|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:10:00 | WinXP | 80.10.138.2 (FRANCETELECOM.NET): FRANCE TELECOM CUSTOMER, PARIS, ILE-DE-FRANCE, FR. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.212.12:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:457 hits: 05-04 to 06-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:00:15:00 | Win2K-f | 24.86.146.193 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:00:18:00 | WinXP | 75.0.246.109 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, PLANO, TEXAS, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.212.12:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1042 hits: 05-01 to 06-08] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 00:36:00 | WinXP | 81.42.48.89 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, PAMPLONA, NAVARRA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 5182077bab [Firefox: 6 hits: 08-10 to 01-24] |
none[4] | none:none |
PolyEnE| | none | trace |
| 01:08:00 | WinXP | 118.243.128.26 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 8ae058b2d0 NEW |
e6a9383b75 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:01:11:00 | Win2K-f | 24.82.35.70 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:21:00 | Win2K-f | 12.210.158.160 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, JASPER, INDIANA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:27:00 | Win2K-f | 222.236.119.238 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:56:00 | WinXP | 219.249.5.243 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:53:00 | Win2K-f | 70.241.85.107 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:57:00 | WinXP | 24.79.75.68 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:21:00 | WinXP | 213.100.53.3 (SWIPNET.SE): SWIPNET, STOCKHOLM, STOCKHOLM, SE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3041 hits: 12-31 to 06-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:21:00 | WinXP | 213.100.53.3 (SWIPNET.SE): SWIPNET, STOCKHOLM, STOCKHOLM, SE. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3041 hits: 12-31 to 06-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:03:30:00 | WinXP | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:47:00 | Win2K-f | 89.146.129.254 (NET.BA): BRAS PPPOE POOL UPGRADE, SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. |
n/a | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 32 | e5d062be59 [Firefox: 9 hits: 12-28 to 05-22] |
none[4] | none:none |
ASPack| | none | trace |
| T:04:19:00 | WinXP | 59.115.190.96 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
209.250.232.240:7000 | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:53 hits: 01-26 to 06-01] |
none[4] | none:none |
none|none | none | trace |
| 04:42:00 | WinXP | 79.138.128.127 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | a8aa255ece NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:04:42:00 | Win2K-f | 71.104.27.252 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ONTARIO, CALIFORNIA, US. (DSL) |
206.59.139.195:5689 | US:petrosftp.boldlygoingnowhere.org | 135 | pcap | raw alerts ruleset |
irc 709 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 099cdafff6 NEW |
none[4] | none:none |
none|none | none | trace |
| T:04:57:00 | WinXP | 118.0.7.52 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:630 hits: 07-11 to 06-09] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:38:00 | WinXP | 118.12.237.199 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:630 hits: 07-11 to 06-09] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:04:00 | Win2K-f | 80.243.59.71 (FLO-ANT.DE): ANTENNENGEMEINSCHAFT FLOEHA E.V. CABLEMODEMS, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:32:00 | Win2K-f | 83.188.196.122 (SWIP.NET): SWIPNET, SE. |
n/a | :proxim.ircgalaxy.pl US:hail.dns2go.com |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | e5b24507a9 NEW |
none[4] | none:none |
none|none | none | trace |
| T:06:49:00 | WinXP | 117.5.179.2 (ADSL.VIETTEL.VN): VIETEL CORPORATION, HANOI, HA NOI, VN. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 31 | 4620861e2d [Firefox:16 hits: 04-27 to 06-01] |
none[4] | none:none |
StarForce| | none | trace |
| 06:57:00 | WinXP | 80.104.194.180 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA S.P.A, ANCONA, MARCHE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 96ee6e8255 [Firefox: 2 hits: 04-04 to 05-30] |
301f2b7bf3 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:03:00 | Win2K-f | 89.252.216.168 (EVOLINK.NET): NAT, BG. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 30 | d9f28a20d9 NEW |
none[4] | none:none |
none|none | none | trace |
| 07:28:00 | Win2K-f | 84.46.180.125 (ERDVES.LT): POINT TO POINT CLIENT NETWORKS, NERINGA, KLAIPEDOS APSKRITIS, LT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:55:00 | WinXP | 71.99.94.110 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:57:00 | Win2K-f | 85.113.251.80 (CONCEPTS.NL): CONCEPTS-CUST-FTTH-ENSCHEDE, ENSCHEDE, OVERIJSSEL, NL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 33 | 122376b0c0 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:08:01:00 | WinXP | 85.138.44.130 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 7c8360c53a NEW |
none[4] | none:none |
none|none | none | trace |
| 08:31:00 | WinXP | 81.9.71.172 (ELLINK.RU): NORTH-WEST TELECOM MULTISERVICE NETWORK, RU. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | ee9ba2d81f NEW |
a700bfbfa8 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:33:00 | Win2K-f | 210.206.10.17 (KONICS.COM): BORANET-NET-210-206/, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:57:00 | Win2K-f | 212.45.81.134 (-): ISTAR LINK CUSTOMERS IN RADNEVO, KAZANLAK, STARA ZAGORA, BG. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1510 hits: 04-27 to 06-08] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:09:07:00 | WinXP | 70.183.165.135 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:25:00 | WinXP | 199.227.66.5 (AAPG.NET): A & A TELECOM, AUSTIN, TEXAS, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:51:00 | Win2K-f | 91.35.219.198 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. (DIAL) |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | 72f9131ff6 NEW |
none[4] | none:none |
none|none | none | trace |
| T:10:05:00 | WinXP | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:32:00 | Win2K-f | 204.97.215.37 (OLP.NET): BTC BROADBAND INC, BIXBY, OKLAHOMA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:50:00 | WinXP | 218.219.155.116 (EDIT.NE.JP): EDITNET-CIDR-BLK, TOKYO, TOKYO, JP. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 261 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | baa3ca6b97 NEW |
none[4] | none:none |
PolyEnE| | none | trace | |
| 10:53:00 | WinXP | 216.78.22.122 (BELLSOUTH.NET): BELLSOUTH.NET INC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | EU:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:457 hits: 05-04 to 06-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:10:55:00 | WinXP | 82.19.87.241 (NTL.COM): NTL INFRASTRUCTURE - MIDDLESBROUGH, GLASGOW, SCOTLAND, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9d8ec60aeb [Firefox:15 hits: 07-07 to 01-19] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:11:23:00 | WinXP | 63.28.55.164 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 108 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:35:00 | WinXP | 12.73.211.40 (ATT.NET): AT&T WORLDNET SERVICES, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:85 hits: 05-03 to 05-18] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:11:39:00 | Win2K-f | 87.103.65.75 (REV.VODAFONE.PT): VODAFONE PORTUGAL, PT. (DSL) |
n/a | US:hail.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1510 hits: 04-27 to 06-08] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:11:46:00 | Win2K-f | 64.192.64.16 (WCG.NET): LIGHTCORE A CENTURYTELCOMPANY, NASHUA, NEW HAMPSHIRE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:12:00 | Win2K-f | 190.182.52.101 (METROTEL.NET.CO): METROTEL REDES S.A, CO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:16:00 | WinXP | 85.103.184.244 (TTNET.NET.TR): TURK TELEKOM ADSL-ALCATEL, ISTANBUL, ISTANBUL, TR. |
n/a | :proxim.ircgalaxy.pl US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 85f06e20ac NEW |
none[4] | none:none |
none|none | none | trace |
| 12:29:00 | Win2K-f | 84.51.86.51 (IPAPER.COM): BLOCK FOR PI ASSIGNMENTS, UK. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:87 hits: 12-27 to 06-07] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| T:12:31:00 | Win2K-f | 75.58.185.145 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:44:00 | Win2K-f | 82.149.121.46 (WELLCOM.AT): BKF BURGENLAENDISCHES KABELFERNSEHEN, AT. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1510 hits: 04-27 to 06-08] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:13:09:00 | Win2K-f | 91.2.240.214 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | ccfd075a74 NEW |
none[4] | none:none |
none|none | none | trace | |
| 13:36:00 | WinXP | 74.141.72.198 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, LOUISVILLE, KENTUCKY, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1321 hits: 12-31 to 06-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:50:00 | Win2K-f | 211.214.123.8 (-): HANANET-LLINE-MJCATV, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:57:00 | Win2K-f | 4.158.183.160 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:25:00 | WinXP | 12.78.11.3 (ATT.NET): AT&T WORLDNET SERVICES, MORRISTOWN, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | 735a809fc2 NEW |
none[3] | none:none |
none|none | none | trace | |
| 14:27:00 | WinXP | 82.10.4.13 (NTL.COM): NTL INFRASTRUCTURE - RENFREW, NEWPORT, WALES, UK. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1321 hits: 12-31 to 06-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:28:00 | WinXP | 67.10.86.126 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
194.109.11.65:6556 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 510 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 NEW |
none[4] | none:none |
StarForce| | none | trace |
| 14:35:00 | WinXP | 122.120.100.220 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1510 hits: 04-27 to 06-08] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 14:37:00 | WinXP | 92.40.73.222 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 7d6690b46b [Firefox: 3 hits: 04-10 to 05-30] |
55e17adce4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:14:59:00 | Win2K-f | 41.214.157.213 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:01:00 | Win2K-f | 85.113.251.80 (CONCEPTS.NL): CONCEPTS-CUST-FTTH-ENSCHEDE, ENSCHEDE, OVERIJSSEL, NL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | fd835d9616 NEW |
none[4] | none:none |
TXT2COM| | none | trace | |
| T:15:02:00 | Win2K-f | 76.228.200.87 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.BKFD, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:41:00 | WinXP | 68.207.139.176 (RR.COM): ROAD RUNNER HOLDCO LLC, WETUMPKA, ALABAMA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 2 hits: 08-25 to 08-29] |
none[4] | none:none |
PolyEnE| | none | trace |
| 15:53:00 | WinXP | 190.182.38.215 (METROTEL.NET.CO): METROTEL REDES S.A, CO. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 31 | 4053a87494 [Firefox: 3 hits: 05-01 to 06-01] |
c1d7cc8d6d [0] | ASM:Graph |
TXT2COM| | lines=405 embedded dns |
trace |
| T:16:23:00 | WinXP | 85.24.168.14 (BAHNHOF.SE): BAHNHOF INTERNET AB, SE. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1321 hits: 12-31 to 06-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:32:00 | Win2K-f | 76.93.111.222 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:38:00 | WinXP | 70.60.55.116 (RR.COM): ROAD RUNNER HOLDCO LLC, YOUNGSTOWN, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:408 hits: 12-31 to 06-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:16:56:00 | Win2K-f | 91.65.93.28 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 97e0895e22 NEW |
none[4] | none:none |
none|none | none | trace |
| T:17:02:00 | Win2K-f | 200.86.40.128 (VTR.NET): VTR BANDA ANCHA S.A, PATERSON, NEW JERSEY, US. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 31 | 4620861e2d [Firefox:16 hits: 04-27 to 06-01] |
none[4] | none:none |
StarForce| | none | trace |
| 17:09:00 | Win2K-f | 219.26.206.5 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:21:00 | WinXP | 210.206.10.17 (KONICS.COM): BORANET-NET-210-206/, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:22:00 | Win2K-f | 68.149.8.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:37:00 | Win2K-f | 201.254.225.232 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | 3bf3279a34 NEW |
none[4] | none:none |
none|none | none | trace |
| T:17:54:00 | Win2K-f | 71.142.98.39 (PACBELL.NET): PPPOX POOL - BRAS22B.PLTNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:15:00 | Win2K-f | 207.103.253.251 (BUCKSLIB.ORG): BUCKS COUNTY FREE LIBRARY, STOCKTON, NEW JERSEY, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 109 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:33:00 | WinXP | 170.51.65.87 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3041 hits: 12-31 to 06-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:38:00 | Win2K-f | 76.75.95.195 (NEXICOM.NET): NEXICOM INC, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:02:00 | WinXP | 220.138.129.183 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:53 hits: 01-26 to 06-01] |
none[4] | none:none |
none|none | none | trace |
| 19:02:00 | WinXP | 12.217.149.68 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, COLUMBUS, GEORGIA, US. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1042 hits: 05-01 to 06-08] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:15:00 | WinXP | 122.53.54.125 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:16:00 | WinXP | 211.74.5.249 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:17 hits: 05-12 to 06-09] |
none[4] | none:none |
PolyEnE| | none | trace |
| 20:03:00 | Win2K-f | 58.4.240.100 (UCOM.NE.JP): KT, JP. (100Mbps) |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | 8f367186c3 [Firefox:87 hits: 12-27 to 06-07] |
01a06977c4 [0] | ASM:Graph |
TXT2COM| | lines=0 | trace |
| T:20:09:00 | Win2K-f | 71.166.233.130 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:16:00 | Win2K-f | 218.210.89.88 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:27:00 | Win2K-f | 222.234.180.90 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:56:00 | Win2K-f | 70.20.195.69 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
9 of 32 | 9345b57563 [Firefox:15 hits: 12-27 to 05-21] |
none[4] | none:none |
none|none | none | trace |
| 21:06:00 | WinXP | 69.132.41.169 (RR.COM): ROAD RUNNER HOLDCO LLC, CONCORD, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:216 hits: 05-02 to 05-30] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 21:48:00 | WinXP | 96.33.65.31 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:06:00 | Win2K-f | 117.5.159.199 (ADSL.VIETTEL.VN): VIETEL CORPORATION, HANOI, HA NOI, VN. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 31 | 4620861e2d [Firefox:16 hits: 04-27 to 06-01] |
none[4] | none:none |
StarForce| | none | trace |
| 22:26:00 | WinXP | 86.12.42.6 (NTL.COM): NTLI, UK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1321 hits: 12-31 to 06-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:37:00 | WinXP | 208.127.39.124 (DSLEXTREME.COM): DSL EXTREME, TUJUNGA, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 269 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 3ebc455d4f NEW |
none[4] | none:none |
PolyEnE| | none | trace |