|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:23:00 | Win2K-f | 71.113.90.103 (VERIZON.NET): VERIZON INTERNET SERVICES INC, MARYSVILLE, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:37:00 | Win2K-f | 24.78.223.48 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
65275a1614 [Firefox: 2 hits: 06-21 to 07-04] ec0d7783de [Firefox: 2 hits: 06-21 to 07-04] |
65275a1614 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 00:49:00 | Win2K-f | 211.108.65.210 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 32 of 33 |
ce46f7ab87 NEW d7dc1e3bea NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:52:00 | Win2K-f | 71.111.229.213 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:55:00 | WinXP | 92.40.181.116 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 5ed8a3de6e [Firefox: 2 hits: 05-18 to 07-01] |
none[4] | none:none |
ASPack| | none | trace |
| T:02:08:00 | Win2K-f | 218.55.245.101 (-): HANANET-LLINE-DIGITALARTHIVE, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
135 | pcap | raw alerts ruleset |
http irc 755 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 9 of 33 27 of 33 0 of 32 |
4b18edffbf NEW 78a2aad449 NEW a014934a72 [Firefox:59 hits: 06-28 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] |
none[none] none [none] none [none] b5919931fe[1] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=90 |
none none none trace |
| T:02:33:00 | Win2K-f | 61.31.173.36 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.79.125:80 US:207.123.37.125:80 |
445 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:35:00 | WinXP | 79.138.132.94 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:45:00 | Win2K-f | 130.228.96.66 (TELE2.NET): TELE GREENLAND INTERNATIONAL A/S, COPENHAGEN, COPENHAGEN, DK. (100Mbps) |
59.155.248.50:18067 | CN:bbjj.househot.com CN:ypgw.wallloan.com CN:59.155.248.50:18067 |
445 | pcap | raw alerts ruleset |
irc 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 996c9c3a01 [Firefox: 7 hits: 04-03 to 05-30] |
4b6453fcf3 [0] | ASM:Graph |
MEW| | lines=5 | trace |
| T:02:48:00 | WinXP | 218.175.208.1 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:11:00 | Win2K-f | 211.59.71.246 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.125:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
9d571adc3c NEW a704164588 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:38:00 | Win2K-f | 24.84.182.249 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | f9bf3a1e43 [Firefox: 2 hits: 06-23 to 07-04] |
f9bf3a1e43 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:03:39:00 | Win2K-f | 96.15.201.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:48:00 | WinXP | 89.166.3.8 (PHNET.FI): PHNET INTERNET SERVICES CONSUMER BROADBAND CONNECTIONS, HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:108 hits: 09-28 to 07-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:48:00 | WinXP | 172.192.108.201 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:55:00 | Win2K-f | 61.215.171.230 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
135 | pcap | raw alerts ruleset |
irc http 785 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 30 of 33 27 of 33 0 of 32 |
02cab5983b [Firefox: 2 hits: 06-18 to 07-01] 76e6f343c5 [Firefox: 2 hits: 06-18 to 07-01] a014934a72 [Firefox:59 hits: 06-28 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] |
none[4] 76e6f343c5[1] none [none] b5919931fe[1] |
none:none ASM:Graph none:none ASM:Graph |
tElock| Armadillo| none|none ASProtect| |
none lines=82 none lines=90 |
trace trace none trace |
| T:04:05:00 | WinXP | 202.134.243.7 (AINS.NET.AU): AINS INTERNET SERVICE PROVIDER, MELBOURNE, VICTORIA, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:204.160.126.124:80 US:208.111.153.215:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 239 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 2 hits: 07-03 to 07-05] c73f738c30 [Firefox: 2 hits: 07-03 to 07-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:15:00 | WinXP | 208.104.204.67 (COMPORIUM.NET): ROCK HILL TELEPHONE COMPANY, ROCK HILL, SOUTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
dfbaaf577c [Firefox: 5 hits: 06-18 to 07-03] f504b4af20 [Firefox: 5 hits: 06-18 to 07-03] |
none[4] f504b4af20[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:04:29:00 | Win2K-f | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 57ce4acac2 [Firefox:36 hits: 06-17 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 04:29:00 | WinXP | 202.222.59.180 (ASAGAOTV.NE.JP): MATTO BROADCASTING CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 | fbacdd87c0 NEW |
none[4] | none:none |
none|none | none | trace | |
| T:04:39:00 | WinXP | 61.115.147.110 (ZAQ.NE.JP): CABLENET KOBE ASHIYA CO. LTD, KOBE, HYOGO, JP. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:48:00 | WinXP | 4.233.194.246 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:30 hits: 12-14 to 07-04] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:04:54:00 | WinXP | 68.147.81.100 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 30 of 33 0 of 33 |
0ce8fd0298 NEW 9dab37e63b NEW e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:05:00:00 | WinXP | 4.159.32.3 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MINNEAPOLIS, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:02:00 | WinXP | 69.150.83.113 (SWBELL.NET): STLSMO ADSL BRAS1 PPPOX, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | DE:siliconfireware.ru SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org :marsho.dk :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.194.210.198:80 US:69.25.142.48:80 US:72.29.65.216:80 EU:78.47.200.154:80 FI:80.81.183.162:80 SE:88.80.5.157:80 SE:88.80.5.15:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:56 hits: 05-10 to 07-03] |
none[3] | none:none |
ASPack| | none | trace |
| T:05:11:00 | WinXP | 62.215.51.163 (-): FAST TELCO INFRA STRUCTURE WEB ACCESS USERS, KUWAIT, AL KUWAYT, KW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | c1758dd1f7 NEW |
none[none] | none:none |
none|none | none | none |
| 05:14:00 | WinXP | 122.42.98.59 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:ebookfinaltrash.ru :daymohk.info :marsho.dk US:192.221.110.125:80 US:199.93.44.124:80 US:205.128.79.125:80 HK:210.245.211.11:65520 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.194.210.198:80 US:69.25.142.48:80 US:72.29.65.216:80 EU:78.47.200.154:80 FI:80.81.183.162:80 SE:88.80.5.157:80 SE:88.80.5.15:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 NEW bc94f66052 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:30:00 | WinXP | 220.191.8.32 (163DATA.COM.CN): CHINANET-ZJ HANGZHOU NODE NETWORK, HANGZHOU, ZHEJIANG, CN. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 31 | 4d244a981f NEW |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:05:49:00 | WinXP | 4.159.77.86 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | US:www.yahoo.com :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:16 hits: 09-29 to 07-05] |
none[3] | none:none |
tElock| | none | trace |
| 05:56:00 | WinXP | 89.186.159.55 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | ad0c5ff63e NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:56:00 | WinXP | 118.237.39.203 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox: 8 hits: 06-20 to 06-30] |
none[4] | none:none |
none|none | none | trace | |
| T:06:35:00 | Win2K-f | 65.86.238.166 (DSL.NET): DSL.NET INC, BROOKLYN, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:205.128.79.125:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:10:00 | Win2K-f | 71.104.174.138 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:12:00 | Win2K-f | 24.66.38.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 31 of 32 23 of 33 |
b5919931fe [Firefox:68 hits: 06-20 to 07-05] bca9e0fb5f [Firefox: 8 hits: 06-18 to 07-05] e53a9ea82e [Firefox: 8 hits: 06-18 to 07-05] |
b5919931fe [1] none [4] e53a9ea82e[1] |
ASM:Graph none:none ASM:Graph |
ASProtect| PolyEnE| Armadillo| |
lines=90 none lines=81 |
trace trace trace |
| T:07:14:00 | WinXP | 92.40.10.196 (IKBCC.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1099 hits: 05-01 to 07-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:07:33:00 | WinXP | 118.240.121.232 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:679 hits: 07-11 to 07-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:02:00 | Win2K-f | 97.89.98.42 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 166 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
65494b4a08 NEW eeb51a6e9e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:13:00 | WinXP | 221.142.43.247 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxima.ircgalaxy.pl US:192.221.99.126:80 US:198.78.220.124:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 |
5364c612fa NEW 53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 08:28:00 | WinXP | 123.224.120.238 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 33 | 5aeab33849 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:46:00 | WinXP | 74.67.102.23 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:449 hits: 05-02 to 07-02] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:49:00 | Win2K-f | 166.82.159.214 (CTC.NET): CTC INTERNET SERVICES INC, SALISBURY, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:20:00 | WinXP | 196.208.94.39 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.79.125:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 57ce4acac2 [Firefox:36 hits: 06-17 to 07-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:40:00 | Win2K-f | 24.198.43.30 (RR.COM): ROAD RUNNER HOLDCO LLC, PORTLAND, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 613 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | d16355e15b NEW |
none[4] | none:none |
ASPack| | none | trace | |
| T:09:47:00 | WinXP | 65.184.125.162 (RR.COM): ROAD RUNNER HOLDCO LLC, SUMMERVILLE, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:09:00 | Win2K-f | 67.9.114.114 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:199.93.46.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:12:00 | WinXP | 213.45.193.160 (POOL21345.INTERBUSINESS.IT): TELECOM ITALIA S.P.A, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:19 hits: 06-24 to 06-19] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:15:00 | WinXP | 67.117.3.35 (PACBELL.NET): NAS4.IRVNCA, VENTURA, CALIFORNIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 32 | 396656c83c [Firefox: 3 hits: 08-20 to 05-03] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:10:27:00 | Win2K-f | 122.47.13.84 (-): POWERCOMM, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 32 of 33 |
4c3df24b32 [Firefox:56 hits: 06-17 to 07-05] 58408136a4 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:10:37:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:205.128.79.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:45:00 | WinXP | 87.55.116.126 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:45:00 | WinXP | 4.252.130.69 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net :caen.fr.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:ozbytes.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:49:00 | WinXP | 82.79.253.10 (RDSNET.RO): RCS-RDS-CABLELINK, BAIA MARE, MARAMURES, RO. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 8a79fbda68 [Firefox: 2 hits: 06-26 to 07-03] |
none[none] | none:none |
none|none | none | none |
| 10:49:00 | WinXP | 82.79.253.10 (RDSNET.RO): RCS-RDS-CABLELINK, BAIA MARE, MARAMURES, RO. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 8a79fbda68 [Firefox: 2 hits: 06-26 to 07-03] |
none[none] | none:none |
none|none | none | none |
| T:11:31:00 | WinXP | 61.47.26.86 (ICSPACE.NET): PACIFIC INTERNET THAILAND, TH. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 0 of 33 |
1df71b6767 NEW 33378033f2 NEW e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:11:34:00 | WinXP | 24.78.45.15 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 147 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
65275a1614 [Firefox: 2 hits: 06-21 to 07-04] ec0d7783de [Firefox: 2 hits: 06-21 to 07-04] |
65275a1614 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:11:35:00 | Win2K-f | 99.170.21.97 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 11:45:00 | Win2K-f | 172.170.216.99 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:52:00 | WinXP | 4.241.222.234 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN DIEGO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:206.33.45.125:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:01:00 | WinXP | 4.245.117.4 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:03:00 | WinXP | 75.137.190.17 (CHARTER.COM): CHARTER COMMUNICATIONS, ATHENS, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:23:00 | Win2K-f | 130.13.156.209 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
200.132.24.197:1977 200.132.24.197:7979 194.68.45.50:7000 | BR:neo12.cjb.net :www.freewebtown.com :fwt.txdnl.com BR:mangupi2008.cjb.net SE:global.mo.us.dal.net SE:194.68.45.50:7000 |
135 | pcap | raw alerts ruleset |
irc http 928 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 31 7 of 32 |
0b6af9e88a [Firefox: 3 hits: 05-31 to 06-01] fff4c1e935 NEW |
24b6fb10de [0] none [none] |
ASM:Graph none:none |
StarForce| none|none |
lines=1106 embedded dns none |
trace none |
| T:12:32:00 | WinXP | 69.109.153.52 (PACBELL.NET): AT&T INTERNET SERVICES, SAN DIEGO, CALIFORNIA, US. (100Mbps) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 0 of 33 |
b12e5dfed0 [Firefox: 2 hits: 06-21 to 07-05] dc92683d9a [Firefox: 4 hits: 06-19 to 07-05] e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[4] dc92683d9a[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:12:39:00 | WinXP | 76.77.130.166 (CLARKDJFS.ORG): SPRINGNET, SPRINGFIELD, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.79.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:21:00 | WinXP | 4.131.74.54 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 | 392d2a4da6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:22:00 | Win2K-f | 122.43.61.89 (-): POWERCOMM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 NEW bc94f66052 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:50:00 | Win2K-f | 122.55.161.19 (PLDT.NET): IPG, PH. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:08:00 | WinXP | 41.214.176.118 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:312 hits: 05-01 to 07-04] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 14:08:00 | WinXP | 122.42.95.62 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.126:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 33 |
2949152a24 NEW f1a10a0d85 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:14:00 | WinXP | 4.242.39.111 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SEATTLE, WASHINGTON, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:24:00 | WinXP | 92.114.188.133 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 NEW |
none[none] | none:none |
none|none | none | none |
| 14:31:00 | WinXP | 76.182.159.116 (RR.COM): ROAD RUNNER HOLDCO LLC, MINNEAPOLIS, MINNESOTA, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:31:00 | WinXP | 76.182.159.116 (RR.COM): ROAD RUNNER HOLDCO LLC, MINNEAPOLIS, MINNESOTA, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:47:00 | WinXP | 118.219.163.94 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:38 hits: 06-17 to 07-05] 4c3df24b32 [Firefox:56 hits: 06-17 to 07-05] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:51:00 | WinXP | 69.108.106.174 (PACBELL.NET): IRVNCA INTERNAL, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:731 hits: 05-01 to 07-05] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:14:53:00 | WinXP | 67.58.130.105 (MINDSPRING.COM): EARTHLINK INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:spi.domainsponsor.com :landdev1.lap.internal :www.proxy-socks.net US:208.73.212.12:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http http 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1099 hits: 05-01 to 07-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:57:00 | Win2K-f | 64.192.64.16 (WCG.NET): LIGHTCORE A CENTURYTELCOMPANY, NASHUA, NEW HAMPSHIRE, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
1b94c1cc14 NEW 62728ad1cd NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 15:18:00 | WinXP | 83.141.173.149 (EVC.NET): DHCP POOL EVC, BASEL, BASEL-STADT, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 03b90a9d15 NEW |
none[none] | none:none |
none|none | none | none |
| 15:18:00 | WinXP | 172.131.140.95 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 2 hits: 07-03 to 07-05] c73f738c30 [Firefox: 2 hits: 07-03 to 07-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:21:00 | WinXP | 4.88.70.151 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MYRTLE BEACH, SOUTH CAROLINA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:25:00 | WinXP | 70.119.3.24 (RR.COM): ROAD RUNNER HOLDCO LLC, OVIEDO, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9b82db3489 [Firefox: 2 hits: 07-15 to 06-28] |
none[none] | none:none |
none|none | none | none |
| T:16:28:00 | WinXP | 76.93.105.18 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] e07c29c4ae [Firefox:65 hits: 06-19 to 07-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:16:36:00 | Win2K-f | 99.181.180.213 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:47:00 | WinXP | 216.203.250.166 (ALGX.NET): XO COMMUNICATIONS, SCOTTSDALE, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 101 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:00:00 | WinXP | 75.16.231.64 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:205.128.66.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:20:00 | WinXP | 130.13.233.204 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
200.132.24.197:1977 | BR:neo12.cjb.net | 135 | pcap | raw alerts ruleset |
irc 340 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 31 | 0b6af9e88a [Firefox: 3 hits: 05-31 to 06-01] |
24b6fb10de [0] | ASM:Graph |
StarForce| | lines=1106 embedded dns |
trace |
| 17:38:00 | Win2K-f | 75.79.5.198 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:39:00 | WinXP | 71.111.229.213 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:46:00 | WinXP | 24.85.103.20 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
2520af202e NEW c54a16b53c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:02:00 | Win2K-f | 65.23.189.77 (DRTEL.NET): DICKEY RURAL NETWORKS, ELLENDALE, NORTH DAKOTA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] b7082104e4 [Firefox:27 hits: 06-18 to 07-05] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:18:16:00 | WinXP | 41.214.181.207 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:30:00 | WinXP | 41.214.182.129 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:30:00 | WinXP | 41.214.182.129 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:31:00 | Win2K-f | 79.73.244.171 (AS9105.COM): TELINCO, UK. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:33:00 | Win2K-f | 70.78.162.189 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | bf14e246e6 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:35:00 | Win2K-f | 70.78.37.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
15 of 32 | ad8ae25c08 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:39:00 | WinXP | 221.125.197.229 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:39:00 | WinXP | 213.238.127.25 (INETIA.PL): NETIA SA ADSL NETWORK, PL. (DSL) |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:42:00 | Win2K-f | 68.150.46.94 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:49:00 | Win2K-f | 4.182.214.106 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FRESNO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl |
135 | pcap | raw alerts ruleset |
http 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 0 of 32 30 of 33 |
420b49c3b1 NEW b5919931fe [Firefox:68 hits: 06-20 to 07-05] c87b5f785d NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:18:50:00 | Win2K-f | 70.78.30.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | bf14e246e6 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:56:00 | Win2K-f | 218.169.224.253 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:01:00 | WinXP | 76.77.130.166 (CLARKDJFS.ORG): SPRINGNET, SPRINGFIELD, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.44.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:06:00 | WinXP | 70.45.196.223 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | e19fa0dfad [Firefox: 2 hits: 06-24 to 07-01] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:19:09:00 | WinXP | 61.216.20.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:09:00 | WinXP | 61.216.20.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:11:00 | WinXP | 221.125.246.178 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 33 | f2b1e6ea6f NEW |
none[none] | none:none |
none|none | none | none | |
| 19:13:00 | Win2K-f | 24.84.139.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 298 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | b54b4cb17c NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:14:00 | Win2K-f | 211.59.72.105 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:56 hits: 06-17 to 07-05] 8390780c27 [Firefox: 7 hits: 06-18 to 07-05] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:19:16:00 | WinXP | 70.78.37.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none |
| 19:22:00 | Win2K-f | 122.53.47.26 (PLDT.NET): IPG, PH. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:28:00 | Win2K-f | 24.86.75.112 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:34:00 | Win2K-f | 218.173.70.76 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:40:00 | Win2K-f | 116.122.234.42 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:44:00 | WinXP | 221.125.246.178 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:46:00 | Win2K-f | 59.117.126.90 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:57:00 | WinXP | 4.224.96.246 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.79.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 207 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] a08f3b74a4 [Firefox:140 hits: 06-18 to 07-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:14:00 | WinXP | 123.50.72.77 (-): MANA INTERNET SERVICE PROVIDER, PAPEETE, FRENCH POLYNESIA, PF. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:108 hits: 09-28 to 07-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:17:00 | WinXP | 70.78.162.189 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | bf14e246e6 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:28:00 | WinXP | 66.50.89.200 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:20:28:00 | WinXP | 66.50.89.200 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3144 hits: 12-31 to 07-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:43:00 | WinXP | 70.78.30.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | bf14e246e6 NEW |
none[none] | none:none |
none|none | none | none |
| 20:48:00 | Win2K-f | 59.117.171.233 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:53:00 | Win2K-f | 70.45.200.154 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 33 |
9183352b97 NEW b5919931fe [Firefox:68 hits: 06-20 to 07-05] d711e38d6d NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:20:54:00 | WinXP | 67.9.2.44 (RR.COM): ROAD RUNNER HOLDCO LLC, PINELLAS PARK, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1384 hits: 12-31 to 07-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:21:00:00 | WinXP | 222.236.27.47 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:204.160.126.126:80 US:205.128.66.126:80 US:206.251.244.226:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
irc http 145 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 27 of 33 30 of 33 |
168aab35a3 [Firefox:38 hits: 06-17 to 07-05] a014934a72 [Firefox:59 hits: 06-28 to 07-05] f62373a83b NEW |
none[4] none [none] none [none] |
none:none none:none none:none |
tElock| none|none none|none |
none none none |
trace none none |
| T:21:20:00 | WinXP | 122.146.225.79 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
dd98c3c108 [Firefox: 4 hits: 06-24 to 07-05] e98746deb1 [Firefox: 4 hits: 06-24 to 07-05] |
dd98c3c108 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 21:21:00 | WinXP | 88.168.24.128 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:26:00 | Win2K-f | 68.89.232.222 (SWBELL.NET): PPPOX POOL - RBACK1 BUMTTX, BEAUMONT, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:27:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 [Firefox: 3 hits: 06-18 to 07-05] 53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] |
4ca3056804 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:21:45:00 | WinXP | 70.116.112.236 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 69f9a09ec3 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:48:00 | Win2K-f | 66.84.116.147 (AIRADVANTAGE.NET): AIR ADVANTAGE, FRANKENMUTH, MICHIGAN, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 US:206.33.45.125:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
irc http 800 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 32 27 of 33 0 of 32 29 of 32 |
3632feac9a NEW a014934a72 [Firefox:59 hits: 06-28 to 07-05] b5919931fe [Firefox:68 hits: 06-20 to 07-05] e9aac571dd NEW |
none[none] none [none] b5919931fe[1] none [none] |
none:none none:none ASM:Graph none:none |
none|none none|none ASProtect| none|none |
none none lines=90 none |
none none trace none |
| 21:59:00 | WinXP | 24.80.110.188 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 814 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 5bbb751422 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:03:00 | Win2K-f | 211.18.37.137 (DION.NE.JP): DION (KDDI CORPORATION), JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:09:00 | WinXP | 130.13.33.143 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
200.132.24.197:1977 | BR:neo12.cjb.net | 135 | pcap | raw alerts ruleset |
irc 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 31 | 0b6af9e88a [Firefox: 3 hits: 05-31 to 06-01] |
24b6fb10de [0] | ASM:Graph |
StarForce| | lines=1106 embedded dns |
trace |
| 22:11:00 | WinXP | 70.74.213.224 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:13:00 | Win2K-f | 122.118.215.39 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:18:00 | Win2K-f | 88.168.24.128 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| 22:21:00 | Win2K-f | 24.79.80.12 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 133 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
9d07de7076 NEW 9e4de1fdb9 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:27:00 | Win2K-f | 122.146.226.52 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 194 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 0 of 32 29 of 33 |
9a1383bb4a NEW b5919931fe [Firefox:68 hits: 06-20 to 07-05] bc466d941c NEW |
none[4] b5919931fe[1] bc466d941c[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| T:22:36:00 | Win2K-f | 97.89.24.48 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 29 of 33 |
65494b4a08 NEW b5919931fe [Firefox:68 hits: 06-20 to 07-05] eeb51a6e9e NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 23:03:00 | WinXP | 75.16.97.72 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, US. (DSL) |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1099 hits: 05-01 to 07-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:23:06:00 | Win2K-f | 59.117.171.233 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:17:00 | Win2K-f | 61.34.140.119 (BORA.NET): DACOM CORP, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:36 hits: 06-17 to 07-05] 83f26f5044 [Firefox: 4 hits: 06-20 to 07-01] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:23:24:00 | Win2K-f | 4.171.207.40 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FT. MYERS, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.79.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 187 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:24:00 | WinXP | 222.144.235.163 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:108 hits: 09-28 to 07-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 23:32:00 | Win2K-f | 122.53.109.131 (PLDT.NET): IPG, PH. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 267 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | cc30d2f7c3 NEW |
none[none] | none:none |
none|none | none | none |
| 23:57:00 | WinXP | 4.245.119.203 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:417 hits: 06-17 to 07-05] 73f1082158 [Firefox:192 hits: 06-18 to 07-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |