org DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | fce29e83cd NEW |
none[4] | none:none |
ASProtect| | none | trace |
| 00:37:00 | Win2K-f | 78.96.68.165 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:38:00 | Win2K-f | 62.42.52.71 (ONOLAB.COM): CABLEUROPA - ONO, ALICANTE, VALENCIA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:41:00 | WinXP | 78.96.241.90 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:42:00 | WinXP | 89.33.14.11 (-): SC AMBASADOR IMPEX SRL, GALATI, GALATI, RO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:42:00 | WinXP | 91.64.90.206 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:43:00 | Win2K-f | 91.124.91.229 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 131351dd21 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:00:43:00 | WinXP | 91.64.90.206 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:46:00 | Win2K-f | 91.66.91.135 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:48:00 | WinXP | 122.122.129.22 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:49:00 | Win2K-f | 86.106.49.159 (UPCNET.RO): SC UPC ROMANIA SA, CLUJ-NAPOCA, CLUJ, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:55:00 | Win2K-f | 82.240.174.182 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 50 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:01:00 | Win2K-f | 89.169.138.63 (-): MOSINFOLINE, RU. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:01:00 | Win2K-f | 81.198.247.240 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:03:00 | WinXP | 81.198.51.218 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:03:00 | WinXP | 121.73.122.74 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | fd57febe23 [Firefox: 3 hits: 05-19 to 05-30] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:01:06:00 | WinXP | 89.136.97.197 (-): ASTRAL SUCEAVA DOCSIS NETWORK, RO. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:06:00 | Win2K-f | 91.65.180.4 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:10:00 | WinXP | 78.148.251.0 (OPALTELECOM.NET): OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER, UK. |
n/a | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:11:00 | Win2K-f | 78.96.241.90 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:11:00 | WinXP | 89.35.204.205 (RAKNETSOFT.RO): SC RAKNET SOFT SRL, PLOIESTI, PRAHOVA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:16:00 | Win2K-f | 122.122.8.174 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:25:00 | Win2K-f | 201.221.78.89 (GREENDOTTT.NET): GREENDOT, TT. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:27:00 | Win2K-f | 122.122.8.174 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:30:00 | Win2K-f | 91.124.91.229 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:35:00 | WinXP | 122.122.129.22 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:36:00 | WinXP | 122.122.133.75 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:39:00 | Win2K-f | 89.136.97.197 (-): ASTRAL SUCEAVA DOCSIS NETWORK, RO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:17:00 | WinXP | 87.103.170.32 (-): FOR GORNIY ALTAY REGIONAL BRANCH OF THE JSC SIBIRTELECOM, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 05094b9626 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:02:19:00 | Win2K-f | 79.72.155.237 (AS9105.COM): TELINCO, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:29:00 | WinXP | 89.35.204.205 (RAKNETSOFT.RO): SC RAKNET SOFT SRL, PLOIESTI, PRAHOVA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:253 hits: 03-31 to 05-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 02:35:00 | Win2K-f | 118.101.27.40 (-): . |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| 02:58:00 | WinXP | 213.152.199.113 (ADHOC.NET): AD HOC NETWORK SRL, RIMINI, EMILIA-ROMAGNA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:25:00 | Win2K-f | 83.6.50.2 (TPNET.PL): NEOSTRADA PLUS, LUBLIN, LUBELSKIE, PL. (DSL) |
84.244.6.253:2345 66.29.25.194:80 | US:www.blackirc.us SE:tap.tronko.net SE:84.244.6.253:2345 |
445 | pcap | raw alerts ruleset |
http irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 32 | 05ec072edf [Firefox: 3 hits: 05-30 to 05-31] |
05ec072edf [1] | ASM:Graph |
StarForce| | lines=86 | trace |
| 03:43:00 | WinXP | 119.72.40.161 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 82239d2adc NEW |
none[4] | none:none |
none|none | none | trace | |
| 03:57:00 | WinXP | 220.145.34.217 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:614 hits: 07-11 to 05-31] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:10:00 | WinXP | 83.211.49.51 (SN2.EUTELIA.IT): EUTELIA, FLORENCE, TOSCANA, IT. (DSL) |
n/a | GB:new.egg.com DE:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.212.12:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:450 hits: 05-04 to 05-31] |
none[3] | none:none |
ASPack| | none | trace |
| 04:20:00 | Win2K-f | 78.34.147.116 (NETCOLOGNE.DE): NETCOLOGNE, DE. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
15 of 31 | 6c4c3242ba [Firefox: 3 hits: 05-31 to 05-31] |
none[4] | none:none |
none|none | none | trace |
| T:04:35:00 | WinXP | 62.215.55.179 (-): FAST TELCO INFRA STRUCTURE WEB ACCESS USERS, KUWAIT, AL KUWAYT, KW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | ed631f6395 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 04:43:00 | WinXP | 87.205.207.178 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:10:00 | Win2K-f | 130.13.226.221 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:3938 | CA:wiger.blacktiehsbdcs.com | 135 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 06:18:00 | WinXP | 200.165.249.248 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:50:00 | Win2K-f | 124.13.4.74 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, MY. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| 07:52:00 | Win2K-f | 190.174.148.80 (-): . |
n/a | CN:hail2.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| 07:56:00 | WinXP | 130.13.220.147 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
82.128.219.34:1977 | EC:neo12.cjb.net | 135 | pcap | raw alerts ruleset |
irc 354 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 31 | 0b6af9e88a NEW |
none[4] | none:none |
StarForce| | none | trace |
| T:07:59:00 | Win2K-f | 130.13.220.147 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
82.128.219.34:1977 | EC:neo12.cjb.net | 135 | pcap | raw alerts ruleset |
irc 347 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 31 | 0b6af9e88a NEW |
none[4] | none:none |
StarForce| | none | trace |
| 08:03:00 | WinXP | 217.151.135.85 (GAZSVYAZ.RU): GAZSVYAZ-MSK, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.212.12:80 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.145.225.22:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1028 hits: 05-01 to 05-29] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 08:13:00 | WinXP | 213.142.168.140 (EVARD.CH): EVARD ANTENNENBAU AG, GENEVA, GENEVA, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:25:00 | WinXP | 85.101.241.229 (TTNET.NET.TR): TURKTELEKOM, ISTANBUL, ISTANBUL, TR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:00:00 | Win2K-f | 217.164.54.1 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, ABU DHABI, ABU DHABI, AE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 131351dd21 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:09:15:00 | Win2K-f | 124.82.52.103 (TM.NET.MY): TM ADSL SERVICE PROVIDER MALAYSIA, IPOH, PERAK, MY. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| T:09:24:00 | WinXP | 41.233.251.95 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| 09:40:00 | WinXP | 88.106.71.63 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
213.239.192.125:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 6 hits: 05-22 to 05-31] |
none[4] | none:none |
Armadillo| | none | trace |
| T:10:12:00 | WinXP | 75.25.43.56 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:396 hits: 12-31 to 05-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:20:00 | Win2K-f | 78.96.143.83 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:06:00 | Win2K-f | 91.66.100.217 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |
| 11:32:00 | WinXP | 216.255.167.30 (TVCCONNECT.NET): THAMES VALLEY COMMUNICATIONS INC, GROTON, CONNECTICUT, US. |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1028 hits: 05-01 to 05-29] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 12:14:00 | Win2K-f | 78.131.124.95 (-): EMKTV KISKUNHALAS DOCSIS, HU. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | 529c9e114c NEW |
none[4] | none:none |
none|none | none | trace |
| T:12:14:00 | WinXP | 83.103.134.42 (ASTRAL.RO): ASTRAL-CJ-DOCSIS, CLUJ-NAPOCA, CLUJ, RO. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| 12:17:00 | WinXP | 190.138.72.65 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:30:00 | Win2K-f | 88.132.8.235 (-): PRTELECOM, HU. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 890fb4fa10 [Firefox:45 hits: 12-27 to 05-23] |
b9c7f08a57 [0] | ASM:Graph |
ASProtect| | lines=393 embedded dns |
trace |
| 12:32:00 | WinXP | 170.51.134.208 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:40:00 | WinXP | 64.126.155.192 (LEWISTON.COM): FIRST STEP INTERNET, PULLMAN, WASHINGTON, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1305 hits: 12-31 to 05-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:06:00 | Win2K-f | 78.159.148.41 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | f515fcc0f7 [Firefox:14 hits: 12-28 to 05-14] |
dc7696e295 [0] | ASM:Graph |
ASProtect| | lines=422 embedded dns |
trace |
| 13:14:00 | WinXP | 66.173.217.148 (CAVTEL.NET): CAVALIER DSL, BALTIMORE, MARYLAND, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1305 hits: 12-31 to 05-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:26:00 | WinXP | 79.138.141.73 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:41 hits: 05-04 to 05-21] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace | |
| T:13:26:00 | WinXP | 79.138.141.73 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:33:00 | WinXP | 12.210.164.248 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, OAK GROVE, KENTUCKY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:396 hits: 12-31 to 05-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 13:38:00 | Win2K-f | 85.138.71.39 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 43aaa8723f NEW |
none[4] | none:none |
none|none | none | trace |
| 13:58:00 | Win2K-f | 77.103.87.71 (BLUEYONDER.CO.UK): CABLEINET, UK. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | 9acd0bdf6f NEW |
none[4] | none:none |
none|none | none | trace |
| 13:59:00 | WinXP | 72.183.33.27 (RR.COM): ROAD RUNNER HOLDCO LLC, CORPUS CHRISTI, TEXAS, US. |
n/a | DE:siliconfireware.ru SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org DK:marsho.dk US:www.jamaatshariat.com US:www.counterdata.com DE:m1.webstats.motigo.com FI:imgs2.kavkazcenter.com GB:www.chechenpress.co.uk :www.google.com FI:static.kavkazchat.com US:www.islamicfinder.org US:www.vimeo.com US:www.youtube.com RU:grani-tv.ru RU:video.rutube.ru :www.google-analytics.com US:blip.tv US:video.google.com DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 874 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:45 hits: 05-10 to 05-07] |
none[3] | none:none |
ASPack| | none | trace |
| 13:59:00 | WinXP | 78.161.55.113 (-): TT ADSL-HUWAEI TTNET DYNAMIC_ULUS, ANKARA, ANKARA, TR. |
85.114.137.60:65520 | DE:proxim.ircgalaxy.pl US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 DE:85.114.137.60:65520 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 44ded303fe NEW |
none[4] | none:none |
none|none | none | trace |
| 13:59:00 | WinXP | 41.236.31.3 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:02:00 | Win2K-f | 84.238.70.233 (-): DYNAMIC CUSTOMER IP'S, ÅRHUS, ARHUS, DK. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | 539af97473 NEW |
none[4] | none:none |
none|none | none | trace |
| 14:09:00 | WinXP | 78.54.129.82 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:hail.dns2go.com :www.proxy-socks.net :daymohk.info US:scorti1.dns2go.com EU:ebookfinaltrash.ru DK:marsho.dk EU:crutop.nu :chripress.org US:209.250.232.240:7000 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |
| 14:10:00 | WinXP | 24.195.176.238 (RR.COM): ROAD RUNNER HOLDCO LLC, SARATOGA SPRINGS, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:22:00 | Win2K-f | 125.224.4.36 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |
| 14:29:00 | WinXP | 190.50.162.206 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:14:30:00 | Win2K-f | 189.28.198.32 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |
| T:14:46:00 | WinXP | 189.7.166.11 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:15:01:00 | Win2K-f | 78.130.25.92 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, PT. |
209.250.232.240:7000 | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 4e2c082051 NEW |
none[4] | none:none |
none|none | none | trace |
| 15:03:00 | WinXP | 66.38.51.12 (DUO-COUNTY.COM): DUO COUNTY TELEPHONE COOPERATIVE, CAVE CITY, KENTUCKY, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:436 hits: 05-02 to 05-31] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:05:00 | WinXP | 66.38.51.12 (DUO-COUNTY.COM): DUO COUNTY TELEPHONE COOPERATIVE, CAVE CITY, KENTUCKY, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:436 hits: 05-02 to 05-31] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:18:00 | WinXP | 190.172.230.33 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 15:26:00 | WinXP | 74.72.135.184 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:450 hits: 05-04 to 05-31] |
none[3] | none:none |
ASPack| | none | trace |
| 15:55:00 | Win2K-f | 217.42.207.214 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, WELLINGBOROUGH, ENGLAND, UK. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 5ee4121e1e [Firefox:36 hits: 05-29 to 05-31] |
none[4] | none:none |
Obsidium| | none | trace |
| T:16:01:00 | Win2K-f | 79.23.232.70 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:16:02:00 | WinXP | 76.77.130.192 (CLARKDJFS.ORG): SPRINGNET, SPRINGFIELD, MISSOURI, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 108 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:07:00 | Win2K-f | 190.182.38.215 (METROTEL.NET.CO): METROTEL REDES S.A, CO. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 4053a87494 NEW |
c1d7cc8d6d [0] | ASM:Graph |
TXT2COM| | lines=405 embedded dns |
trace |
| 17:11:00 | WinXP | 201.78.62.11 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:52 hits: 01-26 to 05-22] |
none[4] | none:none |
none|none | none | trace |
| T:17:32:00 | WinXP | 4.245.8.24 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:54:00 | WinXP | 98.140.137.22 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:10 hits: 05-12 to 05-31] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:18:05:00 | Win2K-f | 88.180.64.137 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | CN:hail2.dns2go.com CN:222.177.11.165:8885 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | be174a7807 NEW |
none[4] | none:none |
Obsidium| | none | trace |
| 18:09:00 | WinXP | 190.136.207.242 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:10 hits: 05-12 to 05-31] |
none[4] | none:none |
PolyEnE| | none | trace |
| 18:17:00 | Win2K-f | 189.7.166.11 (VIRTUA.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:18:46:00 | Win2K-f | 190.134.174.142 (-): . |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 19:07:00 | WinXP | 170.51.120.179 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3009 hits: 12-31 to 05-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:11:00 | Win2K-f | 77.58.20.146 (SOLPA.NET): CABLECOM, CH. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:19:22:00 | Win2K-f | 190.182.38.215 (METROTEL.NET.CO): METROTEL REDES S.A, CO. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 4053a87494 NEW |
c1d7cc8d6d [0] | ASM:Graph |
TXT2COM| | lines=405 embedded dns |
trace |
| 19:26:00 | WinXP | 71.75.236.54 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:396 hits: 12-31 to 05-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:45:00 | WinXP | 66.2.141.140 (ALGX.NET): XO COMMUNICATIONS, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1305 hits: 12-31 to 05-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 19:46:00 | Win2K-f | 91.64.5.120 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 31 | 5dfc3e36cd NEW |
none[4] | none:none |
none|none | none | trace |
| T:20:12:00 | WinXP | 63.245.183.231 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, BURLINGTON, KANSAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:19 hits: 03-24 to 05-21] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:13:00 | WinXP | 63.245.183.231 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, BURLINGTON, KANSAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:19 hits: 03-24 to 05-21] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:42:00 | Win2K-f | 116.206.55.201 (-): MOBIF WIRELESS BROADBAND SDN. BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
209.250.232.240:7000 | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1487 hits: 04-27 to 05-30] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 21:00:00 | Win2K-f | 117.0.97.105 (ADSL.VIETTEL.VN): VIETEL CORPORATION, HANOI, HA NOI, VN. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | e94729b8b4 NEW |
none[4] | none:none |
ASProtect| | none | trace |
| 21:13:00 | Win2K-f | 124.13.1.173 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, MY. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:27:00 | Win2K-f | 91.64.199.62 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 699d2b9731 [Firefox: 2 hits: 04-27 to 05-22] |
none[3] | none:none |
ASProtect| | none | trace |
| 21:40:00 | WinXP | 117.5.135.171 (ADSL.VIETTEL.VN): VIETEL CORPORATION, HANOI, HA NOI, VN. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 31 | 4620861e2d [Firefox:15 hits: 04-27 to 05-17] |
none[4] | none:none |
StarForce| | none | trace |
| T:21:53:00 | Win2K-f | 85.113.251.80 (CONCEPTS.NL): CONCEPTS-CUST-FTTH-ENSCHEDE, ENSCHEDE, OVERIJSSEL, NL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | fd835d9616 NEW |
none[4] | none:none |
TXT2COM| | none | trace | |
| 22:21:00 | WinXP | 124.106.184.48 (PLDT.NET): PLAN, QUEZON CITY, MANILA, PH. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:614 hits: 07-11 to 05-31] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:05:00 | WinXP | 125.101.116.13 (UCOM.NE.JP): IML, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 161e73cdfc NEW |
none[4] | none:none |
none|none | none | trace | |
| T:23:07:00 | Win2K-f | 83.103.139.76 (-): ASTRAL ALBA SATTELITES, MISKOLC, BORSOD-ABAUJ-ZEMPLEN, HU. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |
| 23:15:00 | Win2K-f | 213.16.218.40 (FORTHNET.GR): FORTHNET-NOC-ATH, GR. (DIAL) |
n/a | US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 890fb4fa10 [Firefox:45 hits: 12-27 to 05-23] |
b9c7f08a57 [0] | ASM:Graph |
ASProtect| | lines=393 embedded dns |
trace |
| T:23:31:00 | WinXP | 85.118.127.37 (-): EGRISI, GE. |
209.250.232.240:7000 | US:hail.dns2go.com US:scorti1.dns2go.com US:209.250.232.240:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:257 hits: 05-05 to 05-23] |
none[4] | none:none |
none|none | none | trace |