|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | Win2K-f | 60.38.16.246 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| T:00:07:00 | Win2K-f | 61.251.9.95 (-): DAEJEON TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
074325ecbc NEW 2a66fc87fa NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:12:00 | WinXP | 81.137.216.248 (BTOPENWORLD.COM): SINGLE STATIC IP ADDRESSES, LONDON, ENGLAND, UK. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:00:14:00 | Win2K-f | 217.232.103.211 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 00:16:00 | Win2K-f | 217.232.103.211 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 00:18:00 | WinXP | 88.134.177.83 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 80433c452f [Firefox: 2 hits: 06-30 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 00:18:00 | Win2K-f | 125.215.102.7 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 00:20:00 | Win2K-f | 118.169.70.207 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:00:31:00 | Win2K-f | 217.237.99.34 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, TRIER, RHEINLAND-PFALZ, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 00:39:00 | Win2K-f | 92.21.141.146 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 619057c44c NEW |
none[none] | none:none |
none|none | none | none |
| T:00:40:00 | Win2K-f | 78.8.22.141 (NET.PL): DIALOG, WROCLAW, DOLNOSLASKIE, PL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| T:00:41:00 | Win2K-f | 24.65.50.37 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
215dda8137 NEW c1c5be6c5a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:43:00 | WinXP | 213.77.121.222 (-): LIQUID SYSTEMS SP. Z O.O, KRAKOW, MALOPOLSKIE, PL. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 33 | 2b905ce565 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:44:00 | Win2K-f | 130.227.67.155 (POST.LINDPRO.DK): UNI2-KUNDER, DK. |
67.43.236.98:10324 | CA:xx.nadnadzz.info CA:nadsam0.info US:130.107.220.21:53660 CA:67.43.236.99:10324 |
135 | pcap | raw alerts ruleset |
irc http 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 16 of 33 none none |
4f51b7cd6f NEW 89ae89a9b7 NEW c5622bb285 [Firefox: 5 hits: 06-23 to 06-27] ee20b91263 [Firefox: 2 hits: 06-27 to 06-27] |
none[none] none [none] none [4] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none trace none |
| 00:52:00 | WinXP | 120.75.189.106 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 00:57:00 | WinXP | 62.169.107.73 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 73582ef3de NEW |
none[none] | none:none |
none|none | none | none |
| T:01:00:00 | Win2K-f | 85.177.188.96 (ALICEDSL.DE): HANSENET-ADSL, BOCHUM, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:80 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | 536227ab5f NEW |
none[none] | none:none |
none|none | none | none |
| 01:03:00 | Win2K-f | 118.7.234.41 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 01:04:00 | Win2K-f | 71.140.69.146 (-): LOS GIRASOLES LTD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox: 2 hits: 06-18 to 06-26] 79c01ec060 [Firefox: 3 hits: 06-18 to 06-26] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 01:06:00 | WinXP | 220.156.9.221 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:01:09:00 | WinXP | 82.103.205.93 (ELISA-LAAJAKAISTA.FI): JYVASVIESTIN-NET, FI. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 71b5bbe58a NEW |
none[none] | none:none |
none|none | none | none |
| 01:22:00 | WinXP | 118.240.190.229 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 01:23:00 | WinXP | 118.109.155.199 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 661a97baa1 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:31:00 | Win2K-f | 125.215.118.134 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| T:01:32:00 | Win2K-f | 119.11.105.120 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 87e5da3c72 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:33:00 | Win2K-f | 92.5.50.52 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | e511b659f8 [Firefox: 5 hits: 06-30 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 01:38:00 | WinXP | 125.175.156.47 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b17ccd664c [Firefox: 2 hits: 06-30 to 06-30] |
none[none] | none:none |
none|none | none | none |
| 01:44:00 | WinXP | 221.171.136.84 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | a9c8d121f2 [Firefox: 8 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:01:46:00 | WinXP | 119.72.24.56 (-): . |
217.170.244.2:443 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | 48529863a4 NEW |
none[none] | none:none |
none|none | none | none |
| 01:50:00 | Win2K-f | 83.255.70.52 (COMHEM.SE): COMHEM, ÖSTERSUND, JAMTLANDS, SE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:01:56:00 | WinXP | 91.64.10.202 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 399a88233f [Firefox: 3 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:01:56:00 | Win2K-f | 130.227.67.156 (POST.LINDPRO.DK): UNI2-KUNDER, DK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | adbd470e8b NEW |
none[none] | none:none |
none|none | none | none |
| T:01:56:00 | Win2K-f | 65.68.19.187 (-): POPLAR PCS, JONESBORO, ARKANSAS, US. (100Mbps) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox: 5 hits: 06-18 to 06-30] c6bfb5f0f2 [Firefox: 5 hits: 06-18 to 06-30] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 01:57:00 | WinXP | 61.94.166.71 (-): TLKM_D4_DIALUP_SLO-G, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | a99f17e623 [Firefox:22 hits: 03-28 to 06-18] |
87dfec58db [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| T:01:57:00 | WinXP | 61.94.166.71 (-): TLKM_D4_DIALUP_SLO-G, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | a99f17e623 [Firefox:22 hits: 03-28 to 06-18] |
87dfec58db [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| 02:00:00 | WinXP | 80.104.248.84 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA S.P.A, FERRARA, EMILIA-ROMAGNA, IT. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 02:03:00 | WinXP | 218.160.48.4 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 2f5a49b768 [Firefox: 3 hits: 06-22 to 06-29] |
none[4] | none:none |
FSG| | none | trace |
| 02:07:00 | Win2K-f | 122.17.88.7 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 02:12:00 | WinXP | 88.134.7.25 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 9e6b5a4c40 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:16:00 | Win2K-f | 66.57.186.196 (RR.COM): ROAD RUNNER HOLDCO LLC, LEXINGTON, SOUTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:16:00 | WinXP | 122.132.182.109 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:02:29:00 | Win2K-f | 119.228.114.29 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 33 | cf153403d1 [Firefox: 3 hits: 06-28 to 06-29] |
none[none] | none:none |
none|none | none | none | |
| 02:31:00 | WinXP | 81.90.154.78 (-): AFRANET, TEHRAN, TEHRAN, IR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3127 hits: 12-31 to 07-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:46:00 | Win2K-f | 79.10.123.134 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 4f3df56c30 [Firefox: 8 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:02:48:00 | WinXP | 91.66.141.207 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 33 | 9b44eb3239 NEW |
none[none] | none:none |
none|none | none | none |
| 02:51:00 | Win2K-f | 218.169.86.53 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:52:00 | WinXP | 88.134.129.197 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 80433c452f [Firefox: 2 hits: 06-30 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 02:56:00 | WinXP | 121.103.220.174 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 32 | 4347a366c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:57:00 | Win2K-f | 78.52.228.85 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | b9b41e58f3 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:59:00 | Win2K-f | 68.74.115.177 (AMERITECH.NET): PPPOX POOL - RBACK1 EMHRIL, CHICAGO, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:00:00 | WinXP | 222.144.172.85 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 03:04:00 | Win2K-f | 221.127.236.168 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 32 | b36b95f94d [Firefox: 3 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:03:10:00 | WinXP | 222.145.40.22 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | d27ec859b1 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:11:00 | WinXP | 61.68.2.22 (CONNECT.NET.AU): CCADIALPOOLS2-CC, SYDNEY, NEW SOUTH WALES, AU. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:444 hits: 12-31 to 07-01] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:22:00 | Win2K-f | 125.102.81.243 (UCOM.NE.JP): G-OS0024N, JP. (100Mbps) |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:03:34:00 | WinXP | 220.111.117.184 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:03:38:00 | Win2K-f | 78.147.165.230 (-): OPAL TELECOM DSL, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 03:39:00 | WinXP | 122.132.182.109 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:03:43:00 | Win2K-f | 84.126.248.16 (ONO.COM): PROVIDER LOCAL REGISTRY, ES. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 03:50:00 | WinXP | 119.11.115.101 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 33 | a896c13b26 [Firefox: 2 hits: 06-30 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:03:50:00 | Win2K-f | 122.120.218.208 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| 03:59:00 | Win2K-f | 92.12.70.59 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 33 | 9a32965bc8 [Firefox:10 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:04:03:00 | Win2K-f | 122.135.209.114 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 30 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | 661a97baa1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:16:00 | Win2K-f | 92.4.25.60 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | b96c53aded [Firefox: 4 hits: 06-28 to 06-30] |
none[none] | none:none |
none|none | none | none | |
| 04:19:00 | WinXP | 124.24.204.17 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:23:00 | WinXP | 217.218.221.59 (-): SAVEH INTERNET SERVICE PROVIDER, IR. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sptc2.information.com US:as.casalemedia.com GB:welcome3.smile.co.uk :wpad US:sprw.information.com US:spi.domainsponsor.com GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 33 29 of 29 |
4ffcf13c83 NEW a12cab51ef [Firefox:1089 hits: 05-01 to 07-01] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| 04:28:00 | WinXP | 85.154.167.47 (-): OMAN-EXP, OM. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:444 hits: 12-31 to 07-01] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:36:00 | Win2K-f | 122.17.88.7 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| T:04:41:00 | WinXP | 210.139.165.107 (SO-NET.NE.JP): SO-NET ENTERTAINMENT CORPORATION, JP. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 4e8ee871a1 NEW |
none[none] | none:none |
none|none | none | none |
| 04:43:00 | WinXP | 221.190.5.57 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 04:44:00 | Win2K-f | 85.178.154.193 (ALICEDSL.DE): HANSENET-ADSL, BERLIN, BERLIN, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 797d57e146 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:51:00 | WinXP | 222.145.128.177 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 07-11 to 07-01] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:52:00 | WinXP | 220.96.240.179 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
other 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:54:00 | WinXP | 81.159.142.175 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:170 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 05:03:00 | WinXP | 210.221.112.77 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
69be040d0b [Firefox: 2 hits: 06-21 to 06-28] 81bbbeac34 [Firefox: 2 hits: 06-21 to 06-28] |
none[4] 81bbbeac34[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:05:03:00 | WinXP | 58.230.192.37 (-): THRUNET-INFRA-SEOUL03, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 30 of 32 |
3dffacd270 NEW d5bf17f14e NEW |
3dffacd270 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 05:06:00 | Win2K-f | 4.152.219.46 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEWPORT NEWS, VIRGINIA, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 29 | 6887c0c417 [Firefox:11 hits: 08-17 to 06-22] |
0a9bea2750 [0] | ASM:Graph |
FSG| | lines=1932 embedded dns |
trace |
| T:05:07:00 | Win2K-f | 70.240.139.174 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:07:00 | WinXP | 211.206.229.150 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:22 hits: 06-17 to 07-01] 4c3df24b32 [Firefox:37 hits: 06-17 to 07-01] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:12:00 | Win2K-f | 122.42.12.62 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 33 |
2949152a24 NEW f1a10a0d85 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:14:00 | Win2K-f | 4.226.228.217 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WACO, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:32:00 | Win2K-f | 122.135.119.160 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
217.170.244.2:443 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | db3d848a14 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:41:00 | WinXP | 221.171.141.47 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 | 910ee72436 NEW |
none[none] | none:none |
none|none | none | none |
| 05:54:00 | WinXP | 152.66.35.110 (BME.HU): BUDAPEST UNIVERSITY OF TECHNOLOGY AND ECONOMICS, BUDAPEST, BUDAPEST, HU. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:05:58:00 | Win2K-f | 218.169.86.53 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:10:00 | WinXP | 213.242.238.175 (-): PPTP CONNECTIONS, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:143 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 06:17:00 | WinXP | 118.110.108.246 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:18:00 | WinXP | 211.213.56.219 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:22 hits: 06-17 to 07-01] 4c3df24b32 [Firefox:37 hits: 06-17 to 07-01] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:30:00 | WinXP | 72.189.33.99 (RR.COM): ROAD RUNNER HOLDCO LLC, ALTAMONTE SPRINGS, FLORIDA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com EU:ebookfinaltrash.ru :wpad US:sprw.information.com |
445 | pcap | raw alerts ruleset |
http http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1089 hits: 05-01 to 07-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:06:42:00 | Win2K-f | 211.133.35.71 (INFOWEB.NE.JP): INFOWEB-CIDR-BLK, TOKYO, TOKYO, JP. (DIAL) |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 06:58:00 | WinXP | 219.162.244.126 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:58:00 | Win2K-f | 208.82.41.70 (-): . |
210.245.211.11:65520 72.10.172.218:3838 | HK:proxim.ircgalaxy.pl :sdihsihdsfsofhsohs.net :sisxteen.oihduhdd.net DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com CA:haiys.eiheihre3.com US:206.251.244.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 304 lines |
Yeah : 1.8 profile |
none | summary tarball |
13 of 33 30 of 32 27 of 33 |
59aafd5707 NEW 6914740929 NEW a014934a72 [Firefox:55 hits: 06-28 to 07-01] |
none[none] 6914740929[1] none [none] |
none:none ASM:Graph none:none |
none|none StarForce| none|none |
none lines=19 none |
none trace none |
| T:07:06:00 | WinXP | 125.225.150.225 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:09:00 | Win2K-f | 204.116.124.206 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, MT. AIRY, NORTH CAROLINA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 HK:210.245.211.11:65520 US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
irc http 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 33 31 of 33 29 of 33 |
a014934a72 [Firefox:55 hits: 06-28 to 07-01] dfbaaf577c [Firefox: 3 hits: 06-18 to 07-01] f504b4af20 [Firefox: 3 hits: 06-18 to 07-01] |
none[none] none [4] f504b4af20[1] |
none:none none:none ASM:Graph |
none|none tElock| Armadillo| |
none none lines=82 |
none trace trace |
| T:07:14:00 | Win2K-f | 218.45.198.60 (MS01.ITSCOM.JP): ITSCOM_MANSIONLAN, JP. |
210.245.211.11:65520 72.10.172.218:3938 | HK:proxim.ircgalaxy.pl CA:wiger.blacktiehsbdcs.com |
445 | pcap | raw alerts ruleset |
shell irc http 15 lines |
Yeah : 1.8 profile |
none | summary tarball |
13 of 33 | 59aafd5707 NEW |
none[none] | none:none |
none|none | none | none |
| 07:15:00 | WinXP | 123.0.94.218 (CC9.NE.JP): CABLE TV CORPORATION, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:19:00 | Win2K-f | 70.184.112.41 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:64.62.216.10:80 US:64.62.216.56:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:29:00 | WinXP | 211.133.35.71 (INFOWEB.NE.JP): INFOWEB-CIDR-BLK, TOKYO, TOKYO, JP. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:44:00 | Win2K-f | 87.9.248.157 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 4f3df56c30 [Firefox: 8 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:07:51:00 | WinXP | 59.121.111.215 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:54:00 | Win2K-f | 24.105.230.151 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:192.221.110.126:80 US:192.221.99.126:80 US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
a2fa7251fe NEW fc467ecfec NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:56:00 | WinXP | 125.198.73.232 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:58:00 | Win2K-f | 61.224.3.29 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:31:00 | Win2K-f | 85.182.31.65 (ALICEDSL.DE): HANSENET-ADSL, DE. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 58 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 27 of 33 |
8700fb55fc NEW a014934a72 [Firefox:55 hits: 06-28 to 07-01] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:35:00 | WinXP | 4.236.174.78 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BRONX, NEW YORK, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox: 6 hits: 06-22 to 06-28] |
none[4] | none:none |
none|none | none | trace | |
| T:08:37:00 | WinXP | 12.76.238.41 (ATT.NET): AT&T WORLDNET SERVICES, GRAHAM, NORTH CAROLINA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:50:00 | Win2K-f | 24.31.166.118 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:06:00 | WinXP | 82.3.5.123 (NTL.COM): NTL INFRASTRUCTURE - LUTON, FLEET, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:10:00 | Win2K-f | 122.146.82.106 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
4254c3cd8a NEW 614712de8b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:12:00 | WinXP | 88.210.78.83 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | EU:siliconfireware.ru DE:ebookfinaltrash.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 30 | af79e0c602 [Firefox:11 hits: 07-19 to 06-26] |
none[4] | none:none |
ASPack| | none | trace |
| T:09:14:00 | WinXP | 82.3.5.123 (NTL.COM): NTL INFRASTRUCTURE - LUTON, FLEET, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:21:00 | WinXP | 213.39.140.168 (HANSENET.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 69de2602f6 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:39:00 | Win2K-f | 124.241.181.158 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] b7082104e4 [Firefox:21 hits: 06-18 to 07-01] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:40:00 | WinXP | 80.104.154.71 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA S.P.A, FLORENCE, TOSCANA, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:43:00 | WinXP | 66.57.228.145 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:03:00 | Win2K-f | 4.129.85.154 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RUTHER GLEN, VIRGINIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox: 6 hits: 06-22 to 06-28] |
none[4] | none:none |
none|none | none | trace | |
| T:10:03:00 | WinXP | 12.205.227.160 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CASPER, WYOMING, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:448 hits: 05-02 to 07-01] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 10:15:00 | WinXP | 4.177.18.200 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN DIEGO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:18:00 | WinXP | 118.7.97.163 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:19:00 | Win2K-f | 123.222.123.189 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:211 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| T:10:27:00 | WinXP | 116.39.221.32 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
4ab2ecbc0f [Firefox: 2 hits: 06-29 to 06-30] 65eb2e3aee [Firefox: 2 hits: 06-29 to 06-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:31:00 | Win2K-f | 218.86.236.21 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, GUIZHOU, GUIZHOU, CN. |
72.10.172.218:3838 | HK:proxima.ircgalaxy.pl CA:haiys.eiheihre3.com CA:wiger.blacktiehsbdcs.com HK:210.245.211.11:65520 CA:72.10.172.218:3838 |
135 | pcap | raw alerts ruleset |
irc http 312 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 14 of 33 |
4f8d6c0a4d [Firefox: 2 hits: 06-23 to 06-25] 6d7d2f0a24 NEW |
none[4] none [none] |
none:none none:none |
none|none none|none |
none none |
trace none |
| T:10:45:00 | WinXP | 4.242.192.140 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HILLSBORO, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:50:00 | WinXP | 98.174.204.104 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:52:00 | Win2K-f | 172.162.242.72 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 176 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:00:00 | Win2K-f | 99.181.180.213 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:31:00 | WinXP | 72.190.125.111 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:207.123.44.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:33:00 | WinXP | 85.181.201.84 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:11:36:00 | Win2K-f | 98.132.128.176 (-): ALLTEL SIP CUSTOMERS - MIDLAND, MIDLAND, TEXAS, US. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:11:43:00 | Win2K-f | 4.162.153.175 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MEMPHIS, TENNESSEE, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 153 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 33 | 7bf40dbd28 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:50:00 | WinXP | 204.116.29.222 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, NEVADA, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.126:80 US:205.128.66.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:01:00 | WinXP | 65.86.238.166 (DSL.NET): DSL.NET INC, BROOKLYN, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:02:00 | Win2K-f | 65.86.238.166 (DSL.NET): DSL.NET INC, BROOKLYN, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:10:00 | WinXP | 87.205.91.116 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | ad062638f8 NEW |
none[none] | none:none |
none|none | none | none |
| 12:37:00 | Win2K-f | 4.245.118.219 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:39:00 | Win2K-f | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:43:00 | Win2K-f | 80.41.167.87 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:01:00 | WinXP | 81.43.36.139 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:728 hits: 05-01 to 07-01] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 13:02:00 | WinXP | 83.22.209.231 (TPNET.PL): NEOSTRADA PLUS, ZAWIERCIE, SLASKIE, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:25 hits: 12-14 to 06-30] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 13:17:00 | WinXP | 58.85.248.33 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
2e45ae247e [Firefox: 2 hits: 06-25 to 06-28] 53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 13:22:00 | WinXP | 84.140.236.238 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, LUBECK, SCHLESWIG-HOLSTEIN, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:25 hits: 12-14 to 06-30] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:13:27:00 | WinXP | 68.144.135.11 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:30:00 | Win2K-f | 118.220.101.125 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:37 hits: 06-17 to 07-01] 97fef473b9 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| 13:36:00 | WinXP | 201.228.178.158 (TELECOM.COM.CO): COLOMBIA TELECOMUNICACIONES S.A. ESP, CO. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:13:55:00 | Win2K-f | 75.79.27.20 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:08:00 | WinXP | 75.16.87.224 (SBCGLOBAL.NET): RBACK34A.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] b7082104e4 [Firefox:21 hits: 06-18 to 07-01] e07c29c4ae [Firefox:48 hits: 06-19 to 07-01] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| 14:09:00 | WinXP | 122.130.164.15 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:11:00 | Win2K-f | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 57ce4acac2 [Firefox:30 hits: 06-17 to 07-01] b5919931fe [Firefox:47 hits: 06-20 to 07-01] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 14:17:00 | Win2K-f | 4.225.169.114 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:33:00 | WinXP | 76.182.4.70 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | GB:new.egg.com :wpad DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1089 hits: 05-01 to 07-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:47:00 | Win2K-f | 64.219.196.7 (SWBELL.NET): DIAL POOL1 - AS, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:58:00 | WinXP | 77.57.45.50 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1378 hits: 12-31 to 07-01] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:06:00 | Win2K-f | 118.7.119.28 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:06:00 | WinXP | 70.66.80.239 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:80 US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 none |
2110c8100f [Firefox: 5 hits: 06-19 to 07-01] e818015a89 [Firefox: 4 hits: 06-23 to 07-01] |
none[4] e818015a89[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:15:15:00 | WinXP | 71.112.244.221 (VERIZON.NET): VERIZON INTERNET SERVICES INC, MARYSVILLE, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:19:00 | Win2K-f | 59.112.80.28 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:31:00 | WinXP | 71.80.123.125 (CHARTER.COM): CHARTER COMMUNICATIONS, CONNECTICUT, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 15:31:00 | WinXP | 172.191.102.30 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:33:00 | WinXP | 75.5.4.29 (SBCGLOBAL.NET): RBACK34C.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:43:00 | WinXP | 59.146.47.125 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 07-11 to 07-01] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:45:00 | Win2K-f | 130.13.38.254 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
222.51.25.91:18067 | CN:bniu.househot.com EU:www.filefrog.net |
445 | pcap | raw alerts ruleset |
http 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 9928a1e660 [Firefox:21 hits: 10-06 to 05-15] |
28c8dadabf [0] | ASM:Graph |
none|none | lines=104 embedded dns |
trace |
| T:15:48:00 | Win2K-f | 125.175.156.47 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b17ccd664c [Firefox: 2 hits: 06-30 to 06-30] |
none[none] | none:none |
none|none | none | none |
| 16:01:00 | Win2K-f | 59.112.80.28 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:03:00 | Win2K-f | 151.118.180.28 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:10:00 | WinXP | 170.51.205.17 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3127 hits: 12-31 to 07-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:21:00 | WinXP | 71.106.192.217 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MONICA, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:36:00 | Win2K-f | 220.229.78.210 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.37.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:40:00 | Win2K-f | 59.115.94.206 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 17:30:00 | WinXP | 64.183.182.25 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
5871e473d3 NEW ae2fb9fc7d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:45:00 | Win2K-f | 4.131.73.49 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 17:45:00 | Win2K-f | 66.142.174.147 (PACBELL.NET): AT&T INTERNET SERVICES, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:50:00 | WinXP | 69.232.235.147 (PACBELL.NET): PPPOX POOL - BRAS12 PLTN, OAKLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:12:00 | WinXP | 211.110.155.106 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 32 of 33 0 of 33 |
ce46f7ab87 NEW d7dc1e3bea NEW e07c29c4ae [Firefox:48 hits: 06-19 to 07-01] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 18:19:00 | WinXP | 71.65.27.163 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:92 hits: 09-28 to 07-01] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:36:00 | Win2K-f | 211.238.173.84 (-): DAEJEON TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
074325ecbc NEW 2a66fc87fa NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:38:00 | WinXP | 70.241.133.0 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com :wpad US:64.62.216.10:80 US:64.62.216.56:80 US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:42:00 | WinXP | 4.182.255.246 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AUBURN, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:45:00 | WinXP | 66.50.89.198 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3127 hits: 12-31 to 07-01] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:45:00 | Win2K-f | 24.86.136.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | e759d2b517 [Firefox: 3 hits: 06-21 to 06-29] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:18:48:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:22:00 | WinXP | 12.74.63.149 (ATT.NET): AT&T WORLDNET SERVICES, LOUISVILLE, KENTUCKY, US. (DIAL) |
n/a | DE:siliconfireware.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1089 hits: 05-01 to 07-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:32:00 | WinXP | 61.228.158.32 (PRESTONAUTO.COM): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 20:15:00 | Win2K-f | 124.8.149.107 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:20:19:00 | WinXP | 98.140.229.160 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:32:00 | WinXP | 222.234.97.168 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 30 of 32 |
1509c8d024 [Firefox: 4 hits: 06-17 to 06-27] e07c29c4ae [Firefox:48 hits: 06-19 to 07-01] f23b040440 [Firefox: 2 hits: 06-22 to 06-24] |
none[4] e07c29c4ae[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| FSG| Armadillo| |
none lines=92 lines=82 |
trace trace trace |
| T:20:39:00 | WinXP | 64.6.202.22 (295.CA): 3757277 CANADA INC. (OA 295.CA), KITCHENER, ONTARIO, CA. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:sprw.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 38 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1089 hits: 05-01 to 07-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:57:00 | Win2K-f | 118.216.97.236 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:37 hits: 06-17 to 07-01] 6a4845ca11 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:21:03:00 | WinXP | 118.216.97.236 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:37 hits: 06-17 to 07-01] 6a4845ca11 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:21:16:00 | Win2K-f | 70.250.104.52 (SWBELL.NET): MID MISSOURI BROADBAND AND CABLE LLC, LOOSE CREEK, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] b5919931fe [Firefox:47 hits: 06-20 to 07-01] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:21:34:00 | Win2K-f | 76.90.103.146 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:45:00 | Win2K-f | 68.144.71.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
0c1c51204b NEW 3d293743d8 NEW |
0c1c51204b [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:21:47:00 | Win2K-f | 66.139.9.225 (SWBELL.NET): PPPOX POOL - RBACK14.HSTNTX.042005-2016, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] a08f3b74a4 [Firefox:113 hits: 06-18 to 07-01] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:56:00 | Win2K-f | 172.168.201.214 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:319 hits: 06-17 to 07-01] 73f1082158 [Firefox:139 hits: 06-18 to 07-01] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:57:00 | WinXP | 217.184.65.243 (MEDIAWAYS.NET): VARIOUS ONLINE SERVICES, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:25 hits: 12-14 to 06-30] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 22:31:00 | WinXP | 125.225.141.155 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:41:00 | Win2K-f | 118.83.135.141 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
627731ae2b NEW 9db7aea9c0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:47:00 | WinXP | 96.15.158.71 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2785 hits: 12-31 to 07-01] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 23:24:00 | WinXP | 221.143.113.190 (GUTZWILLER.CH): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
06f27eb5cb NEW d27dfd506b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:35:00 | Win2K-f | 58.106.174.86 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:43:00 | WinXP | 210.79.144.27 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 07-11 to 07-01] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:23:56:00 | Win2K-f | 124.61.34.217 (-): POWERCOM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
6eddc8716c [Firefox: 2 hits: 06-17 to 06-25] aa6a25b2d8 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |