|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 82.82.161.167 (ARCOR-IP.NET): ARCOR-DSL-NET, BOCHUM, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | b168816b32 NEW |
5c45cdada1 [none] | none:none |
none|none | none | none |
| 00:11:00 | Win2K-f | 77.29.129.74 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none | |
| T:00:17:00 | WinXP | 59.117.177.253 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 3450b9c73e NEW |
7f0b2cde05 [none] | none:none |
none|none | none | none |
| T:00:22:00 | Win2K-f | 77.20.253.87 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 7fd0b1563e NEW |
7554411d74 [none] | none:none |
none|none | none | none |
| T:00:50:00 | WinXP | 114.48.177.10 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 7e468a6100 NEW |
e6ff7bdbf8 [none] | none:none |
none|none | none | none |
| T:00:57:00 | Win2K-f | 87.123.139.239 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:58:00 | Win2K-f | 87.123.138.30 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:03:00 | WinXP | 118.166.193.214 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:01:05:00 | WinXP | 92.126.23.98 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:11:00 | WinXP | 94.251.142.1 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:01:21:00 | Win2K-f | 78.58.151.211 (ZEBRA.LT): LIETUVOS, LT. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 1328fea4f5 NEW |
1b334f625b [none] | none:none |
none|none | none | none |
| T:01:25:00 | WinXP | 119.234.172.247 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:37:00 | Win2K-f | 78.48.120.65 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:01:39:00 | WinXP | 78.48.160.58 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | a463473741 NEW |
ea22dfc593 [none] | none:none |
none|none | none | none |
| T:01:42:00 | WinXP | 114.51.160.92 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:44:00 | Win2K-f | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:01:53:00 | WinXP | 213.191.7.60 (-): TRANSIT-NCT, PADERBORN, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:57:00 | Win2K-f | 118.101.93.19 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:07:00 | WinXP | 95.88.116.171 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 64d6d6a6cc NEW |
98c8e821c9 [none] | none:none |
none|none | none | none |
| T:02:17:00 | Win2K-f | 86.63.96.179 (COM.PL): ASTA-NET CUSTOMERS, PL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | f9e9a685f6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:27:00 | WinXP | 93.209.189.207 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:02:33:00 | Win2K-f | 94.251.131.55 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 63b0003b87 NEW |
0032ea375a [none] | none:none |
none|none | none | none |
| T:02:41:00 | WinXP | 220.141.6.137 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | e309edc289 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:45:00 | Win2K-f | 92.249.235.3 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | ac24858b00 NEW |
45e557518d [none] | none:none |
none|none | none | none |
| T:02:53:00 | WinXP | 87.122.130.60 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, KALTENKIRCHEN, SCHLESWIG-HOLSTEIN, DE. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 8fda24c79f NEW |
ca1703af01 [none] | none:none |
none|none | none | none |
| T:03:12:00 | WinXP | 95.91.222.88 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| 03:13:00 | Win2K-f | 92.53.28.204 (IKBCC.COM): EU-ZZ, UK. |
n/a | US:www.getmyip.org :checkip.dyndns.org US:getmyip.co.uk US:204.152.184.139:80 208.78.70.70:80 US:65.254.39.170:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:19:00 | Win2K-f | 83.132.253.202 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | da84ddaaee NEW |
e089e988b7 [none] | none:none |
none|none | none | none |
| T:03:25:00 | WinXP | 59.115.52.175 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:03:45:00 | WinXP | 87.93.60.221 (FN.FI): FINNET NETWORKS LTD, FI. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:48:00 | WinXP | 60.49.93.127 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, PENANG, PULAU PINANG, MY. |
91.121.221.157:65520 | FR:proxim.ircgalaxy.pl US:s.unicat.org CN:gidromash.cn CN:ottopay.cn :www.petdoso.com :nenastiya.cn :bfkq.com US:jsactivity.com :sendfan.com GB:www.businesstomb.com US:66.252.13.214:2081 74.54.201.210:8392 EU:91.212.220.156:65520 |
445 | pcap | raw alerts ruleset |
ftp irc http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 41 12 of 41 38 of 41 21 of 41 10 of 41 0 of 41 8 of 41 27 of 40 22 of 41 |
06f8463e94 NEW 0bf56c2646 NEW 12af833c4d NEW 1b7635d92c NEW 3d96e3862a NEW 9046df84b6 NEW dedb9bcef0 NEW e8de193982 NEW e8efdff2bd NEW |
none[none] 8d5b1dcc07[0] a6b9bf2186[none] 28cf6965a6[0] 1f2d2dde3b[none] none [none] 23233d4cd8[0] f53bdf64cf[0] cb8113a617[0] |
none:none none:none none:none none:none none:none none:none none:none none:none none:none |
none|none StarForce| none|none MEW| none|none none|none Xtreme-Pr| StarForce| StarForce| |
none none none none none none none none none |
none trace none trace none none trace trace trace |
| T:03:50:00 | Win2K-f | 95.89.121.192 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 5cb6f28328 NEW |
ca4f0f9c18 [none] | none:none |
none|none | none | none |
| T:04:01:00 | WinXP | 114.47.85.4 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:04:04:00 | Win2K-f | 114.51.9.84 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:11:00 | WinXP | 122.127.33.35 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:04:24:00 | Win2K-f | 115.135.109.46 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:04:29:00 | Win2K-f | 91.141.78.129 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 87cc8ed332 NEW |
ae078b5afc [none] | none:none |
none|none | none | none |
| T:04:33:00 | WinXP | 112.104.120.135 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 4082a3a746 NEW |
cbcd2f346c [none] | none:none |
none|none | none | none |
| T:04:47:00 | WinXP | 86.155.20.38 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:48:00 | Win2K-f | 61.20.162.183 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 4b99ed02c3 NEW |
69e41a2762 [none] | none:none |
none|none | none | none |
| T:04:59:00 | Win2K-f | 189.33.81.108 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | ed24621d33 NEW |
1ad3e29bcb [0] | none:none |
none|none | none | trace |
| T:05:00:00 | WinXP | 93.209.175.128 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:05:03:00 | WinXP | 125.230.76.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:05:14:00 | WinXP | 77.21.255.138 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | e2e07d1332 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:15:00 | Win2K-f | 207.5.236.176 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:05:23:00 | Win2K-f | 114.36.32.195 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:05:27:00 | Win2K-f | 61.229.153.181 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | bd5434d6d0 NEW |
713ce9fc31 [none] | none:none |
none|none | none | none |
| T:05:38:00 | WinXP | 114.46.230.174 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:05:47:00 | Win2K-f | 203.73.84.162 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:06:02:00 | WinXP | 118.169.231.44 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:06:17:00 | Win2K-f | 114.48.196.119 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:21:00 | WinXP | 122.121.19.18 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:06:29:00 | Win2K-f | 92.55.101.25 (IKBCC.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8000c39c15 NEW |
48ffee723d [none] | none:none |
none|none | none | none |
| T:06:31:00 | WinXP | 93.209.168.90 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org | 139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:06:43:00 | Win2K-f | 80.140.116.163 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, MANNHEIM, BADEN-WURTTEMBERG, DE. (DIAL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| 06:48:00 | Win2K-f | 84.23.113.51 (-): ETTIHADETISALAT, SA. |
n/a | CN:www.baidu.com :abrigq.com :zzulwziz.com :noskg.biz :qrsmvdiggv.info :izyczyc.net US:arcfgtjwk.org :rpahtvbb.com US:bidhjkfjhad.info :lazynwwtlze.net :eadudxzi.com :ttdpnzhg.com :eahktyda.net :jhmpmsaf.net :iujfzpgu.biz :uqqqvhjjsiv.biz :gmzdmhwm.info :oolnrgmzqvm.com :awhsfyhf.biz :wjhajn.net US:tyajki.info US:lqxjnmngbax.info :lhpeffjb.com NL:sxkgcncv.org US:iqignfaqg.info US:zvakgmrxydw.info US:wonogvuf.org US:mlmeppjt.info US:qnvftmjh.org :oatkm.org :yngtgjvt.net US:etcwzkgx.org :gojbdodm.net :dfujhdoci.com US:xiadvgn.info :sfwqiocmhz.net :xpicmiqg.com NL:wzsuxbebg.org :xuqzpffpfu.net US:cgoyfuhy.org US:ijbip.info :demqhwtp.net US:gqupribfc.org :gmkiapqp.biz :llpvuopl.net :jhwxnks.info :zbwyxqybleu.com :ljvmr.net :zrvjjyh.biz :eigadzzv.net US:emzmsrkus.info :ryxaog.org :vzojdtmvf.com :xdhjujpa.net :plyqhdwhap.biz :xsufkhfc.biz :tmdjzjmfp.com NL:ppnvsylzfh.org US:ndeqt.org US:rjvhbu.org US:kkdcjvifnv.org US:204.152.184.139:80 US:74.208.64.145:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:48:00 | Win2K-f | 211.23.226.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:55:00 | WinXP | 80.171.59.135 (HANSENET.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | fa8f85c807 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:05:00 | WinXP | 77.29.130.222 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org | 139 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:07:17:00 | Win2K-f | 89.214.115.220 (-): TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:34:00 | WinXP | 125.230.17.30 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:07:35:00 | Win2K-f | 189.99.215.5 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | b7e20bdbe7 NEW |
b8338c915c [none] | none:none |
none|none | none | none |
| T:07:36:00 | Win2K-f | 78.50.237.49 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:50:00 | WinXP | 80.140.70.177 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MANNHEIM, BADEN-WURTTEMBERG, DE. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:08:08:00 | Win2K-f | 78.234.198.161 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:08:09:00 | WinXP | 118.170.179.80 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:08:27:00 | WinXP | 61.20.148.180 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:08:29:00 | Win2K-f | 189.100.224.254 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 40 | ed150dd924 NEW |
none[none] | none:none |
none|none | none | none | |
| T:08:46:00 | WinXP | 78.8.194.168 (NET.PL): DIALOG, WROCLAW, DOLNOSLASKIE, PL. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | 6fb044ef43 NEW |
15fab32ab4 [0] | none:none |
none|none | none | trace |
| 08:48:00 | Win2K-f | 85.218.104.211 (CITYCABLE.CH): SIMA-LAUSANNE, CH. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none | |
| T:08:49:00 | Win2K-f | 119.234.19.150 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:04:00 | WinXP | 91.124.122.242 (UKRTEL.NET): UKRTELECOM, UA. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 2c07922735 NEW |
11e1c61895 [none] | none:none |
none|none | none | none |
| T:09:07:00 | Win2K-f | 117.194.195.200 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | cccae71e9f NEW |
fa18ffac95 [none] | none:none |
none|none | none | none |
| T:09:11:00 | Win2K-f | 24.109.69.36 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 72e0da2631 NEW |
d8eda770f4 [none] | none:none |
none|none | none | none |
| T:09:19:00 | WinXP | 72.51.203.71 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | c43862d457 NEW |
91fa2ca3d8 [none] | none:none |
none|none | none | none |
| T:09:28:00 | WinXP | 91.64.59.135 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 49c9b4b14b NEW |
bde4b67e53 [0] | none:none |
Xtreme-Pr| | none | trace |
| T:09:32:00 | Win2K-f | 89.34.152.87 (U-NITE.RO): SC UNDERNET SRL, RO. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 697259cbee NEW |
8e98130bc1 [none] | none:none |
none|none | none | none |
| T:09:32:00 | Win2K-f | 59.115.51.172 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:09:36:00 | WinXP | 59.94.246.139 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), HYDERABAD, ANDHRA PRADESH, IN. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8990643c28 NEW |
dcfa440510 [none] | none:none |
none|none | none | none |
| T:09:53:00 | Win2K-f | 85.218.104.211 (CITYCABLE.CH): SIMA-LAUSANNE, CH. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org | 139 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:09:59:00 | WinXP | 67.150.168.219 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:01:00 | WinXP | 66.203.170.55 (AUNTIEANNESINC.COM): EXECULINK INTERNET SERVICES CORPORATION, LONDON, ONTARIO, CA. |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:10:08:00 | Win2K-f | 95.24.188.214 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:08:00 | WinXP | 114.47.217.137 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:09:00 | WinXP | 69.201.143.43 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad DE:ebookfinaltrash.ru |
445 | pcap | raw alerts ruleset |
http http http http 52 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| 10:11:00 | Win2K-f | 38.100.179.52 (COGENTCO.COM): PERFORMANCE SYSTEMS INTERNATIONAL INC, WASHINGTON, DISTRICT OF COLUMBIA, US. |
n/a | FI:194.215.38.3:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:42:00 | WinXP | 77.29.128.245 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:10:45:00 | Win2K-f | 187.3.193.128 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:51:00 | WinXP | 114.51.50.178 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:25:00 | WinXP | 118.174.146.159 (-): . |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c NEW |
none[0] | none:none |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:30:00 | WinXP | 95.89.197.176 (-): . |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 8cdf830b5a NEW |
0ce1093280 [none] | none:none |
none|none | none | none |
| 11:39:00 | Win2K-f | 186.18.241.176 (-): . |
n/a | US:www.maxmind.com :checkip.dyndns.org US:www.getmyip.org US:getmyip.co.uk 208.78.70.70:80 US:65.254.39.170:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
2 of 37 | d60e538e72 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:11:42:00 | Win2K-f | 72.51.203.71 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
66.252.13.214:2081 | US:s.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | c43862d457 NEW |
91fa2ca3d8 [none] | none:none |
none|none | none | none |
| T:11:49:00 | WinXP | 87.122.208.112 (VERSANET.DE): VERSATEL DEUTSCHLAND DYNAMIC POOL, WUPPERTAL, NORDRHEIN-WESTFALEN, DE. |
67.43.236.67:10324 | CA:xx.nadnadzz.info CA:xx.ka3ek.com :idfc.info 67.215.1.206:80 CA:67.43.236.67:10324 |
445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 16098f4d7f NEW |
b5d19f82f9 [none] | none:none |
none|none | none | none |
| T:11:57:00 | WinXP | 93.209.170.63 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:12:04:00 | WinXP | 77.29.135.86 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:12:34:00 | Win2K-f | 130.13.44.227 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 798 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 36 of 41 36 of 41 40 of 41 |
17037ddaa8 NEW 6df7b65611 NEW 894e794b2b NEW f3d079f3db NEW |
none[none] none [none] aeb41eb7b9[0] none [none] |
none:none none:none none:none none:none |
none|none none|none Obsidium| none|none |
none none none none |
none none trace none |
|
| T:12:35:00 | Win2K-f | 114.37.138.113 (-): . |
66.252.13.214:2081 | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 8abb75cb76 NEW |
d343494cab [0] | none:none |
none|none | none | trace |
| T:13:10:00 | WinXP | 188.192.157.125 (DAVITA.COM): VARIOUS REGISTRIES, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:13:26:00 | Win2K-f | 95.90.221.103 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 40 | c11b0c4895 NEW |
021a3da773 [none] | none:none |
none|none | none | none |
| T:13:40:00 | Win2K-f | 77.29.129.195 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none | |
| T:13:40:00 | Win2K-f | 94.21.67.172 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 594ee70be6 NEW |
392866816a [0] | none:none |
none|none | none | trace |
| T:13:41:00 | WinXP | 88.134.170.9 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:51:00 | WinXP | 77.29.128.44 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org DE:87.118.98.185:7000 |
139 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:14:16:00 | Win2K-f | 75.49.19.243 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:32:00 | WinXP | 114.48.35.99 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:14:48:00 | Win2K-f | 81.90.157.43 (-): AFRANET, IR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:06:00 | WinXP | 79.162.152.10 (-): IDEA, PL. |
91.121.221.157:65520 | FR:proxim.ircgalaxy.pl RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9bb68450cd NEW |
c2d5ac2315 [0] | ASM:Graph |
PolyEnE| | lines=73 embedded dns |
trace |
| 16:13:00 | Win2K-f | 201.231.210.193 (SRC.ORG): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:www.msn.com US:trafficconverter.biz US:hupaydnhpr.info :gpihhpvtzzd.org NL:nlxtkzve.org :eadudxzi.com US:kfmmmmuox.info :izyczyc.net :lazynwwtlze.net :qxwioep.net :rwhghqmn.biz US:jhwxnks.info :gvjjgigh.net :phyjfrk.net US:lknwo.info :iqnslxzad.biz US:ylllrcfe.info :mpkrjit.biz :xbwbwt.net :kallkxbvwyi.net :liafklfo.biz :oatmifze.net US:dvuyanfs.org :tqelslqldbd.net US:lsvpsauiwzt.org US:teajupuvrrr.org US:rktxqwyaq.org :kdujk.biz US:retyofsco.org :etjlmrfr.net US:dvevuoqmcoe.info :faddrr.com :sfsebquc.com :gojbdodm.net NL:etcwzkgx.org :jvgzwll.net US:giomrpsoj.info :wxozj.com :zgwlk.net :asaxpcuv.net US:mlmeppjt.info US:hxrld.org :pwuopyizh.biz :ljvmr.net :ohceuhvynz.info :ivhwoyqs.net :hrdyl.biz :eahktyda.net US:ijbip.info US:tjsgqb.org US:exjjh.info :eigadzzv.net :pifxaytdpy.biz :cmqylvz.com US:dgorvccddl.org US:xkqfuf.org :jdvzmguwkv.biz :okjhume.info :sgsbe.net US:hyyykeei.info :yfvlqge.biz US:ekybyd.org US:204.152.184.139:80 US:74.208.64.145:80 |
445 | pcap | raw alerts ruleset |
http 20 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:16:52:00 | WinXP | 68.151.251.183 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 4d4b114a18 NEW |
2414a15ebd [0] | none:none |
PolyEnE| | none | trace |
| T:16:59:00 | WinXP | 68.203.229.45 (RR.COM): ROAD RUNNER HOLDCO LLC, LUMBERTON, TEXAS, US. |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | none:none |
PolyEnE| | none | trace |
| T:17:44:00 | WinXP | 172.130.90.51 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:04:00 | WinXP | 76.200.158.2 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b NEW |
none[0] | none:none |
none|none | lines=64 | trace | |
| T:18:07:00 | WinXP | 187.20.242.193 (-): . |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 2f6cc0e618 NEW |
f8f316af28 [0] | none:none |
PolyEnE| | none | trace |
| T:18:18:00 | Win2K-f | 77.22.181.176 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 2da17c36c9 NEW |
1bb111b86b [none] | none:none |
none|none | none | none |
| T:18:29:00 | WinXP | 61.231.217.101 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:19:05:00 | Win2K-f | 213.191.7.218 (-): TRANSIT-NCT, PADERBORN, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:06:00 | WinXP | 122.18.216.56 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 41 | 10318ada62 NEW |
a5b9f355da [0] | none:none |
none|none | none | trace | |
| T:19:19:00 | Win2K-f | 130.238.101.199 (SLU.SE): SWEDISH UNIVERSITY OF AGRICULTURAL SCIENCES, STOCKHOLM, STOCKHOLM, SE. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:29:00 | WinXP | 67.150.51.59 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:splegacy.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 50 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| T:19:45:00 | Win2K-f | 77.29.142.74 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
87.118.98.185:7000 | DE:sobiesk1.myftp.org | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 40 | 88ae32e138 NEW |
5abec5b133 [none] | none:none |
none|none | none | none |
| T:20:20:00 | WinXP | 187.37.111.161 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:20:31:00 | Win2K-f | 78.227.68.49 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 686953049d NEW |
78a3efc059 [none] | none:none |
none|none | none | none |
| T:21:00:00 | Win2K-f | 60.249.37.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
| T:21:05:00 | WinXP | 59.146.27.234 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 9e062b6933 NEW |
ee1aa150a7 [none] | none:none |
none|none | none | none |
| T:21:08:00 | Win2K-f | 66.166.25.4 (GLOBALINVESTMENTDEV.COM): COVAD COMMUNICATIONS CO, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:17:00 | WinXP | 59.189.243.225 (MAXONLINE.COM.SG): STARHUB CABLE VISION LTD SINGAPORE BROADBAND ACCESS PROVIDER, SINGAPORE, SINGAPORE, SG. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | e4aaf05198 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:22:00 | Win2K-f | 114.58.112.51 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:29:00 | Win2K-f | 78.53.1.86 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | d2a139a332 NEW |
823062da68 [none] | none:none |
none|none | none | none |
| T:22:11:00 | Win2K-f | 24.109.42.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 72e0da2631 NEW |
d8eda770f4 [none] | none:none |
none|none | none | none |
| T:22:17:00 | Win2K-f | 122.118.56.219 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | 6ffead4dd5 NEW |
67f12af47c [none] | none:none |
none|none | none | none |
| 22:47:00 | Win2K-f | 84.3.19.119 (T-ONLINE.HU): HUNGARIAN TELECOM, SZEGED, CSONGRAD, HU. |
n/a | EE:www.starman.ee FI:194.215.38.3:80 US:204.152.184.139:80 EE:62.65.192.24:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:51:00 | WinXP | 24.79.241.235 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
211.233.45.253:3305 | FI:cx10man.weedns.com JP:fx010413.whyI.org KR:gynoman.weedns.com FI:g.0x20.biz KR:telephone.dd.blueline.be JP:61.120.62.28:3305 |
135 | pcap | raw alerts ruleset |
irc 607 lines |
Yeah : 1.8 profile |
none | summary tarball |
39 of 41 | 8d038d69e3 NEW |
85ce886f4c [none] | none:none |
none|none | none | none |
| T:22:51:00 | WinXP | 61.219.143.5 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
72.10.172.211:8080 | :xx.enterhere.biz CA:xx.ka3ek.com :idfc.info 67.215.1.206:80 |
135 | pcap | raw alerts ruleset |
irc 340 lines |
Yeah : 1.8 profile |
none | summary tarball |
40 of 41 | c795091f1f NEW |
43cb1d31f9 [none] | none:none |
none|none | none | none |
| T:23:00:00 | Win2K-f | 24.100.33.124 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | fcab6c9d17 NEW |
none[4] | none:none |
Xtreme-Pr| | none | trace | |
| T:23:13:00 | Win2K-f | 93.187.181.52 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 41 | 67a66839f7 NEW |
7b1fc808a3 [0] | none:none |
none|none | none | trace |
| T:23:21:00 | WinXP | 72.66.8.36 (VERIZON.NET): GAIP INC, VIENNA, VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:22:00 | WinXP | 95.37.191.23 (-): . |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 274f408972 NEW |
412d9e05d0 [none] | none:none |
none|none | none | none |
| T:23:38:00 | Win2K-f | 78.226.5.81 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | US:s.unicat.org US:66.252.13.214:2081 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 6f495c833b NEW |
ffd498f313 [none] | none:none |
none|none | none | none |
| T:23:51:00 | WinXP | 112.203.107.23 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |