|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 221.7.82.4 (CECCOILS.COM): CNC GROUP CHONGQING PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:20 hits: 05-12 to 07-03] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:00:10:00 | Win2K-f | 82.53.136.107 (POOL8253.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, LIVORNO, TOSCANA, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| T:00:21:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 NEW 53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] |
4ca3056804 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:00:31:00 | Win2K-f | 85.23.23.86 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 35 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| 00:42:00 | Win2K-f | 118.218.141.120 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.46.126:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 667f0c59f3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 00:43:00 | WinXP | 61.231.150.15 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:00:49:00 | Win2K-f | 63.245.179.88 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, MCPHERSON, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:00:57:00 | WinXP | 85.180.7.207 (ALICEDSL.DE): HANSENET-ADSL, STUTTGART, BADEN-WURTTEMBERG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:58:00 | WinXP | 117.99.51.156 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:310 hits: 05-01 to 07-01] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 01:00:00 | WinXP | 24.84.182.249 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | f9bf3a1e43 NEW |
f9bf3a1e43 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 01:19:00 | WinXP | 66.184.79.178 (LDMI.COM): TALK AMERICA, NORTH YORK, ONTARIO, CA. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 267 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 13cfd63045 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:25:00 | WinXP | 12.77.9.217 (ATT.NET): AT&T WORLDNET SERVICES, VIRGINIA BEACH, VIRGINIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:448 hits: 12-31 to 07-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:29:00 | WinXP | 122.120.13.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:45:00 | Win2K-f | 121.94.179.176 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| 02:04:00 | Win2K-f | 4.225.174.166 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:07:00 | WinXP | 220.239.224.211 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 063fecc528 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:43:00 | Win2K-f | 60.254.212.190 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | 9aa3d60ce0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:48:00 | Win2K-f | 60.40.251.49 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:53:00 | Win2K-f | 4.245.102.206 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:55:00 | Win2K-f | 85.23.23.86 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 35 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| 03:01:00 | WinXP | 219.251.84.103 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxima.ircgalaxy.pl US:192.221.110.126:80 US:198.78.220.126:80 US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 31 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 8cf35e2a50 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:03:04:00 | WinXP | 60.238.169.14 (MESH.AD.JP): NEC CORPORATION, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:03:09:00 | Win2K-f | 207.5.226.102 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 33 | 9005e93bd0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:09:00 | WinXP | 86.155.81.86 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:674 hits: 07-11 to 07-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:13:00 | WinXP | 122.27.11.112 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 8846af9408 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:27:00 | Win2K-f | 59.104.87.233 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:39:00 | WinXP | 76.169.138.218 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] e07c29c4ae [Firefox:57 hits: 06-19 to 07-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:39:00 | WinXP | 82.197.252.165 (NETATONCE.NET): ADSL MLM DALAPLAN, KALMAR, KALMAR, SE. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 | 8afe0419c3 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:00:00 | Win2K-f | 218.211.223.153 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 29 of 33 31 of 33 |
b5919931fe [Firefox:53 hits: 06-20 to 07-03] dd98c3c108 NEW e98746deb1 NEW |
b5919931fe [1] dd98c3c108[1] none [4] |
ASM:Graph ASM:Graph none:none |
ASProtect| Armadillo| tElock| |
lines=90 lines=82 none |
trace trace trace |
| 04:04:00 | WinXP | 119.11.114.212 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | e99c44b96a NEW |
none[none] | none:none |
none|none | none | none |
| T:04:12:00 | Win2K-f | 71.53.86.153 (EMBARQHSD.NET): EMBARQ CORPORATION, KILLEEN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:37:00 | Win2K-f | 208.72.216.139 (NEXGIT.COM): SIMPLE TOUCH GROUP, LOS ANGELES, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:199.93.46.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:43:00 | WinXP | 78.32.131.181 (ENTA.NET): ADSL ENDPOINTS NAT CONECTIONS ONLY, LONDON, ENGLAND, UK. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| 04:46:00 | Win2K-f | 61.217.62.109 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:50:00 | Win2K-f | 60.254.227.88 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 3193f092d9 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:58:00 | WinXP | 85.180.57.72 (ALICEDSL.DE): HANSENET-ADSL, STUTTGART, BADEN-WURTTEMBERG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:15:00 | Win2K-f | 221.138.111.91 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 61426996c3 [Firefox: 2 hits: 06-20 to 06-30] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:05:22:00 | Win2K-f | 203.91.182.95 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 57ce4acac2 [Firefox:33 hits: 06-17 to 07-03] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:23:00 | Win2K-f | 220.144.188.168 (MESH.AD.JP): NEC CORPORATION, YOKOHAMA, KANAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:24:00 | WinXP | 65.86.238.166 (DSL.NET): DSL.NET INC, BROOKLYN, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:25:00 | Win2K-f | 70.77.38.60 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, PRINCE GEORGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:42:00 | Win2K-f | 124.87.149.52 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| 05:47:00 | Win2K-f | 87.13.218.220 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, PIACENZA, EMILIA-ROMAGNA, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:51:00 | WinXP | 61.217.62.109 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:54:00 | Win2K-f | 133.205.75.163 (MESH.AD.JP): JAPAN NETWORK INFORMATION CENTER, TOKYO, TOKYO, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 05:56:00 | Win2K-f | 125.228.108.0 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:06:00 | Win2K-f | 60.254.241.25 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 3193f092d9 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:18:00 | WinXP | 220.220.40.239 (PLALA.OR.JP): NTT COMMUNICATIONS CORPORATION, SENDAI, MIYAGI, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:674 hits: 07-11 to 07-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:22:00 | Win2K-f | 116.123.121.66 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:205.128.79.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 4c3df24b32 [Firefox:45 hits: 06-17 to 07-03] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:43:00 | WinXP | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:206.33.45.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:46:00 | WinXP | 85.180.0.97 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:51:00 | Win2K-f | 125.180.248.7 (-): POWC-334C, SONGNAM, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:207.123.44.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 31 of 33 |
7bdeb65dd2 NEW b5919931fe [Firefox:53 hits: 06-20 to 07-03] e2b84629ac NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 07:04:00 | WinXP | 87.61.168.105 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.145.225.22:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:478 hits: 05-04 to 07-01] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:07:21:00 | WinXP | 86.146.146.65 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:16 hits: 06-12 to 07-03] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:07:26:00 | Win2K-f | 124.100.174.97 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| 07:38:00 | WinXP | 4.227.20.119 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:58:00 | WinXP | 123.213.3.112 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 0 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 61426996c3 [Firefox: 2 hits: 06-20 to 06-30] e07c29c4ae [Firefox:57 hits: 06-19 to 07-03] |
none[4] 61426996c3[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 08:07:00 | WinXP | 78.51.160.33 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:31:00 | Win2K-f | 219.105.95.222 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 | 1f368577c7 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:35:00 | Win2K-f | 211.211.159.174 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 32 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 4c3df24b32 [Firefox:45 hits: 06-17 to 07-03] b5919931fe [Firefox:53 hits: 06-20 to 07-03] |
none[4] 4c3df24b32[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:08:43:00 | WinXP | 222.238.49.168 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.79.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:45 hits: 06-17 to 07-03] 53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:08:45:00 | Win2K-f | 118.109.25.8 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 23992db624 NEW |
none[none] | none:none |
none|none | none | none | |
| T:08:47:00 | WinXP | 122.53.182.54 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 271 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
36ba291c44 NEW 91301d094b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:49:00 | Win2K-f | 220.107.199.131 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| 08:57:00 | WinXP | 218.168.70.5 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:30:00 | Win2K-f | 92.40.179.145 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:31:00 | Win2K-f | 24.77.151.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VERNON, BRITISH COLUMBIA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 30 of 33 0 of 32 |
12df83cb4f [Firefox: 4 hits: 06-19 to 06-26] 2e7dc3f066 [Firefox: 4 hits: 06-19 to 06-26] b5919931fe [Firefox:53 hits: 06-20 to 07-03] |
12df83cb4f [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| T:09:45:00 | WinXP | 70.119.119.199 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] e07c29c4ae [Firefox:57 hits: 06-19 to 07-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:10:00 | Win2K-f | 78.54.21.235 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 38ba3223fd NEW |
none[none] | none:none |
none|none | none | none |
| T:10:16:00 | Win2K-f | 211.213.56.219 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 4c3df24b32 [Firefox:45 hits: 06-17 to 07-03] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:18:00 | WinXP | 61.231.123.36 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:10:30:00 | Win2K-f | 71.131.139.132 (SBCGLOBAL.NET): DOMINO'S PIZZA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:42:00 | Win2K-f | 4.142.111.151 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ELGIN, ILLINOIS, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 32 of 33 |
470e7533c6 NEW 9b5f91cb49 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:43:00 | WinXP | 211.179.103.7 (KRLINE.NET): KRNIC, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.44.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
2e04b06527 NEW 5c054291de NEW |
none[4] 5c054291de[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:10:52:00 | WinXP | 86.156.28.24 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:80 US:69.247.147.113:12351 US:69.247.147.113:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 2419ef9026 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:53:00 | Win2K-f | 122.147.98.67 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 29 of 33 31 of 33 |
b5919931fe [Firefox:53 hits: 06-20 to 07-03] dd98c3c108 NEW e98746deb1 NEW |
b5919931fe [1] dd98c3c108[1] none [4] |
ASM:Graph ASM:Graph none:none |
ASProtect| Armadillo| tElock| |
lines=90 lines=82 none |
trace trace trace |
| 10:59:00 | Win2K-f | 82.215.219.196 (KYMP.NET): KYMEN PUHELIN OY INTERNET SERVICES, KOTKA, ETELA-SUOMEN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 567f5c8db2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:08:00 | Win2K-f | 61.255.135.9 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] 4c3df24b32 [Firefox:45 hits: 06-17 to 07-03] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:09:00 | Win2K-f | 78.147.13.197 (-): OPAL TELECOM DSL, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
16 of 33 | fc3634d9ec NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:16:00 | WinXP | 24.84.166.12 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org :caen.fr.eu.undernet.org NL:diemen.nl.eu.undernet.org AT:graz.at.eu.undernet.org SE:qis.md.us.dal.net :washington.dc.us.undernet.org SE:vancouver.dal.net :lulea.se.eu.undernet.org SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc NEW |
none[none] | none:none |
none|none | none | none |
| 11:32:00 | Win2K-f | 60.236.253.210 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:39:00 | WinXP | 24.78.223.48 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
65275a1614 NEW ec0d7783de NEW |
65275a1614 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:11:41:00 | WinXP | 88.104.82.209 (AS9105.COM): TISCALI UK LTD, LIVERPOOL, ENGLAND, UK. (DSL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 | 2905d384e2 [Firefox: 2 hits: 07-03 to 07-03] |
none[none] | none:none |
none|none | none | none | |
| T:11:44:00 | Win2K-f | 85.180.57.67 (ALICEDSL.DE): HANSENET-ADSL, STUTTGART, BADEN-WURTTEMBERG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:46:00 | WinXP | 218.168.70.5 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:11:53:00 | Win2K-f | 77.20.210.233 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 4e09d669b4 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:55:00 | WinXP | 98.135.144.152 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:16:00 | Win2K-f | 69.216.126.81 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:28:00 | WinXP | 92.236.145.35 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 0dc9350933 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:33:00 | Win2K-f | 221.191.214.146 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 0144eaab60 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:52:00 | WinXP | 98.134.176.81 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox: 2 hits: 06-25 to 06-26] 7f6e032fc0 [Firefox: 2 hits: 06-25 to 06-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:53:00 | WinXP | 80.41.162.156 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:45:00 | WinXP | 86.134.47.187 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:16 hits: 06-12 to 07-03] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 13:58:00 | Win2K-f | 4.253.44.151 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KILLEEN, TEXAS, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:14:00 | Win2K-f | 60.254.199.162 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
210.245.211.11:65520 217.170.244.2:443 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 36 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | f240c3512f NEW |
none[none] | none:none |
none|none | none | none |
| T:14:15:00 | Win2K-f | 98.134.233.147 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:19:00 | WinXP | 193.248.21.223 (ABO.WANADOO.FR): WANADOO FRANCE, CAEN, BASSE-NORMANDIE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:29 hits: 12-14 to 07-03] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:14:19:00 | WinXP | 124.84.122.169 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
69.247.147.113:13001 | US:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | 605fe84c5c NEW |
none[none] | none:none |
none|none | none | none |
| 15:14:00 | Win2K-f | 91.65.212.216 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:15:23:00 | Win2K-f | 65.255.49.130 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] b5919931fe [Firefox:53 hits: 06-20 to 07-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:27:00 | WinXP | 4.240.120.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ALBUQUERQUE, NEW MEXICO, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:15:41:00 | WinXP | 85.182.41.59 (ALICEDSL.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
217.170.244.2:443 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 | 75375279a7 NEW |
none[none] | none:none |
none|none | none | none |
| 15:49:00 | WinXP | 189.48.234.223 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:26 hits: 03-24 to 06-28] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:55:00 | WinXP | 78.48.163.140 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:310 hits: 05-01 to 07-01] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:16:08:00 | WinXP | 201.228.26.150 (TELECOM.COM.CO): COLOMBIA TELECOMUNICACIONES S.A. ESP, CO. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 8c4361f20f NEW |
none[none] | none:none |
none|none | none | none | |
| T:16:15:00 | Win2K-f | 211.13.67.227 (MESH.AD.JP): C&C INTERNET SERVICE MESH, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 33 | c83d445337 NEW |
none[none] | none:none |
none|none | none | none | |
| T:16:20:00 | WinXP | 122.18.126.130 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:674 hits: 07-11 to 07-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:40:00 | Win2K-f | 124.84.122.169 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:00:00 | Win2K-f | 221.143.125.185 (GUTZWILLER.CH): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.79.125:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
9d571adc3c NEW a704164588 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:08:00 | Win2K-f | 4.184.57.115 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 207 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | c87b5f785d NEW |
none[none] | none:none |
none|none | none | none | |
| 17:32:00 | WinXP | 70.74.204.46 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:40:00 | Win2K-f | 72.251.32.57 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:20:00 | Win2K-f | 24.83.204.143 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] b5919931fe [Firefox:53 hits: 06-20 to 07-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 18:23:00 | Win2K-f | 92.40.83.139 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:26:00 | Win2K-f | 98.134.248.57 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1066 lines |
Yeah : 1.3 profile |
none | summary tarball |
9 of 33 | 127c76380b NEW |
none[none] | none:none |
none|none | none | none | |
| 18:42:00 | WinXP | 118.7.254.248 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:674 hits: 07-11 to 07-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:46:00 | Win2K-f | 61.229.159.12 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:48:00 | WinXP | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.46.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:55:00 | WinXP | 61.20.132.126 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:04:00 | WinXP | 61.20.132.126 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:19:28:00 | Win2K-f | 220.139.143.99 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:40:00 | Win2K-f | 76.93.105.18 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 73f1082158 [Firefox:163 hits: 06-18 to 07-03] b5919931fe [Firefox:53 hits: 06-20 to 07-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 19:44:00 | Win2K-f | 4.225.24.228 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPRINGFIELD, OHIO, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:46:00 | WinXP | 92.40.193.232 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 8e2a6d8756 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:48:00 | WinXP | 41.214.164.143 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3135 hits: 12-31 to 07-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:01:00 | WinXP | 70.78.105.45 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 31 | 743e51a884 [Firefox: 2 hits: 07-01 to 07-03] |
none[none] | none:none |
none|none | none | none | |
| 20:12:00 | WinXP | 99.14.155.152 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:448 hits: 12-31 to 07-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:12:00 | WinXP | 4.154.3.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DULUTH, GEORGIA, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:20:13:00 | WinXP | 24.76.241.66 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 30 of 33 0 of 33 |
12df83cb4f [Firefox: 4 hits: 06-19 to 06-26] 2e7dc3f066 [Firefox: 4 hits: 06-19 to 06-26] e07c29c4ae [Firefox:57 hits: 06-19 to 07-03] |
12df83cb4f [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=82 none lines=92 |
trace trace trace |
| T:20:27:00 | Win2K-f | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] 57ce4acac2 [Firefox:33 hits: 06-17 to 07-03] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:45:00 | WinXP | 216.201.28.52 (RTECEXPRESS.NET): RIDGEVILLE TELEPHONE COMPANY, MANSFIELD, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:47:00 | Win2K-f | 75.5.4.29 (SBCGLOBAL.NET): RBACK34C.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:06:00 | Win2K-f | 4.227.107.64 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 21:07:00 | WinXP | 218.168.61.39 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 21:11:00 | WinXP | 208.79.97.55 (-): GLOBAL CARIBBEAN NETWORK, GP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] b7082104e4 [Firefox:25 hits: 06-18 to 07-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:21:18:00 | Win2K-f | 75.63.172.149 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:25:00 | WinXP | 210.49.188.71 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, MELBOURNE, VICTORIA, AU. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3135 hits: 12-31 to 07-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:30:00 | WinXP | 211.44.167.48 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.79.124:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
168aab35a3 [Firefox:27 hits: 06-17 to 07-03] acd2a6266d [Firefox: 3 hits: 06-19 to 07-03] |
none[4] acd2a6266d[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 21:49:00 | WinXP | 125.101.54.39 (UCOM.NE.JP): G-MG0001N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 3e209ce796 NEW |
none[4] | none:none |
none|none | none | trace | |
| 21:59:00 | Win2K-f | 122.2.45.30 (PLDT.NET): JNEC7300I03_CONSUMER, CEBU, CEBU CITY, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 317 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8354fa612f NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:06:00 | Win2K-f | 4.245.120.86 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 | e8151abf1c NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:09:00 | WinXP | 211.245.231.253 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 0 of 33 |
87bd0a062f NEW c7d6018f97 NEW e07c29c4ae [Firefox:57 hits: 06-19 to 07-03] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:22:14:00 | WinXP | 218.86.236.21 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, GUIZHOU, GUIZHOU, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:32:00 | Win2K-f | 58.106.20.218 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
48bc07f9ed [Firefox: 2 hits: 06-21 to 06-25] a5308d87d0 [Firefox: 4 hits: 06-21 to 06-27] |
none[4] a5308d87d0[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 22:59:00 | Win2K-f | 66.141.23.76 (SWBELL.NET): PPPOX POOL - RBACK14 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:366 hits: 06-17 to 07-03] a08f3b74a4 [Firefox:127 hits: 06-18 to 07-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:02:00 | WinXP | 4.248.1.135 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2817 hits: 12-31 to 07-03] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:23:22:00 | WinXP | 72.235.209.198 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
b068451179 NEW b959a8bf1f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:27:00 | WinXP | 4.228.123.224 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:28:00 | WinXP | 61.231.3.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |