|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:06:00 | Win2K-f | 124.43.251.113 (-): INTERNET SERVICE PROVIDER IN SRI LANKA, COLOMBO, CENTRAL, LK. (DIAL) |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1514 hits: 04-27 to 06-10] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 00:08:00 | Win2K-f | 218.165.74.26 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | d349189ee2 NEW |
none[4] | none:none |
none|none | none | trace |
| 00:15:00 | WinXP | 123.222.72.13 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 30 | 70670448ce NEW |
none[4] | none:none |
none|none | none | trace | |
| T:00:45:00 | Win2K-f | 220.138.13.179 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:55 hits: 01-26 to 06-10] |
none[4] | none:none |
none|none | none | trace |
| 01:14:00 | WinXP | 62.214.216.6 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, HEILBRONN, BADEN-WURTTEMBERG, DE. |
n/a | :proxima.ircgalaxy.pl US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | b9a28a4b68 [Firefox: 3 hits: 04-28 to 05-15] |
none[4] | none:none |
TXT2COM| | none | trace |
| 01:22:00 | WinXP | 79.83.84.93 (G-M-I.NET): EU-ZZ, UK. |
66.116.125.150:80 | US:scorti1.dns2go.com :makemegood24.com :4c475.makemegood24.com US:aaakemegood24.com :perfectchoice1.com :5192d.perfectchoice1.com US:bparfectchoice1.com DE:cash-ddt.net DE:5c5f7.cash-ddt.net :ccaah-ddt.net :ddr-cash.net :6642b.ddr-cash.net US:dddracash.net US:www.dddracash.net :trn-cash.net :670ed.trn-cash.net :etrn-aash.net :money-frn.net :682fe.money-frn.net US:fmoneyafrn.net :clr-cash.net :70d6b.clr-cash.net US:galr-cash.net :xxxl-cash.net :7ced7.xxxl-cash.net US:hxaxl-cash.net US:www.kjwre77638dfqwieuoi.info US:208.73.212.12:80 US:65.23.35.204:7000 DE:89.149.195.24:80 |
445 | pcap | raw alerts ruleset |
ftp http 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 4e2c082051 NEW |
none[4] | none:none |
none|none | none | trace |
| T:01:29:00 | Win2K-f | 75.136.136.72 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:44:00 | WinXP | 60.48.116.2 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:265 hits: 05-05 to 06-08] |
none[4] | none:none |
none|none | none | trace |
| 02:10:00 | Win2K-f | 212.106.55.107 (-): TWELVENET, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:10:00 | WinXP | 213.228.107.99 (KRASNET.RU): KRASNET KRASNOYARSK REGIONAL TELECOMMUNICATIONS NETWORK, KRASNOYARSK, KRASNOYARSKIY KRAY, RU. (DIAL) |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
8 of 32 | b4f4939210 [Firefox: 7 hits: 12-27 to 01-26] |
none[4] | none:none |
StarForce| | none | trace |
| 02:20:00 | WinXP | 122.54.254.222 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 326 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 355cabe10f NEW |
none[4] | none:none |
StarForce| | none | trace | |
| T:02:42:00 | WinXP | 88.195.50.224 (INET.FI): BROADBAND ACCESS POOL, FI. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox: 5 hits: 04-21 to 06-07] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 02:43:00 | WinXP | 88.195.50.224 (INET.FI): BROADBAND ACCESS POOL, FI. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox: 5 hits: 04-21 to 06-07] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 02:43:00 | Win2K-f | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | FI:194.215.38.3:80 EE:62.65.192.24:80 |
135 | pcap | raw alerts ruleset |
other 9 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:48:00 | WinXP | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:18:00 | WinXP | 62.11.118.100 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.212.12:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:459 hits: 05-04 to 06-10] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 03:32:00 | WinXP | 4.245.115.122 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:00:00 | Win2K-f | 64.203.147.145 (NTELOS.NET): NTELOS - ADSL NETWORK DHCP RANGE, WAYNESBORO, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:30:00 | WinXP | 41.214.166.159 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:35:00 | WinXP | 41.214.166.159 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:47:00 | Win2K-f | 218.165.74.26 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | d349189ee2 NEW |
none[4] | none:none |
none|none | none | trace |
| 04:51:00 | WinXP | 220.219.252.166 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Argh : 0.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:28 hits: 09-28 to 05-17] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:50:00 | Win2K-f | 70.182.91.169 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:16:00 | Win2K-f | 59.115.190.217 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:55 hits: 01-26 to 06-10] |
none[4] | none:none |
none|none | none | trace |
| T:06:49:00 | WinXP | 66.116.12.220 (CONSOLIDATED.NET): CONSOLIDATED COMMUNICATIONS INC, CHARLESTON, ILLINOIS, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:50:00 | Win2K-f | 116.127.206.183 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 90 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:07:00 | Win2K-f | 77.125.103.218 (INTER.NET.IL): EURONET DIGITAL COMMUNICATIONS, IL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:07:00 | WinXP | 170.51.74.105 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:17:00 | WinXP | 118.8.225.162 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:632 hits: 07-11 to 06-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:25:00 | WinXP | 130.94.243.120 (VERIO.NET): NTT AMERICA INC, ENGLEWOOD, COLORADO, US. |
72.10.172.218:3838 | CA:haiys.eiheihre3.com | 135 | pcap | raw alerts ruleset |
irc http 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 30 | 48cf9df25d NEW |
none[4] | none:none |
none|none | none | trace |
| T:08:25:00 | Win2K-f | 190.31.46.82 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:265 hits: 05-05 to 06-08] |
none[4] | none:none |
none|none | none | trace |
| T:08:28:00 | WinXP | 91.87.215.8 (SMTP.WIMI.BE): MOBISTAR, BE. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 6dd97045cc NEW |
none[4] | none:none |
ASProtect| | none | trace |
| 08:53:00 | Win2K-f | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:11:00 | WinXP | 122.120.213.165 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:103 hits: 12-27 to 06-08] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| 09:16:00 | WinXP | 89.244.79.125 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 32 | 753c0ca92e NEW |
none[4] | none:none |
none|none | none | trace |
| 09:51:00 | WinXP | 89.27.244.245 (KIELNET.NET): RECHENZENTRUM KIEL, KIEL, SCHLESWIG-HOLSTEIN, DE. (DSL) |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | f1b002e2b9 NEW |
none[4] | none:none |
ASProtect| | none | trace |
| 09:58:00 | Win2K-f | 89.252.211.34 (EVOLINK.NET): NAT, BG. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1514 hits: 04-27 to 06-10] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:10:02:00 | WinXP | 125.4.18.36 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:04:00 | WinXP | 89.51.128.37 (PPPOOL.DE): FREENET CITYLINE GMBH, CHEMNITZ, SACHSEN, DE. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.212.12:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:459 hits: 05-04 to 06-10] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:10:15:00 | Win2K-f | 213.61.40.32 (COLT.NET): COLT-DIALUP-POOL, DE. (DIAL) |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | b84aa1f8db NEW |
none[4] | none:none |
none|none | none | trace |
| T:10:25:00 | WinXP | 193.250.172.197 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.212.12:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:459 hits: 05-04 to 06-10] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:10:59:00 | Win2K-f | 92.12.194.65 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 32 | c7c8a7c678 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:11:17:00 | WinXP | 74.43.122.221 (FRONTIERNET.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1325 hits: 12-31 to 06-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:18:00 | WinXP | 74.43.122.221 (FRONTIERNET.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1325 hits: 12-31 to 06-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:44:00 | WinXP | 98.140.79.215 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:48:00 | Win2K-f | 24.232.57.239 (COM.AR): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 32 | 62a0007015 NEW |
none[4] | none:none |
ASPack| | none | trace |
| T:12:25:00 | Win2K-f | 190.128.50.218 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | fe574e73b4 [Firefox: 3 hits: 04-29 to 05-09] |
none[4] | none:none |
none|none | none | trace |
| T:12:30:00 | WinXP | 79.202.220.216 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:37:00 | WinXP | 213.150.72.245 (NORDNET.RU): OPEN JOINT-STOCK COMPANY SEVERTRANSCOM, RU. |
n/a | US:scorti1.dns2go.com US:65.23.35.204:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
16 of 32 | f217f876d4 NEW |
none[4] | none:none |
StarForce| | none | trace |
| 12:48:00 | Win2K-f | 212.186.30.138 (SURFER.AT): PROVIDER LOCAL REGISTRY, VIENNA, WIEN, AT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 30 | ca561e352d NEW |
none[4] | none:none |
none|none | none | trace | |
| T:12:50:00 | WinXP | 99.169.23.47 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:14:00 | WinXP | 125.58.70.152 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:13:00 | WinXP | 75.35.244.203 (SBCGLOBAL.NET): PPOX POOL - RBACK6.BCVLOH, CLEVELAND, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:37:00 | WinXP | 208.61.177.140 (BELLSOUTH.NET): BELLSOUTH.NET INC, MIAMI, FLORIDA, US. (DSL) |
n/a | EU:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:459 hits: 05-04 to 06-10] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:14:38:00 | WinXP | 170.51.98.249 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 23c6886399 [Firefox: 4 hits: 06-03 to 06-07] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:15:06:00 | WinXP | 24.59.12.67 (RR.COM): ROAD RUNNER HOLDCO LLC, ROME, NEW YORK, US. |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad EU:ebookfinaltrash.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1044 hits: 05-01 to 06-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 15:13:00 | WinXP | 193.126.139.42 (NET.KPNQWEST.PT): KPNQWEST PORTUGAL / IOL ISP, PT. |
n/a | DE:ebookfinaltrash.ru :wpad DE:siliconfireware.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 30 | af79e0c602 [Firefox: 9 hits: 07-19 to 01-08] |
none[4] | none:none |
ASPack| | none | trace |
| T:15:18:00 | WinXP | 66.68.232.234 (RR.COM): ROAD RUNNER HOLDCO LLC, BROWNSVILLE, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c [Firefox: 9 hits: 05-01 to 04-30] |
fddd4e56b0 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:27:00 | WinXP | 82.10.98.193 (NTL.COM): NTL INFRASTRUCTURE - OXFORD, SWINDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox: 9 hits: 12-14 to 06-08] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 15:34:00 | Win2K-f | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:30:00 | WinXP | 24.85.164.144 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:287 hits: 05-01 to 06-09] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:16:39:00 | WinXP | 68.147.8.69 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 29a1127528 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 16:43:00 | Win2K-f | 68.186.17.122 (CHARTER.COM): CHARTER COMMUNICATIONS, ASTORIA, OREGON, US. |
72.10.172.218:3838 | :proxim.ircgalaxy.pl :sisxteen.oihduhdd.net :sdihsihdsfsofhsohs.net CA:haiys.eiheihre3.com CA:72.10.172.218:3838 |
135 | pcap | raw alerts ruleset |
other 301 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 6914740929 NEW |
6914740929 [1] | ASM:Graph |
StarForce| | lines=19 | trace |
| 16:50:00 | WinXP | 212.58.176.6 (-): LIMITED LIABILITY COMPANY ASTELIT, AMSTERDAM, NOORD-HOLLAND, NL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 29a1127528 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:16:55:00 | Win2K-f | 24.79.75.64 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:58:00 | Win2K-f | 24.65.35.90 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:09:00 | WinXP | 4.182.75.43 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:11:00 | Win2K-f | 70.167.81.107 (COX.NET): COX COMMUNICATIONS, WARNER ROBINS, GEORGIA, US. |
n/a | FI:194.215.38.3:80 EE:62.65.192.24:80 |
135 | pcap | raw alerts ruleset |
other 9 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:14:00 | Win2K-f | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:46:00 | WinXP | 122.53.123.11 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:59:00 | WinXP | 216.199.253.198 (FDN.COM): FDN.COM, WESTON, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:07:00 | Win2K-f | 24.80.113.168 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:13:00 | Win2K-f | 24.80.113.168 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:47:00 | WinXP | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:06:00 | WinXP | 69.216.115.46 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:14:00 | WinXP | 71.108.89.249 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LANCASTER, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:47:00 | WinXP | 172.131.89.88 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:06:00 | Win2K-f | 24.76.71.117 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:53:00 | WinXP | 83.93.236.31 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | eb95683ee9 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:21:12:00 | WinXP | 76.87.233.102 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:14:00 | WinXP | 98.140.228.155 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:15:00 | WinXP | 122.146.81.30 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:26:00 | Win2K-f | 70.183.165.135 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:38:00 | WinXP | 72.135.22.73 (RR.COM): ROAD RUNNER HOLDCO LLC, LEAVENWORTH, KANSAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3044 hits: 12-31 to 06-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:16:00 | WinXP | 218.50.139.75 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:37:00 | WinXP | 210.107.12.151 (BORA.NET): BORANET-NET, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:14:00 | Win2K-f | 59.105.78.14 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:19:00 | Win2K-f | 202.100.108.12 (-): PG2-BAR, YINCHUAN, BEIJING, CN. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 8 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:21:00 | Win2K-f | 4.240.144.148 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 103 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:36:00 | WinXP | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |