|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:08:00 | Win2K-f | 4.243.128.186 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FAIRFIELD, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 00:13:00 | WinXP | 24.69.99.242 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:199.93.41.124:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 9755a5d861 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:00:43:00 | WinXP | 211.211.97.126 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
3b6cda60f6 NEW 4c9db01aba NEW e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:00:54:00 | WinXP | 222.235.160.184 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 none |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:01:17:00 | Win2K-f | 122.53.125.102 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 none |
16874933ea [Firefox: 4 hits: 06-18 to 06-20] 76ee340669 [Firefox: 4 hits: 06-18 to 06-20] b5919931fe [Firefox: 8 hits: 06-20 to 06-20] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 01:20:00 | WinXP | 219.241.199.101 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
194e0b013d NEW 2a12badf92 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:26:00 | WinXP | 122.146.83.150 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 01:39:00 | Win2K-f | 68.150.131.61 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LEDUC, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | f5704d7334 NEW |
none[none] | none:none |
none|none | none | none | |
| 02:13:00 | Win2K-f | 4.174.160.64 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WAYNESBORO, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:32:00 | Win2K-f | 122.52.18.242 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:35:00 | Win2K-f | 68.149.8.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 0d416b2208 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:39:00 | WinXP | 24.189.171.29 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), UNIONDALE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 02:46:00 | WinXP | 61.252.173.56 (KRLINE.NET): KRNIC, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
05ea62612c NEW 3a0107380f NEW |
none[4] 3a0107380f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 02:51:00 | Win2K-f | 76.93.104.77 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:52:00 | WinXP | 61.252.173.56 (KRLINE.NET): KRNIC, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 none |
05ea62612c NEW 3a0107380f NEW e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 3a0107380f[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:02:55:00 | WinXP | 194.165.181.167 (ESAT.NET): OCEAN FREE INTERNET DIAL UP SERVICE, DUBLIN, DUBLIN, IE. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:717 hits: 05-01 to 06-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 03:15:00 | WinXP | 76.168.73.62 (RR.COM): ROAD RUNNER HOLDCO LLC, VENICE, CALIFORNIA, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:429 hits: 12-31 to 06-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:18:00 | WinXP | 75.136.136.72 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 201 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
0022c74e8a NEW f7eec61c8e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:43:00 | WinXP | 88.148.149.63 (DNAINTERNET.FI): DYNAMIC ADSL-POOL, FI. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:57:00 | Win2K-f | 123.111.43.6 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:57:00 | WinXP | 85.87.235.233 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 042774a2b7 [Firefox:141 hits: 05-01 to 06-18] |
1c9a472cd7 [0] | ASM:Graph |
PolyEnE| | lines=71 embedded dns |
trace |
| T:03:59:00 | WinXP | 85.87.235.233 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 042774a2b7 [Firefox:141 hits: 05-01 to 06-18] |
1c9a472cd7 [0] | ASM:Graph |
PolyEnE| | lines=71 embedded dns |
trace |
| T:04:01:00 | Win2K-f | 218.39.76.161 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4e7324b204 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 04:02:00 | WinXP | 61.207.207.249 (OCN.NE.JP): OPEN COMPUTER NETWORK, NAGOYA, AICHI, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 04:22:00 | WinXP | 83.93.179.23 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:23:00 | WinXP | 85.152.149.200 (CM-85-152-150-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | d3c8b52b45 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:25:00 | WinXP | 121.73.2.160 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | b56dba1704 NEW |
none[none] | none:none |
none|none | none | none | |
| 05:12:00 | WinXP | 4.249.174.91 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLARKSBURG, WEST VIRGINIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:23:00 | WinXP | 220.220.11.156 (PLALA.OR.JP): NTT COMMUNICATIONS CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:32:00 | WinXP | 75.119.18.87 (LDMI.COM): TALK AMERICA, RESTON, VIRGINIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 224 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
61af27625e NEW da373bd1bc NEW e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 05:47:00 | Win2K-f | 218.211.221.224 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 |
135 | pcap | raw alerts ruleset |
other 193 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
4960618323 NEW c7cd332f22 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:50:00 | WinXP | 66.220.226.78 (VERMONTEL.NET): VERMONT TELEPHONE COMPANY INC, CHESTER, VERMONT, US. |
n/a | US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:10 hits: 09-29 to 06-20] |
none[3] | none:none |
tElock| | none | trace |
| T:06:01:00 | WinXP | 80.166.169.233 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, GREVE, ROSKILDE, DK. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal EU:ebookfinaltrash.ru US:sprw.information.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 none none |
a12cab51ef [Firefox:1061 hits: 05-01 to 06-20] b15bf89f3b NEW c6283ef9ea NEW |
40f7f463c4 [0] none [none] none [none] |
ASM:Graph none:none none:none |
ASPack| none|none none|none |
lines=281 embedded dns none none |
trace none none |
| T:06:02:00 | WinXP | 41.214.185.162 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:07:00 | WinXP | 218.168.163.19 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:11:00 | WinXP | 122.52.75.194 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:192.221.110.125:80 US:205.128.79.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox: 4 hits: 06-18 to 06-20] 76ee340669 [Firefox: 4 hits: 06-18 to 06-20] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:06:27:00 | WinXP | 208.61.168.209 (BELLSOUTH.NET): BELLSOUTH.NET INC, NASHVILLE, TENNESSEE, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:spi.domainsponsor.com :landdev1.lap.internal |
445 | pcap | raw alerts ruleset |
http http http http 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1061 hits: 05-01 to 06-20] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:36:00 | WinXP | 77.253.119.28 (COM.PL): NETIA, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox: 9 hits: 04-21 to 06-19] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 06:36:00 | WinXP | 64.201.254.116 (PAXIO.NET): PAXIO INC, COSTA MESA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.53.125:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:38:00 | WinXP | 77.253.119.28 (COM.PL): NETIA, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox: 9 hits: 04-21 to 06-19] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| T:06:45:00 | Win2K-f | 80.225.171.182 (TISCALI.COM): TELINCO-DIALPOOL, LEEDS, ENGLAND, UK. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:48:00 | Win2K-f | 218.169.54.188 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:54:00 | WinXP | 118.240.119.202 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:651 hits: 07-11 to 06-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:56:00 | Win2K-f | 69.109.153.52 (PACBELL.NET): AT&T INTERNET SERVICES, SAN DIEGO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
b12e5dfed0 NEW dc92683d9a [Firefox: 2 hits: 06-19 to 06-20] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 06:58:00 | WinXP | 92.40.3.235 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl EU:siliconfireware.ru GB:new.egg.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | e58c71aeda NEW |
none[none] | none:none |
none|none | none | none |
| 07:16:00 | WinXP | 92.40.13.251 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 7d7131b259 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:35:00 | WinXP | 93.156.48.221 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:02:00 | Win2K-f | 81.159.235.0 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, EDINBURGH, SCOTLAND, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | d5c5a963d4 NEW |
none[none] | none:none |
none|none | none | none |
| 08:06:00 | WinXP | 122.214.57.84 (UCOM.NE.JP): G-ST0053N, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:11:00 | WinXP | 85.180.13.222 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:16:00 | Win2K-f | 68.179.126.170 (TERAGO.CA): TERAGO NETWORKS INC, EVANSVILLE, INDIANA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 none 29 of 33 |
196b916474 NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] d0ad254fd0 NEW |
none[4] b5919931fe[1] d0ad254fd0[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=81 |
trace trace trace |
| 08:24:00 | WinXP | 58.235.253.126 (-): THRUNET-INFRA-BUSAN15, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.37.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:24:00 | WinXP | 70.182.30.253 (COX.NET): COX COMMUNICATIONS, FT. SMITH, ARKANSAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:35:00 | Win2K-f | 219.249.120.19 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:64.215.166.173:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
533d15b5ce NEW 58c343a8d8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:37:00 | WinXP | 24.83.204.143 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:39:00 | WinXP | 218.169.79.70 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:45:00 | WinXP | 203.118.124.17 (ASIANET.CO.TH): TRUE INTERNET CO. LTD, BANGKOK, KRUNG THEP MAHANAKHON, TH. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:14:00 | WinXP | 61.37.147.200 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. (100Mbps) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 30 of 33 none |
3690b64ca2 NEW a6fb77fd26 NEW e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] a6fb77fd26[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
PolyEnE| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:09:35:00 | WinXP | 211.213.56.59 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 none |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 09:46:00 | WinXP | 219.105.108.120 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | dd5b183a77 NEW |
none[4] | none:none |
none|none | none | trace | |
| 09:49:00 | Win2K-f | 68.183.241.127 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
0d3fafbf29 NEW d401773a07 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:52:00 | WinXP | 86.143.118.241 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox: 6 hits: 06-12 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:09:53:00 | WinXP | 208.104.57.235 (COMPORIUM.NET): ROCK HILL TELEPHONE COMPANY, ROCK HILL, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:298 hits: 05-01 to 06-20] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 10:20:00 | WinXP | 64.76.6.14 (NET.AR): IMPSAT, BUENOS AIRES, BUENOS AIRES, AR. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:21:00 | Win2K-f | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | fe22b8315f NEW |
none[4] | none:none |
StarForce| | none | trace | |
| T:10:24:00 | WinXP | 200.100.87.120 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox: 9 hits: 04-21 to 06-19] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 10:49:00 | WinXP | 4.180.108.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PLATTE CITY, MISSOURI, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:51:00 | WinXP | 87.68.232.4 (012.NET.IL): GOLDEN LINES INTERNATIONAL COMMUNICATION SERVICES LTD, IL. (DSL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:11:03:00 | Win2K-f | 216.211.243.7 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] b5919931fe [Firefox: 8 hits: 06-20 to 06-20] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 11:05:00 | WinXP | 118.231.97.128 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:11:06:00 | WinXP | 76.77.228.13 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | :proxima.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 261 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | ea9787a186 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:11:18:00 | Win2K-f | 24.80.67.53 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
396e4fc150 NEW 4722406ddf NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| Armadillo| ASProtect| |
none none lines=90 |
none none trace |
| 11:34:00 | WinXP | 70.253.195.73 (SWBELL.NET): PPPOX POOL - RBACK7.AUSTTX.08092205-1944, AUSTIN, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:429 hits: 12-31 to 06-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:45:00 | WinXP | 70.106.134.69 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:16 hits: 12-14 to 06-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 11:46:00 | Win2K-f | 4.224.99.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NOBLESVILLE, INDIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:02:00 | Win2K-f | 59.115.207.55 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| 12:07:00 | WinXP | 4.252.64.46 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:12:00 | Win2K-f | 211.211.159.152 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
5558f5601e NEW 8c0d3d722b NEW |
none[none] none [none] |
none:none none:none |
tElock| Armadillo| |
none none |
none none |
| 12:13:00 | WinXP | 75.138.61.8 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
ae4bed1aa9 NEW bc51bd8226 NEW |
none[none] none [none] |
none:none none:none |
Armadillo| PolyEnE| |
none none |
none none |
| 12:22:00 | WinXP | 117.99.55.135 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:298 hits: 05-01 to 06-20] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:12:23:00 | WinXP | 213.100.53.3 (SWIPNET.SE): SWIPNET, STOCKHOLM, STOCKHOLM, SE. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1340 hits: 12-31 to 06-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:25:00 | WinXP | 213.100.53.3 (SWIPNET.SE): SWIPNET, STOCKHOLM, STOCKHOLM, SE. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org US:lia.zanet.net NO:london.uk.eu.undernet.org SE:ozbytes.dal.net SE:qis.md.us.dal.net SE:coins.dal.net :gaspode.zanet.org.za AT:graz.at.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1340 hits: 12-31 to 06-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:26:00 | WinXP | 86.143.118.241 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox: 6 hits: 06-12 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 12:59:00 | WinXP | 86.146.222.5 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox: 6 hits: 06-12 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:12:59:00 | WinXP | 124.155.92.115 (ASAHI-NET.OR.JP): ASAHI-NET-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8ae058b2d0 [Firefox: 3 hits: 05-01 to 06-16] |
e6a9383b75 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:13:03:00 | WinXP | 75.7.148.16 (SBCGLOBAL.NET): PPPOX POOL - RBACK19.IRVNCA, COMPTON, CALIFORNIA, US. (DSL) |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:13:05:00 | Win2K-f | 218.119.176.169 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:16:00 | WinXP | 86.146.154.239 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:429 hits: 12-31 to 06-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:19:00 | WinXP | 117.99.26.15 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:298 hits: 05-01 to 06-20] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:13:35:00 | WinXP | 67.38.174.4 (AMERITECH.NET): DIAL POOL - TNT1.KALAMAZOO.MI.AMERITECH.NET, GRAND RAPIDS, MICHIGAN, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:36:00 | Win2K-f | 68.150.213.145 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SHERWOOD PARK, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
24f45a0bf5 NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] d24a1d8a6f NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
tElock| ASProtect| Armadillo| |
none lines=90 none |
none trace none |
| 14:09:00 | Win2K-f | 80.171.3.54 (HANSENET.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
n/a | :proxim.ircgalaxy.pl CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 34213821e8 NEW |
none[none] | none:none |
FSG| | none | none |
| T:14:22:00 | WinXP | 78.0.248.209 (T-COM.HR): HPTNET, HR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | a732992479 NEW |
none[none] | none:none |
FASM| | none | none | |
| 14:40:00 | WinXP | 67.10.86.126 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 556 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 NEW |
none[4] | none:none |
StarForce| | none | trace | |
| 14:49:00 | WinXP | 69.232.156.102 (PACBELL.NET): PPPOX POOL - RBACK8.IRVNCA 092004-0956, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:717 hits: 05-01 to 06-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 14:49:00 | WinXP | 85.154.163.68 (-): OMAN-EXP, OM. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:429 hits: 12-31 to 06-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:53:00 | Win2K-f | 122.146.224.52 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 196 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
9a1383bb4a NEW bc466d941c NEW |
none[none] none [none] |
none:none none:none |
tElock| Armadillo| |
none none |
none none |
| T:14:59:00 | Win2K-f | 76.214.133.252 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:04:00 | Win2K-f | 211.59.72.105 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:207.123.37.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] 8390780c27 [Firefox: 2 hits: 06-18 to 06-20] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:15:06:00 | Win2K-f | 24.76.248.182 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
65275a1614 NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] ec0d7783de NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
Armadillo| ASProtect| tElock| |
none lines=90 none |
none trace none |
| T:15:12:00 | WinXP | 69.134.245.169 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:17:00 | WinXP | 24.89.192.129 (EASTLINK.CA): EASTLINK, HALIFAX, NOVA SCOTIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.46.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:21:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 57ce4acac2 [Firefox:16 hits: 06-17 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:35:00 | Win2K-f | 68.145.185.234 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:51:00 | Win2K-f | 208.127.106.215 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none none |
2ef2f78792 NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] b7a332eb7c NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
Armadillo| ASProtect| tElock| |
none lines=90 none |
none trace none |
| T:15:57:00 | WinXP | 83.22.243.119 (TPNET.PL): NEOSTRADA PLUS, ZAWIERCIE, SLASKIE, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:16 hits: 12-14 to 06-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 16:43:00 | WinXP | 58.108.164.116 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
48bc07f9ed NEW a5308d87d0 NEW |
none[none] none [none] |
none:none none:none |
PolyEnE| Armadillo| |
none none |
none none |
| T:16:53:00 | WinXP | 69.104.218.126 (PACBELL.NET): PPPOX POOL - RBACK3 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:53:00 | Win2K-f | 4.230.93.103 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:37:00 | WinXP | 62.147.218.37 (PROXAD.NET): PROXAD / FREE TELECOM, PARIS, ILE-DE-FRANCE, FR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:55:00 | Win2K-f | 75.19.158.113 (SBCGLOBAL.NET): PPPOX POOL - RBACK10.SCRMCA, AKRON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:02:00 | WinXP | 75.8.97.173 (SBCGLOBAL.NET): PPPOX POOL - RBACK19.IRVNCA, COMPTON, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:04:00 | Win2K-f | 211.176.178.155 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
01f8daa481 NEW 1d443bea90 NEW |
none[none] none [none] |
none:none none:none |
Armadillo| tElock| |
none none |
none none |
| 18:19:00 | WinXP | 222.147.218.9 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 21e5edb96d [Firefox: 2 hits: 06-19 to 06-20] |
none[4] | none:none |
none|none | none | trace | |
| 18:31:00 | Win2K-f | 118.165.135.174 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:18:35:00 | Win2K-f | 4.253.64.136 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ARLINGTON, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:36:00 | WinXP | 99.250.219.254 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 177 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 706e697ed5 NEW |
none[none] | none:none |
PolyEnE| | none | none | |
| 18:38:00 | Win2K-f | 124.241.165.199 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
72.10.172.211:8080 67.43.236.66:8080 | CA:xx.ka3ek.com CA:xx.nadnadzz.info CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:67.43.236.98:10324 CA:67.43.236.99:10324 CA:72.10.172.211:8080 |
135 | pcap | raw alerts ruleset |
other 226 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | 2595d6e010 NEW |
none[4] | none:none |
none|none | none | trace |
| 18:42:00 | WinXP | 77.101.75.185 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.66.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] a08f3b74a4 [Firefox:34 hits: 06-18 to 06-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:17:00 | Win2K-f | 211.18.186.103 (DION.NE.JP): DION (KDDI CORPORATION), JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:28:00 | WinXP | 123.222.141.173 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:651 hits: 07-11 to 06-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:34:00 | Win2K-f | 220.130.194.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:41:00 | Win2K-f | 211.49.165.21 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:64.215.166.173:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] 4c3df24b32 [Firefox:10 hits: 06-17 to 06-20] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:52:00 | WinXP | 24.86.136.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 268 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | e759d2b517 NEW |
none[none] | none:none |
PolyEnE| | none | none |
| T:19:54:00 | WinXP | 209.213.9.52 (SSLISP.COM): ELTOPIA.COM LLC, PASCO, WASHINGTON, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3071 hits: 12-31 to 06-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:04:00 | Win2K-f | 202.88.238.21 (ASIANET.CO.IN): ASIANET IS A ISP PROVIDING ACCESS THROUGH CABLE, TRIVANDRUM, KERALA, IN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none none |
133401d618 NEW 7819d05bbf NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] |
none[4] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| Armadillo| ASProtect| |
none none lines=90 |
trace none trace |
| T:20:14:00 | Win2K-f | 61.231.155.158 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:20:14:00 | WinXP | 196.40.64.167 (RACSA.CO.CR): SERVIDOR ACCESO PAVAS, SAN JOSE, SAN JOSE, CR. (100Mbps) |
n/a | DE:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru US:sprw.information.com US:spi.domainsponsor.com :wpad US:208.73.212.12:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1061 hits: 05-01 to 06-20] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:22:00 | WinXP | 170.51.96.241 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 90d02b6b68 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:20:45:00 | Win2K-f | 211.44.228.108 (KRLINE.NET): KRNIC, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none none |
168aab35a3 [Firefox: 5 hits: 06-17 to 06-20] acd2a6266d NEW b5919931fe [Firefox: 8 hits: 06-20 to 06-20] |
none[4] acd2a6266d[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| T:20:55:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1340 hits: 12-31 to 06-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:59:00 | WinXP | 125.197.203.215 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 21:05:00 | Win2K-f | 75.11.165.249 (SBCGLOBAL.NET): PPPOX POOL - RBACK13.SNDGCA, CARLSBAD, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:09:00 | WinXP | 4.186.105.152 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEWARK, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:09:00 | Win2K-f | 118.161.2.142 (-): . |
217.170.244.2:443 | :proxima.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 21:18:00 | Win2K-f | 61.209.66.140 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:21:23:00 | WinXP | 65.255.131.76 (OFMLIVE.NET): OREGON FARMERS MUTUAL TELEPHONE COMPANY, OREGON, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 none |
53bfe15e91 [Firefox:105 hits: 06-17 to 06-20] 73f1082158 [Firefox:34 hits: 06-18 to 06-20] e07c29c4ae [Firefox:12 hits: 06-19 to 06-20] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:25:00 | Win2K-f | 210.127.111.200 (KRLINE.NET): KRNIC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
0537139fe7 NEW 49b6f2dd5d NEW |
none[none] none [none] |
none:none none:none |
PolyEnE| Armadillo| |
none none |
none none |
| 21:30:00 | WinXP | 4.89.128.43 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WOLCOTTVILLE, INDIANA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:440 hits: 05-02 to 06-20] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:43:00 | Win2K-f | 58.227.223.12 (DIEHLAUTO.COM): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
4670cbaa61 NEW 7b2dec4d44 NEW |
none[none] none [none] |
none:none none:none |
tElock| Armadillo| |
none none |
none none |
| 21:57:00 | WinXP | 220.215.216.102 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:44 hits: 09-28 to 06-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:17:00 | Win2K-f | 122.26.115.36 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:24:00 | WinXP | 170.51.126.112 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:38:00 | Win2K-f | 218.168.170.95 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:22:40:00 | Win2K-f | 118.165.122.201 (-): . |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 30 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2667 hits: 12-31 to 06-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:22:43:00 | Win2K-f | 67.33.231.40 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:02:00 | Win2K-f | 211.207.9.47 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
69be040d0b NEW 81bbbeac34 NEW |
none[none] none [none] |
none:none none:none |
tElock| Armadillo| |
none none |
trace trace |
| 23:03:00 | WinXP | 210.127.111.200 (KRLINE.NET): KRNIC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:64.215.166.173:80 US:64.215.166.190:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
0537139fe7 NEW 49b6f2dd5d NEW |
none[4] 49b6f2dd5d[1] |
none:none none:none |
PolyEnE| Armadillo| |
none none |
trace trace |
| 23:19:00 | Win2K-f | 204.97.215.37 (OLP.NET): BTC BROADBAND INC, BIXBY, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
ae43bb721a NEW b5a9a8f575 NEW |
ae43bb721a [1] none [4] |
ASM:Graph none:none |
Armadillo| StarForce| |
lines=81 none |
trace trace |
| 23:29:00 | WinXP | 72.13.146.190 (HWCCUSTOMERS.COM): HOTWIRE COMMUNICATIONS PRIVATE CUSTOMER, MIAMI, FLORIDA, US. |
n/a | EU:siliconfireware.ru RU:www.bbin.ru :wpad RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:469 hits: 05-04 to 06-19] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 23:33:00 | WinXP | 85.181.34.142 (ALICEDSL.DE): HANSENET-ADSL, MUNICH, BAYERN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:36:00 | Win2K-f | 4.153.244.75 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KNOXVILLE, TENNESSEE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:37:00 | WinXP | 217.219.194.205 (-): DMAHDIEH, IR. (100Mbps) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 322cbf18f3 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:23:39:00 | WinXP | 217.219.194.205 (-): DMAHDIEH, IR. (100Mbps) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 322cbf18f3 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:23:51:00 | WinXP | 12.74.176.60 (ATT.NET): AT&T WORLDNET SERVICES, CHOCTAW, OKLAHOMA, US. (DIAL) |
12.74.176.60:21 | :irc.drxclusives.info DE:msdirect.servicemail24.de DE:msdirectservices.com US:lebanon-online.com.lb :mx.msdirectservices.com :mail.msdirectservices.com :smtp.msdirectservices.com :mx1.msdirectservices.com :mxs.msdirectservices.com :mail1.msdirectservices.com :relay.msdirectservices.com :ns.msdirectservices.com :gate.msdirectservices.com :mx.lebanon-online.com.lb :rz.uni-karlsruhe.de :mx.rz.uni-karlsruhe.de DE:mail.rz.uni-karlsruhe.de US:petdance.com :mx.petdance.com CH:cern.ch US:mail.petdance.com :smtp.petdance.com :mx1.petdance.com :mx.cern.ch :mxs.petdance.com US:pobox.com CH:mail.cern.ch :mail1.petdance.com :mx.pobox.com CH:smtp.cern.ch :relay.petdance.com :mail.pobox.com :mx1.cern.ch US:cpan.org :ns.petdance.com US:smtp.pobox.com :mxs.cern.ch :mx.cpan.org :gate.petdance.com :mx1.pobox.com :mail1.cern.ch :mail.cpan.org :mxs.pobox.com :relay.cern.ch :smtp.cpan.org :mail1.pobox.com :ns.cern.ch :mx1.cpan.org :relay.pobox.com :gate.cern.ch :mxs.cpan.org :ns.pobox.com :mail1.cpan.org :gate.pobox.com :relay.cpan.org :ns.cpan.org :gate.cpan.org DE:convex.com US:mx-pa-9.pobox.com :mx.convex.com US:mx-pa-10.pobox.com US:mx-all.pobox.com :mail.convex.com US:mx-nj-1.pobox.com :smtp.convex.com US:mx-nj-2.pobox.com :mx1.convex.com US:mx-pa-8.pobox.com :mxs.convex.com US:penvision.com CH:137.138.28.241:25 DE:193.189.224.91:25 US:64.26.62.254:25 |
445 | pcap | raw alerts ruleset |
shell shell ftp 1013 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |