Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
T:00:20:00 | Win2K-f | 63.24.41.104 (UU.NET): UUNET TECHNOLOGIES INC, STANWOOD, WASHINGTON, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 217 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
|
T:01:12:00 | WinXP | 63.25.40.35 (UU.NET): UUNET TECHNOLOGIES INC, GRAND SALINE, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:01:48:00 | WinXP | 111.88.34.233 (HOSTS-WORLDCALL.NET.PK): WORLDCALL TELECOM LTD, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | 8081b6b58c NEW |
none[none] | none:none |
none|none | none | none |
T:01:59:00 | Win2K-f | 24.79.9.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 42 39 of 42 |
a1fac31325 NEW c018e17b5b NEW |
0fd057b5e2 [0] 8caee80d88[0] |
none:none none:none |
Armadillo| StarForce| |
none none |
trace trace |
T:01:59:00 | WinXP | 59.103.25.95 (PIE.NET.PK): PAKISTAN TELECOMMUNICATION COMPANY LIMITED, ISLAMABAD, ISLAMABAD, PK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | ef2396e602 NEW |
none[none] | none:none |
none|none | none | none |
T:02:01:00 | Win2K-f | 220.216.45.194 (TNC.NE.JP): TOKAI CORPORATION, TOKYO, TOKYO, JP. (DSL) |
210.127.253.90:3305 | FR:cx10man.weedns.com KR:fx010413.whyI.org EU:gynoman.weedns.com FR:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 695 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 41 | cc88f4f016 NEW |
3d17903825 [0] | ASM:Graph |
StarForce| | lines=3262 embedded dns |
trace |
T:02:20:00 | Win2K-f | 208.86.62.51 (C3BB.COM): CITY OF SCOTTSBURG, SCOTTSBURG, INDIANA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:02:36:00 | Win2K-f | 202.182.172.26 (PESAT.NET.ID): PT. PASIFIK SATELIT NUSANTARA, JAKARTA, JAKARTA RAYA, ID. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
37 of 42 33 of 33 |
397a46e596 NEW 53bfe15e91 NEW |
none[none] 1473091351[0] |
none:none ASM:Graph |
none|none tElock| |
none lines=75 embedded dns |
none trace |
T:02:49:00 | WinXP | 121.123.23.169 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
02:54:00 | WinXP | 121.123.23.169 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:03:47:00 | Win2K-f | 60.250.246.160 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 38 35 of 38 |
38ed850a0e NEW b9297745a1 NEW |
46990f37cd [0] 4294884d84[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
T:03:52:00 | WinXP | 121.120.138.65 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | fb486908b0 NEW |
none[none] | none:none |
none|none | none | none |
T:03:55:00 | WinXP | 119.26.184.185 (ZAQ.NE.JP): KANSAI MULTIMEDIA SERVICE COMPANY, JP. (DSL) |
62.193.249.122:3305 | JP:cx10man.weedns.com IT:fx010413.whyI.org FR:gynoman.weedns.com FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 700 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
T:04:05:00 | WinXP | 96.15.212.177 (-): ALLTEL SIP CUSTOMERS - LITTLE ROCK, BENTON, ARKANSAS, US. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
T:04:10:00 | WinXP | 121.120.206.199 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:04:29:00 | WinXP | 79.162.147.194 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
T:04:40:00 | Win2K-f | 209.226.141.140 (BELL.CA): BELL CANADA, WELLAND, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 NEW |
none[0] | none:none |
Armadillo| | lines=90 | trace | |
T:04:57:00 | WinXP | 113.254.149.247 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:gg.arrancar.org US:69.43.160.145:555 |
135 | pcap | raw alerts ruleset |
other 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 38 | 92e29a98bd NEW |
57d7791117 [0] | ASM:Graph |
none|none | lines=546 | trace |
T:05:01:00 | WinXP | 115.164.73.138 (-): DIGI TELECOMMUNICATIONS SDN BHD, SHAH ALAM, SELANGOR, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
05:11:00 | WinXP | 79.162.147.194 (CENTERTEL.PL): PTK CENTERTEL BROADBAND SERVICES, WARSAW, WARSZAWA, PL. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
T:06:14:00 | WinXP | 189.38.202.237 (VELOXZONE.COM.BR): COMITE GESTOR DA INTERNET NO BRASIL, SãO BERNARDO DO CAMPO, SAO PAULO, BR. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 6eda5f32a0 NEW |
none[none] | none:none |
none|none | none | none |
T:06:49:00 | WinXP | 186.97.98.162 (-): . |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | e708f05387 NEW |
none[none] | none:none |
none|none | none | none |
T:07:17:00 | WinXP | 24.208.161.73 (RR.COM): ROAD RUNNER HOLDCO LLC, BUCYRUS, OHIO, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
T:07:53:00 | WinXP | 203.95.48.106 (THN.NE.JP): TOKAI CORPORATION, FUJI, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
T:08:12:00 | WinXP | 4.248.37.74 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CULPEPER, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:08:26:00 | Win2K-f | 125.4.4.5 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
T:08:58:00 | WinXP | 121.120.104.81 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | :moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | d9d182d390 NEW |
none[none] | none:none |
none|none | none | none |
T:09:10:00 | WinXP | 188.73.248.154 (CAMPUSEAI.ORG): EUROPEAN REGIONAL REGISTRY, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
T:09:49:00 | Win2K-f | 173.31.93.199 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MIDDLETOWN, NEW YORK, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:09:53:00 | WinXP | 216.211.244.134 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 37 of 41 |
c89b154681 NEW d2b40c91a1 NEW |
58d02dbffa [0] fbaa414397[0] |
ASM:Graph ASM:Graph |
StarForce| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
T:10:32:00 | Win2K-f | 24.76.55.11 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, STEINBACH, MANITOBA, CA. (DSL) |
62.193.249.122:3305 | KR:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 697 lines |
Yeah : 1.8 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
T:10:40:00 | Win2K-f | 96.8.228.168 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 42 40 of 42 |
377ae8c2fd NEW 7cfdf42414 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
T:10:49:00 | WinXP | 178.167.140.161 (FINEBLANK.COM): EU-ZZ, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:10:53:00 | Win2K-f | 68.206.28.216 (RR.COM): ROAD RUNNER HOLDCO LLC, BEAUMONT, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:11:34:00 | WinXP | 188.28.145.188 (THREE.CO.UK): HUTCHISON 3G UK LIMITED, UK. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d NEW |
none[0] | none:none |
PolyEnE| | lines=57 | trace |
T:11:36:00 | WinXP | 99.148.255.165 (PACBELL.NET): AT&T INTERNET SERVICES, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 NEW b7082104e4 NEW |
1473091351 [0] c5b49e7b82[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=75 embedded dns lines=41 |
trace trace |
T:11:41:00 | WinXP | 24.249.134.70, 173.192.153.178 (INVALID IPV4 ADDRESS): INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) |
60.190.222.139:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com LV:ad.ghura.pl :bb.iwillhavebigdick.com LV:nemerk.com :exe2.perfectexe.com :sb.perfectexe.com CN:2b.perfectexe.com CN:sb.iwillhavebigdick.com 173.192.153.178:80 LV:91.188.59.199:80 LV:91.188.60.16:80 |
135 | pcap | raw alerts ruleset |
irc http 244 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 41 19 of 42 34 of 39 41 of 43 19 of 42 32 of 36 35 of 36 |
36bb7118f0 NEW 8b4a36f5a7 NEW 9b5bd50972 NEW b4afa1df1d NEW ba4a3d55fa NEW bea8cb1865 NEW fac78fde16 NEW |
none[none] none [none] none [none] none [none] none [none] 154de51a66[0] 882896ab05[0] |
none:none none:none none:none none:none none:none ASM:Graph ASM:Graph |
none|none none|none none|none none|none none|none Armadillo| tElock| |
none none none none none lines=91 lines=126 embedded dns |
none none none none none trace trace |
T:11:47:00 | Win2K-f | 218.220.241.145 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |
T:12:11:00 | Win2K-f | 152.48.222.64 (UNC.EDU): NORTH CAROLINA RESEARCH AND EDUCATION NETWORK, DURHAM, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:12:30:00 | WinXP | 151.82.140.105 (51-151.NET24.IT): IUNET-BNET, ROME, LAZIO, IT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 9e9bfc1cb5 NEW |
none[none] | none:none |
none|none | none | none |
T:13:20:00 | WinXP | 93.102.38.129 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 38 | 29abb49a9a NEW |
bed847a713 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
T:13:35:00 | WinXP | 174.5.73.4 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CA. (DSL) |
n/a | JP:cx10man.weedns.com EU:fx010413.whyI.org JP:gynoman.weedns.com FR:g.0x20.biz :c010x1.co.cc :commgr.co.cc KR:telephone.dd.blueline.be 114.207.244.143:3305 FR:62.193.249.122:3305 |
135 | pcap | raw alerts ruleset |
irc 696 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 | ecfbf321d3 NEW |
none[none] | none:none |
none|none | none | none |
T:14:06:00 | WinXP | 190.58.4.94 (TSTT.NET.TT): TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO, SAN FERNANDO, SAN FERNANDO, TT. (100Mbps) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:14:15:00 | Win2K-f | 173.29.250.187 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 41 38 of 40 |
067917e07b NEW d764c1dcb2 NEW |
dae35b319c [0] 3d2bc60c5d[0] |
ASM:Graph ASM:Graph |
Armadillo| tElock| |
lines=91 lines=64 embedded dns |
trace trace |
T:14:23:00 | WinXP | 24.79.36.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | c23a910a12 NEW |
none[none] | none:none |
none|none | none | none |
T:14:23:00 | WinXP | 109.52.31.40 (JWS.COM): EU-ZZ, UK. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 87c037c9e8 NEW |
none[none] | none:none |
none|none | none | none |
T:14:28:00 | Win2K-f | 137.118.217.158 (WILKES.NET): NEONOVA NETWORK SERVICES, COLSTRIP, MONTANA, US. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:14:29:00 | Win2K-f | 83.221.93.143 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 42 | 687eb47a37 NEW |
none[none] | none:none |
none|none | none | none |
T:14:33:00 | Win2K-f | 113.252.210.108 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | 8887d42f5c NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace | |
T:14:33:00 | WinXP | 24.76.37.247 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | c4f4cf6afa NEW |
none[none] | none:none |
none|none | none | none |
T:14:34:00 | WinXP | 85.217.157.48 (ARB-WR01.EVO.BG): EVO IP ADDRESS SPACE, SOFIA, GRAD SOFIYA, BG. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | e3faefa56a NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
14:34:00 | WinXP | 190.58.4.94 (TSTT.NET.TT): TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO, SAN FERNANDO, SAN FERNANDO, TT. (100Mbps) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:14:42:00 | Win2K-f | 24.100.90.42 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 9810215e67 NEW |
18ff3687ad [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:14:58:00 | Win2K-f | 85.56.195.27 (DYNAMIC.ORANGE.ES): ADDRESSES IP FOR HOME CLIENTS, PONTEVEDRA, GALICIA, ES. (DSL) |
n/a | PR:m.drd3h.com PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | f996bf0275 NEW |
1e4ad6cdb1 [0] | ASM:Graph |
ASPack| | lines=3065 embedded dns |
trace |
T:15:02:00 | WinXP | 78.60.236.188 (ZEBRA.LT): LIETUVOS-TELEKOMAS, VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 50cdd5c6cf NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:15:07:00 | WinXP | 76.164.150.221 (BEVCOMM.NET): BLUE EARTH VALLEY COMMUNICATIONS INC. (BEVCOM), US. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | 7ea0317789 NEW |
18ff3687ad [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:15:18:00 | WinXP | 95.180.34.230 (IKOMLINE.NET): IKOMLINE, RS. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | c45a01fbcc NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace |
T:15:19:00 | Win2K-f | 152.48.222.69 (UNC.EDU): NORTH CAROLINA RESEARCH AND EDUCATION NETWORK, DURHAM, NORTH CAROLINA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:15:22:00 | Win2K-f | 78.131.112.107 (HDSNET.HU): HATVAN DOCSIS, HU. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | c03793a035 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:15:24:00 | Win2K-f | 209.152.128.36 (-): KLM TELEPHONE, KANSAS CITY, MISSOURI, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | 379a6daa0d NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:15:28:00 | WinXP | 123.194.222.248 (KBRONET.COM.TW): TUNG HO MULTIMEDIA CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b35d8ec50e NEW |
none[none] | none:none |
none|none | none | none |
T:15:31:00 | WinXP | 174.0.211.169 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 1b3d8e9fe7 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:15:32:00 | WinXP | 84.109.222.103 (BEZEQINT.NET): CABLES-CUSTOMERS-CONNECTION, RAMAT GAN, TEL AVIV, IL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | db12dac6c7 NEW |
afaf06d6cd [0] | ASM:Graph |
pex| | lines=42 | trace |
T:16:00:00 | WinXP | 114.166.245.135 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
T:16:04:00 | Win2K-f | 79.36.0.8 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 43 | 327cc7cb3d NEW |
none[none] | none:none |
none|none | none | none | |
T:16:09:00 | Win2K-f | 174.3.203.7 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CA. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 40 | 9363d60262 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:16:17:00 | Win2K-f | 66.81.249.80 (O1.COM): O1 DIALUP SERVICES, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:16:26:00 | WinXP | 186.18.196.11 (186.IN-ADDR.ARPA): TELECENTRO S.A. - CLIENTES RESIDENCIALES, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | PR:m.drd3h.com PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 42 | 2131a2c834 NEW |
none[none] | none:none |
none|none | none | none |
T:16:34:00 | Win2K-f | 81.219.86.75 (FUTURO.PL): NETIA, GDANSK, POMORSKIE, PL. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 40 | b91423b944 NEW |
none[none] | none:none |
none|none | none | none | |
T:16:34:00 | Win2K-f | 80.218.49.69 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | c13a6c3da5 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:16:47:00 | Win2K-f | 86.38.186.81 (ERDVES.LT): SC LITHUANIAN RADIO AND TV CENTER, VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) |
n/a | PR:m.drd3h.com PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
39 of 41 | 450ad1b683 NEW |
1e4ad6cdb1 [0] | ASM:Graph |
ASPack| | lines=3065 embedded dns |
trace |
T:17:06:00 | Win2K-f | 113.254.247.78 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 41 | 294a490491 NEW |
none[none] | none:none |
none|none | none | none | |
T:17:10:00 | WinXP | 174.1.97.24 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
38 of 41 | d6f9562c64 NEW |
none[none] | none:none |
none|none | none | none |
T:17:19:00 | Win2K-f | 96.8.144.220 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:17:19:00 | Win2K-f | 63.16.8.44 (UU.NET): UUNET TECHNOLOGIES INC, MOUNTAIN VIEW, HAWAII, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
T:17:20:00 | WinXP | 24.32.197.251 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, BURKBURNETT, TEXAS, US. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 41 | 2cf0ba5461 NEW |
57a212e259 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:17:27:00 | WinXP | 83.243.32.33 (STANSAT.PL): STANSAT TELEWIZJA KABLOWA, WARSAW, WARSZAWA, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | ff820e32d9 NEW |
none[none] | none:none |
none|none | none | none |
T:17:29:00 | WinXP | 208.126.64.46 (NETINS.NET): BROOKLYN MUTUAL TELEPHONE CO, BROOKLYN, IOWA, US. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
T:18:24:00 | Win2K-f | 98.135.216.162 (WINDSTREAM.NET): ALLTEL SIP CUSTOMERS - PHOENIX, HOBBS, NEW MEXICO, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
53aa804019 NEW 95ddd4a823 NEW |
29c6cdbf45 [0] 9e78315a6d[0] |
ASM:Graph ASM:Graph |
tElock| Armadillo| |
lines=64 embedded dns lines=91 |
trace trace |
T:18:32:00 | WinXP | 122.146.242.111 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:18:36:00 | Win2K-f | 80.219.91.216 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 41 | c03793a035 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace | |
T:18:56:00 | WinXP | 88.156.32.35 (VECTRANET.PL): VECTRA S.A, OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
41 of 43 | 6bd35b2624 NEW |
none[none] | none:none |
none|none | none | none |
T:19:40:00 | WinXP | 118.167.7.114 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:20:01:00 | Win2K-f | 96.49.158.91 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
42 of 43 | 4710cf2ef7 NEW |
none[none] | none:none |
none|none | none | none | |
T:20:27:00 | Win2K-f | 174.0.144.28 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | PR:m.DRD3H.COM | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
37 of 40 | 4dd4197eb4 NEW |
1d04d6dc84 [0] | ASM:Graph |
ASPack| | lines=3292 embedded dns |
trace |
T:20:42:00 | WinXP | 4.225.171.217 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 NEW |
none[0] | none:none |
PolyEnE| | lines=65 | trace |
T:20:44:00 | Win2K-f | 190.209.113.172 (-): TELMEX CHILE S.A HFC, CL. (DSL) |
n/a | PR:m.DRD3H.COM PR:207.166.122.75:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
40 of 42 | 6438959caa NEW |
none[none] | none:none |
none|none | none | none |
T:20:52:00 | WinXP | 173.29.253.131 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:20:54:00 | WinXP | 121.120.5.139 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru DE:213.155.0.224:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 42 | 8de4900c75 NEW |
none[none] | none:none |
none|none | none | none |
T:20:56:00 | Win2K-f | 220.216.56.67 (THN.NE.JP): TOKAI CORPORATION, SHIZUOKA, SHIZUOKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 40 of 41 |
6a6aaa5b73 NEW 8bde6dd126 NEW |
63889c9976 [0] 885c68f500[0] |
ASM:Graph ASM:Graph |
tElock| tElock| |
lines=42 lines=64 embedded dns |
trace trace |
T:21:12:00 | WinXP | 4.153.2.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NORTH AUGUSTA, SOUTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 215 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
|
T:21:47:00 | WinXP | 121.120.206.111 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b502f83a7c NEW |
28f5be93b0 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
T:21:49:00 | Win2K-f | 64.188.198.109 (-): WINDJAMMER COMMUNICATIONS LLC, BOSTON, MASSACHUSETTS, US. (DSL) |
62.193.249.122:3305 | KR:cx10man.weedns.com | 135 | pcap | raw alerts ruleset |
irc 613 lines |
Yeah : 1.8 profile |
none | summary tarball |
41 of 42 | f5286bdcaf NEW |
none[none] | none:none |
none|none | none | none |
22:24:00 | WinXP | 121.94.159.162 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), YOKOHAMA, KANAGAWA, JP. (DSL) |
213.155.0.224:80 | DE:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 NEW |
none[0] | none:none |
PolyEnE| | lines=68 | trace |
T:22:29:00 | WinXP | 210.196.13.49 (DION.NE.JP): DION (KDDI CORPORATION), TOKYO, TOKYO, JP. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 558 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 43 | 14593e79ce NEW |
none[none] | none:none |
none|none | none | none | |
T:22:41:00 | Win2K-f | 98.155.194.227 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
T:23:44:00 | WinXP | 122.196.24.74 (ZAQ.NE.JP): J:COM WEST CO. LTD, OSAKA, OSAKA, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 40 of 41 |
71e6f60517 NEW ab4e3226c4 NEW |
1ef1781501 [0] c2d0313e73[0] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=91 none |
trace trace |