|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:05:00 | WinXP | 124.44.77.156 (WAKWAK.NE.JP): XEPHION(NTT-ME CORPORATION), OKAYAMA, OKAYAMA, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| T:00:43:00 | Win2K-f | 75.184.34.157 (RR.COM): ROAD RUNNER HOLDCO LLC, WATSONVILLE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 NEW 53bfe15e91 NEW |
none[0] 1473091351[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=75 embedded dns |
trace trace |
| T:01:01:00 | Win2K-f | 71.136.17.68 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da NEW 79c01ec060 NEW |
none[0] 1bfd34056c[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=81 lines=64 embedded dns |
trace trace |
| T:01:49:00 | Win2K-f | 96.50.145.29 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 596 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 | b330cb0387 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:53:00 | WinXP | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:02:08:00 | WinXP | 114.48.147.196 (E-MOBILE.NE.JP): EMOBILE LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 40 | 5285741560 NEW |
60590b8b67 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| 02:12:00 | WinXP | 166.164.120.130 (MYVZW.COM): SERVICE PROVIDER CORPORATION, RUSSELLVILLE, ARKANSAS, US. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 912a073945 NEW |
7874c7f21e [0] | none:none |
PolyEnE| | none | trace |
| T:02:42:00 | WinXP | 89.114.89.218 (-): SC BEST MARIO INVEST SRL, BUCHAREST, BUCURESTI, RO. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
c3a5354b6f [0] | none:none |
PolyEnE| | none | trace |
| T:03:01:00 | WinXP | 119.228.86.122 (EONET.NE.JP): K-OPTICOM CORPORATION, KYOTO, KYOTO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 | 8ab0fb88b8 NEW |
968cc91789 [0] | none:none |
none|none | none | trace | |
| T:03:05:00 | Win2K-f | 60.251.202.97 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 401 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 4be8763db3 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:41:00 | WinXP | 208.78.162.106 (UTEL.US): TELE EXPRESS TELECOMMUNICATIONS XII CORP, NORTH BERGEN, NEW JERSEY, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
311050e152 NEW 3569154ead NEW |
a2a034e6b7 [0] 491aa22d23[0] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:05:33:00 | WinXP | 95.220.42.76 (-): FAIRLIE HOLDING & FINANCE LIMITED, MOSCOW, MOSCOW CITY, RU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 NEW |
none[0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:32:00 | Win2K-f | 62.95.110.115 (CITYNETWORK.SE): CITY NETWORK HOSTING AB, SE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 28 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:38:00 | WinXP | 95.74.224.109 (-): TELECOM ITALIA MOBILE, IT. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb NEW |
473c6454ce [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:39:00 | WinXP | 96.8.128.63 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 40 |
9bdd2c95b1 NEW cd456ac095 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:03:00 | WinXP | 220.214.138.123 (DION.NE.JP): DION (KDDI CORPORATION), SAPPORO, HOKKAIDO, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 428da13629 NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:57:00 | WinXP | 67.249.96.164 (RR.COM): ROAD RUNNER HOLDCO LLC, STARKVILLE, MISSISSIPPI, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 29 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef NEW |
none[0] | none:none |
ASPack| | lines=281 embedded dns |
trace |
| T:08:06:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. (100Mbps) |
193.104.94.11:65520 | US:microsoft.com CN:proxim.ircgalaxy.pl CN:giopnon.cn :pozemle.cn EU:colopin.cn :commerceclick.co.uk RU:ya.ru CN:218.93.205.19:80 |
135 | pcap | raw alerts ruleset |
irc http http http http 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 41 29 of 41 32 of 36 11 of 41 9 of 41 10 of 41 35 of 36 |
3d174375ea NEW 785e86954f NEW bea8cb1865 NEW c5f3eb8155 NEW cc91564fec NEW efb275f9df NEW fac78fde16 NEW |
none[none] c6edee8e8b[0] 154de51a66[0] none [none] none [none] none [none] 882896ab05[0] |
none:none none:none ASM:Graph none:none none:none none:none none:none |
none|none PeStubOEP| Armadillo| none|none none|none none|none tElock| |
none none lines=91 none none none none |
none trace trace none none none trace |
| T:08:45:00 | Win2K-f | 218.210.68.92 (SPARQNET.NET): THEFAREASTERNGROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:23:00 | WinXP | 207.5.161.171 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:42:00 | Win2K-f | 207.5.232.144 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:00:00 | WinXP | 199.243.50.118 (-): BELL CANADA / SYMPATICO DIAL, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:08:00 | Win2K-f | 4.156.171.23 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROCKTON, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:11:12:00 | WinXP | 95.74.225.91 (-): TELECOM ITALIA MOBILE, IT. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb NEW |
473c6454ce [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:44:00 | Win2K-f | 65.45.141.5 (ALGX.NET): XO COMMUNICATIONS, ST. PAUL, MINNESOTA, US. (DSL) |
n/a | US:www.symantec.com US:j0r.biz |
445 | pcap | raw alerts ruleset |
shell ftp http 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | dd04166637 NEW |
53e80eceeb [0] | ASM:Graph |
MEW| | lines=296 embedded dns |
trace |
| T:13:11:00 | WinXP | 70.71.230.45 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LANGLEY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 41 | 682a384fe9 NEW |
none[3] | none:none |
none|none | none | trace | |
| T:13:46:00 | Win2K-f | 207.138.215.15 (HBCI.COM): GLOBAL CROSSING, WINONA, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:13:54:00 | Win2K-f | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:14:21:00 | Win2K-f | 99.147.64.50 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
| T:14:54:00 | WinXP | 189.66.255.134 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | 87dac65cf7 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:23:00 | WinXP | 76.179.149.116 (RR.COM): ROAD RUNNER HOLDCO LLC, LEWISTON, MAINE, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 15:29:00 | WinXP | 189.66.255.134 (TIMBRASIL.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO PAULO, SAO PAULO, BR. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | 87dac65cf7 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:44:00 | Win2K-f | 69.193.78.147 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 15:47:00 | WinXP | 76.179.149.116 (RR.COM): ROAD RUNNER HOLDCO LLC, LEWISTON, MAINE, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| T:17:30:00 | WinXP | 216.152.2.100 (-): CITY OF WILSON, PEA RIDGE, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:40:00 | WinXP | 75.187.198.14 (RR.COM): ROAD RUNNER HOLDCO LLC, LOS ANGELES, CALIFORNIA, US. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
| 17:50:00 | WinXP | 64.188.190.245 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | d8040f84d4 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:07:00 | Win2K-f | 70.251.90.168 (SWBELL.NET): PRIVATE CUSTOMER - SBC INTERNET SERVICES, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:18:21:00 | WinXP | 190.31.56.126 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | c1918274c2 NEW |
none[none] | none:none |
none|none | none | none |
| 18:49:00 | Win2K-f | 113.254.205.139 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 208.78.70.70:80 US:75.126.138.202:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| 18:51:00 | WinXP | 190.31.56.126 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | c1918274c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:13:00 | WinXP | 202.157.43.103 (WAKUWAKU-LAND.COM): KUMAMOTO CABLE NETWORK CORPORATION, KUMAMOTO, KUMAMOTO, JP. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:52:00 | Win2K-f | 200.165.71.177 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 178 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 | 9bdd2c95b1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:07:00 | Win2K-f | 113.254.205.139 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:20:51:00 | Win2K-f | 96.8.145.191 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 39 of 41 |
77656a2953 NEW a77e51636f NEW |
13296a6198 [0] c5e16ba6b7[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| T:21:30:00 | Win2K-f | 98.191.129.87 (COX.NET): COX COMMUNICATIONS, NEW YORK, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:21:48:00 | WinXP | 75.181.11.123 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 37 of 41 |
5c39773b13 NEW a1acc403a2 NEW |
c64405f2e9 [0] 54ef26c2f9[0] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| 21:49:00 | Win2K-f | 96.37.128.106 (CHARTER.COM): CHARTER COMMUNICATIONS, MOBILE, ALABAMA, US. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 18 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:53:00 | Win2K-f | 4.161.168.246 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MERIDIAN, TEXAS, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 21:58:00 | Win2K-f | 200.44.122.220 (-): TIC TAC, CARACAS, DISTRITO FEDERAL, VE. (100Mbps) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 21 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:07:00 | Win2K-f | 89.25.44.33 (SOFIAONLINE.NET): SOFIA ONLINE LTD, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 18 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:16:00 | Win2K-f | 186.136.181.65 (COM.AR): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:trafficconverter.biz US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 20 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:17:00 | WinXP | 70.233.74.191 (PACBELL.NET): AT&T INTERNET SERVICES, WALLINGFORD, CONNECTICUT, US. (DSL) |
n/a | US:www.altavista.com US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 NEW |
none[3] | none:none |
tElock| | none | trace |
| T:22:22:00 | Win2K-f | 125.4.19.169 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 37 of 41 |
53bfe15e91 NEW 89747f56b8 NEW |
1473091351 [0] bd6821b297[0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns none |
trace trace |
| 22:25:00 | Win2K-f | 188.132.45.126 (-): SA-ETTIHADETISALAT, RIYADH, AR RIYAD, SA. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 23 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:34:00 | Win2K-f | 113.252.22.59 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | :irznysvds.net :vcebtnnhh.biz :iibvmivgk.biz :qulcuzq.com US:cbjlkem.info :ibggj.com US:nhptin.org :pweuowtgx.net :kwznahgmomu.net US:evlgnhje.info US:hmdps.info :fekrzknsmyx.biz US:wvmzdludwlc.info US:yjgdfih.org :yruhatyp.net US:sgamxvmkwz.org :eoqxiupmqfn.com :cucowv.com US:hukowlm.info :ysjeldf.com US:kznqcvhpfa.org :dxoanacliv.com :xswrekk.biz US:xdinghym.info :eoowxuoshyj.net :pjyvmuot.com US:hqabxvcrg.info :oeylebsu.net :ihacyii.net :xjtviq.biz US:204.152.184.139:80 US:74.208.64.145:80 |
445 | pcap | raw alerts ruleset |
http 13 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:37:00 | Win2K-f | 4.225.169.22 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ITALY, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 199 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 NEW |
none[0] | none:none |
Armadillo| | lines=90 | trace | |
| 22:49:00 | Win2K-f | 189.38.229.144 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO BERNARDO DO CAMPO, SAO PAULO, BR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 18 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:55:00 | WinXP | 98.141.17.98 (CAVTEL.NET): CAVALIER TELEPHONE, HAMPTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:58:00 | Win2K-f | 190.138.52.121 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 18 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:09:00 | Win2K-f | 82.83.54.172 (ARCOR-IP.NET): ARCOR-DSL-NET, DORTMUND, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 20 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:15:00 | Win2K-f | 120.138.96.222 (MYSIPL.COM): SYSCON SERVER POOL, MUMBAI, MAHARASHTRA, IN. (DSL) |
212.54.2.171:3305 | :cx10man.weedns.com :fx010413.whyI.org JP:gynoman.weedns.com AR:g.0x20.biz AR:c010x1.co.cc RU:commgr.co.cc FI:telephone.dd.blueline.be RU:89.208.33.88:3305 92.240.234.164:3305 |
135 | pcap | raw alerts ruleset |
irc 608 lines |
Yeah : 1.8 profile |
none | summary tarball |
40 of 41 | 02893071a1 NEW |
none[none] | none:none |
none|none | none | none |
| 23:17:00 | Win2K-f | 78.54.109.156 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | US:trafficconverter.biz US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 17 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:21:00 | WinXP | 24.213.224.238 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NOORD-HOLLAND, NL. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| 23:27:00 | Win2K-f | 190.174.80.113 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 19 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:36:00 | Win2K-f | 203.118.232.139 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 19 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:46:00 | Win2K-f | 94.51.236.194 (PERMONLINE.RU): DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES, SURGUT, KHANTY-MANSIY, RU. (DSL) |
n/a | US:trafficconverter.biz US:204.152.184.139:80 |
445 | pcap | raw alerts ruleset |
http 15 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |