|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:13:00 | Win2K-f | 61.224.0.127 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:14:00 | WinXP | 216.195.130.175 (GWI.NET): GREAT WORKS INTERNET, BRISTOL, NEW HAMPSHIRE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox: 4 hits: 06-17 to 06-25] 41efedf70f [Firefox: 3 hits: 06-19 to 06-25] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:00:15:00 | Win2K-f | 72.234.212.240 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:18:00 | Win2K-f | 96.15.205.32 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox: 3 hits: 06-25 to 07-04] 7f6e032fc0 [Firefox: 3 hits: 06-25 to 07-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:58:00 | Win2K-f | 71.2.176.27 (EMBARQHSD.NET): EMBARQ CORPORATION, CHANDLER, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:33:00 | WinXP | 116.123.129.57 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:207.123.37.125:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
01efbb6280 NEW 1e95b76bf3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:37:00 | WinXP | 221.142.75.130 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:207.123.37.125:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:35 hits: 06-17 to 07-04] 4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:14:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 02:19:00 | WinXP | 221.171.21.219 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:26:00 | WinXP | 221.171.21.219 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:31:00 | WinXP | 116.59.250.31 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c [Firefox:10 hits: 05-01 to 06-11] |
fddd4e56b0 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:33:00 | WinXP | 116.59.250.31 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c [Firefox:10 hits: 05-01 to 06-11] |
fddd4e56b0 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:52:00 | WinXP | 222.235.111.49 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.79.125:80 US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] 8390780c27 [Firefox: 6 hits: 06-18 to 06-29] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:03:00:00 | Win2K-f | 61.229.82.105 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:03:30:00 | WinXP | 203.82.126.130 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.124:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox: 2 hits: 06-19 to 07-03] 79c01ec060 [Firefox: 6 hits: 06-18 to 07-03] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 04:03:00 | Win2K-f | 125.225.13.129 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:23:00 | WinXP | 122.16.51.198 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 07-04] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:38:00 | WinXP | 217.201.7.40 (-): TELECOM ITALIA MOBILE, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:05:00 | Win2K-f | 67.70.67.94 (BELL.CA): BELL SYMPATICO, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] a08f3b74a4 [Firefox:135 hits: 06-18 to 07-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:09:00 | WinXP | 86.135.145.141 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1898e66cd2 [Firefox: 4 hits: 05-20 to 06-23] |
none[4] | none:none |
PolyEnE| | none | trace |
| 05:17:00 | Win2K-f | 4.245.116.130 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:20:00 | Win2K-f | 118.166.178.139 (-): . |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:05:35:00 | WinXP | 86.10.199.77 (NTL.COM): NTL INFRASTRUCTURE - LEEDS, DERBY, ENGLAND, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:19:00 | Win2K-f | 4.236.174.7 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BRONX, NEW YORK, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:39:00 | Win2K-f | 63.22.235.57 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] a08f3b74a4 [Firefox:135 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:46:00 | Win2K-f | 4.242.171.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTLAND, OREGON, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:46:00 | WinXP | 80.102.244.33 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, BARCELONA, CATALUñA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 07-04] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:54:00 | Win2K-f | 218.39.76.165 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
2ef9098242 NEW d789c8d157 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:56:00 | WinXP | 92.40.28.220 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:02:00 | WinXP | 220.100.223.198 (DY.BBEXCITE.JP): EXCITE JAPAN CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:104 hits: 09-28 to 07-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:04:00 | WinXP | 194.165.181.23 (ESAT.NET): OCEAN FREE INTERNET DIAL UP SERVICE, DUBLIN, DUBLIN, IE. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:729 hits: 05-01 to 07-02] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 07:20:00 | Win2K-f | 122.147.98.67 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.41.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
dd98c3c108 [Firefox: 3 hits: 06-24 to 07-04] e98746deb1 [Firefox: 3 hits: 06-24 to 07-04] |
dd98c3c108 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 07:28:00 | WinXP | 12.78.10.80 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:40:00 | WinXP | 68.144.71.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:192.221.99.124:80 US:199.93.44.126:80 US:204.160.126.126:80 US:206.251.244.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 32 of 33 27 of 33 |
0c1c51204b [Firefox: 2 hits: 06-18 to 07-02] 3d293743d8 [Firefox: 2 hits: 06-18 to 07-02] a014934a72 [Firefox:58 hits: 06-28 to 07-02] |
0c1c51204b [1] none [4] none [none] |
ASM:Graph none:none none:none |
Armadillo| PolyEnE| none|none |
lines=82 none none |
trace trace none |
| 07:57:00 | Win2K-f | 116.120.14.44 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.51:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] f7f799f818 NEW |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 08:11:00 | WinXP | 86.134.14.193 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:18 hits: 06-12 to 07-04] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:08:13:00 | WinXP | 220.147.162.119 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:25:00 | Win2K-f | 217.201.133.209 (-): TELECOM ITALIA MOBILE, FIRENZE, TOSCANA, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:25:00 | Win2K-f | 124.241.151.168 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] dbce870f48 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:08:28:00 | WinXP | 61.217.153.124 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:34:00 | Win2K-f | 211.179.101.9 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] 53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:08:38:00 | Win2K-f | 217.252.10.67 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MINDEN, NORDRHEIN-WESTFALEN, DE. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2839 hits: 12-31 to 07-04] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 08:42:00 | WinXP | 61.217.153.124 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:01:00 | WinXP | 90.151.202.56 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:17:00 | WinXP | 221.251.49.172 (UCOM.NE.JP): TK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:104 hits: 09-28 to 07-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:26:00 | Win2K-f | 67.10.65.232 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] a08f3b74a4 [Firefox:135 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:09:34:00 | WinXP | 4.159.83.132 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | :www.google.com.au US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:15 hits: 09-29 to 06-26] |
none[3] | none:none |
tElock| | none | trace |
| T:09:59:00 | Win2K-f | 203.118.229.80 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 251 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox: 8 hits: 06-22 to 07-02] |
none[4] | none:none |
none|none | none | trace | |
| 10:03:00 | WinXP | 203.118.229.80 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 258 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox: 8 hits: 06-22 to 07-02] |
none[4] | none:none |
none|none | none | trace | |
| T:10:08:00 | WinXP | 216.81.98.74 (ACCESSATC.NET): ALMA TELEPHONE, ALMA, GEORGIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:26:00 | WinXP | 61.224.0.127 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:36:00 | WinXP | 24.65.231.174 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 230 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 33 | 2c2f04d480 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:48:00 | Win2K-f | 65.169.129.130 (LIBERTYNAT.COM): BTC BROADBAND INC, BIXBY, OKLAHOMA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 0 of 32 30 of 33 |
ae43bb721a [Firefox: 3 hits: 06-19 to 06-30] b5919931fe [Firefox:61 hits: 06-20 to 07-04] b5a9a8f575 [Firefox: 3 hits: 06-19 to 06-30] |
ae43bb721a [1] b5919931fe[1] none [4] |
ASM:Graph ASM:Graph none:none |
Armadillo| ASProtect| StarForce| |
lines=81 lines=90 none |
trace trace trace |
| 11:04:00 | Win2K-f | 4.242.159.42 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTLAND, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:02:00 | Win2K-f | 24.224.215.148 (EASTLINK.CA): EASTLINK, HALIFAX, NOVA SCOTIA, CA. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] a08f3b74a4 [Firefox:135 hits: 06-18 to 07-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:27:00 | WinXP | 4.174.130.208 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.79.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:08:00 | WinXP | 118.86.30.170 (-): . |
n/a | DE:siliconfireware.ru RU:www.bbin.ru :wpad RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1096 hits: 05-01 to 07-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:24:00 | WinXP | 81.41.168.41 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, A CORUñA, GALICIA, ES. |
n/a | DE:siliconfireware.ru DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1096 hits: 05-01 to 07-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:27:00 | WinXP | 82.4.164.31 (NTL.COM): NTL INFRASTRUCTURE - OLDHAM, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1380 hits: 12-31 to 07-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:18:00 | Win2K-f | 68.119.204.71 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 29 of 32 |
ae4bed1aa9 [Firefox: 3 hits: 06-21 to 07-01] bc51bd8226 [Firefox: 3 hits: 06-21 to 07-01] |
ae4bed1aa9 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| 14:22:00 | WinXP | 218.168.60.202 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1380 hits: 12-31 to 07-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:28:00 | WinXP | 41.214.166.207 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:39:00 | WinXP | 172.192.178.105 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
034e57c5e5 NEW f44f2f1f15 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:40:00 | WinXP | 63.27.166.212 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:53:00 | Win2K-f | 24.24.213.219 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTMINSTER, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:55:00 | WinXP | 75.62.72.80 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:15:00 | Win2K-f | 24.82.35.70 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:41:00 | WinXP | 218.101.92.183 (CLEAR.NET.NZ): TELSTRACLEAR LTD, CHRISTCHURCH, CANTERBURY, NZ. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:729 hits: 05-01 to 07-02] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:15:45:00 | WinXP | 41.214.171.245 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:47:00 | WinXP | 24.87.147.132 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 30 of 33 0 of 33 |
95a2ce869c NEW bc2aa50683 NEW e07c29c4ae [Firefox:62 hits: 06-19 to 07-04] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:16:44:00 | Win2K-f | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:46:00 | WinXP | 24.24.213.219 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTMINSTER, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.66.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:01:00 | WinXP | 130.13.50.220 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:304 hits: 03-31 to 07-03] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 17:06:00 | WinXP | 123.50.68.149 (-): MANA INTERNET SERVICE PROVIDER, PAPEETE, FRENCH POLYNESIA, PF. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:104 hits: 09-28 to 07-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:18:00 | WinXP | 130.13.33.187 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:304 hits: 03-31 to 07-03] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 17:27:00 | WinXP | 85.154.163.153 (-): OMAN-EXP, OM. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 07-04] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:32:00 | WinXP | 68.206.202.250 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1380 hits: 12-31 to 07-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:32:00 | WinXP | 68.206.202.250 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org SE:ced.dal.net SE:viking.dal.net :los-angeles.ca.us.undernet.org SE:ozbytes.dal.net SE:coins.dal.net SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1380 hits: 12-31 to 07-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 17:40:00 | WinXP | 122.146.241.76 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 57ce4acac2 [Firefox:35 hits: 06-17 to 07-04] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:49:00 | WinXP | 75.179.35.8 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.66.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] b7082104e4 [Firefox:26 hits: 06-18 to 07-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:17:55:00 | WinXP | 172.162.249.253 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:05:00 | Win2K-f | 70.74.216.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 18:08:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 [Firefox: 2 hits: 06-18 to 07-04] 53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] |
4ca3056804 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:18:10:00 | WinXP | 4.252.65.71 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1096 hits: 05-01 to 07-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 18:10:00 | WinXP | 118.0.60.178 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 07-04] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:12:00 | WinXP | 190.188.0.126 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:18:00 | Win2K-f | 24.64.242.103 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox: 7 hits: 06-18 to 06-30] e53a9ea82e [Firefox: 7 hits: 06-18 to 06-30] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 18:37:00 | Win2K-f | 24.76.241.66 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.46.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 30 of 33 |
12df83cb4f [Firefox: 6 hits: 06-19 to 07-04] 2e7dc3f066 [Firefox: 6 hits: 06-19 to 07-04] |
12df83cb4f [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 18:41:00 | Win2K-f | 67.10.65.232 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:199.93.46.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] a08f3b74a4 [Firefox:135 hits: 06-18 to 07-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:50:00 | WinXP | 220.219.3.28 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 33 | b402048f34 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:59:00 | WinXP | 172.133.20.86 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:21:00 | WinXP | 222.149.193.221 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:678 hits: 07-11 to 07-04] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:28:00 | WinXP | 172.130.23.63 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 0 of 33 |
3373948767 NEW c73f738c30 NEW e07c29c4ae [Firefox:62 hits: 06-19 to 07-04] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 19:53:00 | Win2K-f | 69.110.85.226 (-): JAY KWON, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
b12e5dfed0 NEW dc92683d9a [Firefox: 3 hits: 06-19 to 06-21] |
none[4] dc92683d9a[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 20:11:00 | Win2K-f | 71.111.163.57 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:25:00 | WinXP | 172.168.197.13 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:36:00 | Win2K-f | 219.249.72.124 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:199.93.41.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 32 of 33 |
309c79f8d9 NEW 4b1e5a8e77 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:50:00 | WinXP | 76.77.236.200 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] e07c29c4ae [Firefox:62 hits: 06-19 to 07-04] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:15:00 | WinXP | 119.94.13.50 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.124:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 28 of 33 |
56a3822608 NEW a4c433c5d3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:21:00 | Win2K-f | 96.15.38.206 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.41.126:80 US:204.160.126.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox: 3 hits: 06-25 to 07-04] 7f6e032fc0 [Firefox: 3 hits: 06-25 to 07-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:25:00 | Win2K-f | 118.216.47.41 (-): . |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.41.124:80 US:199.93.41.126:80 US:204.160.126.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
168aab35a3 [Firefox:35 hits: 06-17 to 07-04] d59714403a NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:21:32:00 | Win2K-f | 116.122.47.162 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b [Firefox: 3 hits: 06-18 to 06-26] 857b781ca9 [Firefox: 3 hits: 06-18 to 06-26] |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 21:44:00 | Win2K-f | 76.171.226.161 (RR.COM): ROAD RUNNER HOLDCO LLC, HERMOSA BEACH, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:15:00 | WinXP | 98.140.228.20 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:20:00 | WinXP | 67.53.5.61 (RR.COM): ROAD RUNNER HOLDCO LLC, MILWAUKEE, WISCONSIN, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3137 hits: 12-31 to 07-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:22:00 | Win2K-f | 4.245.114.39 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:35:00 | WinXP | 218.210.225.206 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:41:00 | Win2K-f | 202.125.63.70 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:43:00 | Win2K-f | 202.183.56.5 (-): TOWN KANZAKI, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 292 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | ef6ce4f6ac NEW |
none[none] | none:none |
none|none | none | none |
| 22:51:00 | WinXP | 118.220.165.63 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:35 hits: 06-17 to 07-04] 4c3df24b32 [Firefox:50 hits: 06-17 to 07-04] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:09:00 | Win2K-f | 4.252.170.130 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:390 hits: 06-17 to 07-04] 73f1082158 [Firefox:174 hits: 06-18 to 07-04] b5919931fe [Firefox:61 hits: 06-20 to 07-04] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:21:00 | WinXP | 124.87.103.154 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:104 hits: 09-28 to 07-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:30:00 | WinXP | 98.140.228.155 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:32:00 | Win2K-f | 70.77.137.71 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 777e93c56a NEW |
none[none] | none:none |
none|none | none | none |
| 23:34:00 | WinXP | 203.112.56.98 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | US:mx1.hotmail.com SE:ftp.icq.com US:yutunrz.1dumb.com US:maila.microsoft.com US:mailin-04.mx.aol.com US:mailin-02.mx.aol.com US:ftp.newaol.com US:mcduii.3-a.net :jdjsloy.dynserv.com **:wyqggvow.afraid.org :nttstziinpa.hn.org US:fcnhysydw.yi.org US:dlivmg.1dumb.com US:neytteybbo.3-a.net :fzzdik.dynserv.com :pkvgzaecagx.afraid.org :yraqztt.hn.org US:kpxvrvdefs.yi.org US:qeqfsvxousx.1dumb.com US:imtoey.3-a.net :jrscqsshxs.dynserv.com :yjjtuvsro.afraid.org :firradbqzku.hn.org US:dgwigom.yi.org US:mfltoqgqt.1dumb.com US:ksfvgfrf.3-a.net :uhqoyjlu.dynserv.com :bdtjkffl.afraid.org :ipurfbqpsdj.hn.org US:orugtuapnzu.yi.org US:gyssafafiq.1dumb.com US:ihhyzby.3-a.net :pvxkideqlen.dynserv.com :bhlnklify.afraid.org US:143.215.15.145:80 US:143.215.15.60:80 US:207.200.66.51:80 SE:209.170.96.79:80 |
445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | b7b3903437 NEW |
none[4] | none:none |
none|none | none | trace |
| T:23:49:00 | WinXP | 124.87.103.154 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |