|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | Win2K-f | 59.115.2.70 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 00:16:00 | WinXP | 59.115.2.70 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:00:35:00 | Win2K-f | 75.5.12.164 (SBCGLOBAL.NET): RBACK34C.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] b7082104e4 [Firefox:28 hits: 06-18 to 07-06] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 00:37:00 | WinXP | 96.15.109.62 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.124:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox: 5 hits: 06-25 to 07-05] 7f6e032fc0 [Firefox: 5 hits: 06-25 to 07-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:41:00 | WinXP | 116.59.139.29 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 31 | 4d244a981f [Firefox: 2 hits: 03-30 to 07-06] |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:00:43:00 | Win2K-f | 24.86.75.112 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 00:55:00 | WinXP | 71.104.48.83 (VERIZON.NET): VERIZON INTERNET SERVICES INC, POMONA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:57:00 | Win2K-f | 172.191.1.115 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:25:00 | WinXP | 220.156.9.221 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 01:56:00 | Win2K-f | 24.31.166.118 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:18:00 | Win2K-f | 122.42.15.130 (-): POWERCOMM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.220.124:80 US:198.78.220.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
3521657786 NEW 70803e1611 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:25:00 | Win2K-f | 4.245.119.203 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARKS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:02:34:00 | Win2K-f | 218.220.150.152 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
07fabc79ef [Firefox: 3 hits: 06-19 to 06-30] 53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
07fabc79ef [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:02:49:00 | Win2K-f | 172.164.246.128 (AOL.COM): AMERICA ONLINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:19:00 | WinXP | 118.7.101.150 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:27:00 | Win2K-f | 71.111.86.148 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.44.125:80 US:207.123.46.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 31 of 33 |
5f11b319ef NEW a3f631e410 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:30:00 | WinXP | 122.118.215.39 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 03:37:00 | WinXP | 219.115.248.95 (ZAQ.NE.JP): CABLENET KOBE ASHIYA CO. LTD, TOKYO, TOKYO, JP. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:38:00 | WinXP | 219.115.248.95 (ZAQ.NE.JP): CABLENET KOBE ASHIYA CO. LTD, TOKYO, TOKYO, JP. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:48:00 | Win2K-f | 61.34.136.57 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:205.128.79.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:39 hits: 06-17 to 07-06] 83f26f5044 [Firefox: 5 hits: 06-20 to 07-06] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 03:51:00 | WinXP | 221.142.74.149 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:205.128.79.126:80 US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:40 hits: 06-17 to 07-06] 4c3df24b32 [Firefox:59 hits: 06-17 to 07-06] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:57:00 | WinXP | 79.111.152.167 (G-M-I.NET): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:680 hits: 07-11 to 07-06] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:05:00 | Win2K-f | 123.213.2.174 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.44.124:80 US:204.160.126.124:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
1509c8d024 [Firefox: 6 hits: 06-17 to 07-03] bd3f6e4ea3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:04:10:00 | Win2K-f | 124.241.187.141 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] b7082104e4 [Firefox:28 hits: 06-18 to 07-06] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 04:12:00 | WinXP | 69.232.206.96 (PACBELL.NET): PPPOX POOL BRAS12 PLTN, OAKLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:207.123.37.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:12:00 | WinXP | 118.7.101.150 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 04:22:00 | WinXP | 122.26.64.246 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:34:00 | Win2K-f | 24.39.18.204 (RR.COM): ROAD RUNNER HOLDCO LLC, PORTLAND, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 05:03:00 | Win2K-f | 125.4.159.108 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
2e45ae247e [Firefox: 3 hits: 06-25 to 07-02] 53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:05:13:00 | WinXP | 82.52.161.139 (POOL8252.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, TORINO, PIEMONTE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 8a79fbda68 [Firefox: 4 hits: 06-26 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:05:35:00 | WinXP | 122.42.15.130 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:207.123.37.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
3521657786 NEW 70803e1611 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:53:00 | WinXP | 202.125.63.158 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:24:00 | WinXP | 4.233.194.125 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:454 hits: 12-31 to 07-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:36:00 | WinXP | 172.134.78.16 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 4 hits: 07-03 to 07-06] c73f738c30 [Firefox: 4 hits: 07-03 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:59:00 | Win2K-f | 24.71.243.211 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, FT. MCMURRAY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 22 of 32 |
48f8b1a711 [Firefox: 4 hits: 06-19 to 06-30] ae4e62adc2 NEW |
none[4] none [none] |
none:none none:none |
PolyEnE| none|none |
none none |
trace none |
| 07:00:00 | WinXP | 60.56.205.15 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:26:00 | WinXP | 122.133.108.43 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:41:00 | Win2K-f | 221.141.163.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox: 4 hits: 06-21 to 07-01] 58c343a8d8 [Firefox: 4 hits: 06-21 to 07-01] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:07:42:00 | WinXP | 66.168.178.103 (CHARTER.COM): CHARTER COMMUNICATIONS, CARROLLTON, GEORGIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:25:00 | Win2K-f | 121.124.34.62 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.125:80 US:205.128.79.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:59 hits: 06-17 to 07-06] 8390780c27 [Firefox: 8 hits: 06-18 to 07-06] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:08:26:00 | WinXP | 24.77.17.186 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:nadsam0.info US:130.107.211.165:17189 |
135 | pcap | raw alerts ruleset |
http 295 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 17 of 33 none 12 of 33 18 of 33 |
954a98c971 [Firefox: 3 hits: 06-09 to 06-27] bbe0c84096 NEW c5622bb285 [Firefox: 6 hits: 06-23 to 07-02] dde694c47a NEW fb07552892 NEW |
none[4] none [none] none [4] none [none] none [none] |
none:none none:none none:none none:none none:none |
FSG| none|none none|none none|none none|none |
none none none none none |
trace none trace none none |
| 08:31:00 | Win2K-f | 71.119.195.123 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:38:00 | WinXP | 24.160.205.42 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:52:00 | WinXP | 117.99.57.115 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:313 hits: 05-01 to 07-06] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:08:52:00 | WinXP | 119.72.1.148 (-): . |
n/a | RU:moscow-advokat.ru :lulea.se.eu.undernet.org :caen.fr.eu.undernet.org SE:ced.dal.net SE:ozbytes.dal.net :brussels.be.eu.undernet.org US:lia.zanet.net SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:52:00 | WinXP | 119.72.1.148 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:54:00 | Win2K-f | 66.98.24.238 (CODETEL.NET.DO): VERIZON DOMINICANA, SANTO DOMINGO, DISTRITO NACIONAL, DO. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
0 of 32 | b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
b5919931fe [1] | ASM:Graph |
ASProtect| | lines=90 | trace |
| 09:19:00 | Win2K-f | 75.61.54.163 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:29:00 | Win2K-f | 61.217.163.29 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 09:30:00 | Win2K-f | 58.191.160.156 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 09:35:00 | Win2K-f | 88.186.252.128 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 404a3161e2 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:36:00 | Win2K-f | 58.191.160.156 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 09:40:00 | WinXP | 59.115.19.35 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | fbdec59f1b NEW |
none[none] | none:none |
none|none | none | none |
| T:09:45:00 | WinXP | 59.117.67.127 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:09:45:00 | WinXP | 78.51.84.233 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:09:49:00 | Win2K-f | 218.190.140.4 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 09:53:00 | WinXP | 59.117.48.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:09:55:00 | Win2K-f | 68.148.158.211 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 10:02:00 | Win2K-f | 218.169.201.213 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | bf14e246e6 [Firefox: 4 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:10:04:00 | WinXP | 83.238.231.81 (INETIA.PL): INTERNETIA, KATOWICE, SLASKIE, PL. (DSL) |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:10:08:00 | Win2K-f | 85.186.136.85 (UPCNET.RO): ASTRAL-UPC, TIMISOARA, TIMIS, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 10:15:00 | WinXP | 81.159.222.107 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:19 hits: 06-12 to 07-05] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:10:24:00 | Win2K-f | 89.136.111.186 (-): ASTRAL BISTRITA DOCSIS, CONSTANTA, CONSTANTA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:10:27:00 | Win2K-f | 88.168.176.200 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 2dad702b45 NEW |
none[none] | none:none |
none|none | none | none | |
| 10:46:00 | WinXP | 218.211.81.222 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:49:00 | Win2K-f | 61.59.205.14 (SEED.NET.TW): DIGITAL UNITED INC, KAOHSIUNG, KAO-HSIUNG, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:10:57:00 | WinXP | 70.77.128.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 0ca7255da4 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:07:00 | WinXP | 201.95.132.117 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:08:00 | WinXP | 65.7.69.7 (BELLSOUTH.NET): BELLSOUTH.NET INC, NASHVILLE, TENNESSEE, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:12:00 | Win2K-f | 88.1.82.87 (RIMA-TDE.NET): TELEFONICA DE ESPANA, SANTA CRUZ DE TENERIFE, CANARY ISLANDS, ES. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| 11:13:00 | WinXP | 59.115.232.78 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 11:17:00 | WinXP | 66.182.204.218 (1SCOM.NET): MILLENNIUM TELCOM LLC, KELLER, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:454 hits: 12-31 to 07-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:11:40:00 | Win2K-f | 24.31.166.118 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:45:00 | Win2K-f | 71.14.141.149 (CHARTER.COM): CHARTER COMMUNICATIONS, DUNCANVILLE, TEXAS, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | bf14e246e6 [Firefox: 4 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:11:57:00 | WinXP | 200.127.109.211 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3153 hits: 12-31 to 07-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:23:00 | WinXP | 79.132.203.251 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal UA:vit.ln.ua :baner.vit GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 34 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 33 | b39dd9e090 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:23:00 | WinXP | 58.191.179.12 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 32 | fbacdd87c0 [Firefox: 2 hits: 06-06 to 07-06] |
none[4] | none:none |
none|none | none | trace | |
| 12:24:00 | WinXP | 58.76.148.222 (-): BORA4053274C5, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b421c2e5fd NEW |
none[none] | none:none |
none|none | none | none |
| 12:35:00 | WinXP | 72.234.212.89 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
72.10.172.218:9928 | HK:proxim.ircgalaxy.pl CA:teek.ihshsd8.com CA:italian.swiifatecihno.com :preek.oihduhdd.net CA:dong.nagitiriheiwu.net HK:210.245.211.11:65520 CA:72.10.169.26:2293 CA:72.10.172.218:7382 CA:72.10.172.218:9928 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | ce20f92227 NEW |
none[none] | none:none |
none|none | none | none |
| 12:37:00 | WinXP | 71.53.81.232 (EMBARQHSD.NET): EMBARQ CORPORATION, KILLEEN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.126:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:38:00 | WinXP | 66.211.121.159 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
http 256 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
4ab411960c NEW e8fee31b4e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:43:00 | WinXP | 190.220.48.124 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 235eaa31f1 NEW |
none[none] | none:none |
none|none | none | none |
| 12:47:00 | Win2K-f | 83.56.204.120 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2005070725), MADRID, MADRID, ES. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:12:51:00 | WinXP | 69.234.189.229 (PACBELL.NET): RBACK27A.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:31 hits: 12-14 to 07-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 12:52:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:57:00 | Win2K-f | 72.234.212.89 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | ce20f92227 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:00:00 | WinXP | 80.161.53.105 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:21 hits: 05-12 to 07-04] |
none[4] | none:none |
PolyEnE| | none | trace |
| 13:00:00 | WinXP | 80.161.53.105 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:21 hits: 05-12 to 07-04] |
none[4] | none:none |
PolyEnE| | none | trace |
| 13:02:00 | WinXP | 59.117.67.127 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 13:14:00 | WinXP | 210.79.131.86 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:680 hits: 07-11 to 07-06] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 13:28:00 | WinXP | 24.83.3.68 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:52:00 | Win2K-f | 61.59.171.27 (SEED.NET.TW): DIGITAL UNITED INC, KAOHSIUNG, KAO-HSIUNG, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:13:55:00 | WinXP | 88.186.252.128 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 404a3161e2 NEW |
none[none] | none:none |
none|none | none | none |
| 13:57:00 | Win2K-f | 68.146.181.42 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 276 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 2d52cb56a4 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:03:00 | WinXP | 97.89.17.192 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 935 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 4b40c9c136 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:14:00 | WinXP | 67.71.40.111 (BELL.CA): BELL SYMPATICO, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:23:00 | Win2K-f | 96.15.221.229 (-): . |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http irc 772 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 31 of 33 27 of 33 0 of 32 |
6d86a1ff5a [Firefox: 5 hits: 06-25 to 07-05] 7f6e032fc0 [Firefox: 5 hits: 06-25 to 07-05] a014934a72 [Firefox:63 hits: 06-28 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[none] none [none] none [none] b5919931fe[1] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=90 |
none none none trace |
| T:14:31:00 | WinXP | 200.165.237.125 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:732 hits: 05-01 to 07-06] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:14:38:00 | WinXP | 24.32.160.195 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, HUMBLE, TEXAS, US. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:14:46:00 | WinXP | 61.59.205.14 (SEED.NET.TW): DIGITAL UNITED INC, KAOHSIUNG, KAO-HSIUNG, TW. (DSL) |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:14:50:00 | WinXP | 81.159.222.107 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 1898e66cd2 [Firefox: 5 hits: 05-20 to 07-05] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:15:00:00 | WinXP | 99.145.99.82 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:454 hits: 12-31 to 07-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:31:00 | WinXP | 189.48.67.102 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | f2de649e61 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:43:00 | Win2K-f | 24.77.206.109 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:205.128.66.126:80 US:205.128.79.124:80 US:206.251.244.226:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
irc http 129 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 27 of 33 30 of 32 |
65275a1614 [Firefox: 4 hits: 06-21 to 07-06] a014934a72 [Firefox:63 hits: 06-28 to 07-06] ec0d7783de [Firefox: 4 hits: 06-21 to 07-06] |
65275a1614 [1] none [none] none [4] |
ASM:Graph none:none none:none |
Armadillo| none|none tElock| |
lines=82 none none |
trace none trace |
| 15:46:00 | Win2K-f | 24.32.160.195 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, HUMBLE, TEXAS, US. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| 15:47:00 | WinXP | 24.67.83.8 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 270 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | c78281a815 [Firefox: 2 hits: 06-20 to 07-01] |
none[4] | none:none |
PolyEnE| | none | trace |
| 15:50:00 | WinXP | 82.10.98.193 (NTL.COM): NTL INFRASTRUCTURE - OXFORD, SWINDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:31 hits: 12-14 to 07-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:37:00 | Win2K-f | 70.66.80.239 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:7763 | CA:fuck.urpal43sourpalhuh.com CA:italian.swiifatecihno.com CA:72.10.172.218:7382 CA:72.10.172.218:7763 |
135 | pcap | raw alerts ruleset |
irc http 631 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 32 29 of 32 |
54f5031c41 NEW 8acd7e1937 [Firefox: 4 hits: 06-22 to 06-30] |
18557d626e [0] 8acd7e1937[1] |
ASM:Graph ASM:Graph |
ASPack| none|none |
lines=34 lines=0 |
trace trace |
| T:16:46:00 | WinXP | 66.168.178.103 (CHARTER.COM): CHARTER COMMUNICATIONS, CARROLLTON, GEORGIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:56:00 | Win2K-f | 122.118.39.97 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none | |
| T:17:13:00 | Win2K-f | 76.77.236.200 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:23:00 | Win2K-f | 24.86.251.243 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:31:00 | WinXP | 4.235.24.84 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1102 hits: 05-01 to 07-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:17:48:00 | WinXP | 59.117.48.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | ea5389d425 [Firefox:14 hits: 07-06 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:17:48:00 | Win2K-f | 71.53.81.232 (EMBARQHSD.NET): EMBARQ CORPORATION, KILLEEN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:56:00 | WinXP | 125.101.83.144 (UCOM.NE.JP): G-KG0008N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 161e73cdfc [Firefox: 4 hits: 05-13 to 07-03] |
none[4] | none:none |
none|none | none | trace | |
| 18:00:00 | WinXP | 116.127.232.30 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.126.126:80 US:207.123.44.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
06f27eb5cb NEW d27dfd506b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:09:00 | WinXP | 209.252.105.233 (MCLEODUSA.NET): MDI ACCESS, ROCHESTER, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:38:00 | Win2K-f | 70.74.201.102 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] b5919931fe [Firefox:79 hits: 06-20 to 07-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:18:51:00 | Win2K-f | 201.95.132.117 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:58:00 | WinXP | 75.79.5.173 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:01:00 | Win2K-f | 67.82.143.122 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), TEANECK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:18:00 | Win2K-f | 122.2.21.85 (PLDT.NET): JNEC7300I02_CONSUMER, CEBU, CEBU CITY, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:23:00 | Win2K-f | 24.81.137.189 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.126.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:24:00 | WinXP | 24.77.206.109 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.126.124:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
65275a1614 [Firefox: 4 hits: 06-21 to 07-06] ec0d7783de [Firefox: 4 hits: 06-21 to 07-06] |
65275a1614 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 19:34:00 | Win2K-f | 75.16.241.135 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] a08f3b74a4 [Firefox:153 hits: 06-18 to 07-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:39:00 | WinXP | 166.82.159.214 (CTC.NET): CTC INTERNET SERVICES INC, SALISBURY, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:50:00 | Win2K-f | 172.162.249.253 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:01:00 | WinXP | 118.160.234.244 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 57ce4acac2 [Firefox:39 hits: 06-17 to 07-06] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:09:00 | WinXP | 63.96.10.142 (GEUSNET.COM): GEUS, GREENVILLE, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.44.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 194 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
74d8dbba27 NEW 82d2b80e81 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:16:00 | WinXP | 63.96.10.142 (GEUSNET.COM): GEUS, GREENVILLE, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.79.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
74d8dbba27 NEW 82d2b80e81 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:32:00 | Win2K-f | 4.174.216.218 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BLOOMSBURG, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:33:00 | WinXP | 4.248.46.8 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:111 hits: 09-28 to 07-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:49:00 | WinXP | 204.193.215.206 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | b299c4b20b NEW |
none[none] | none:none |
none|none | none | none |
| 20:54:00 | WinXP | 220.109.17.1 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 4fcfdb63e8 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:13:00 | WinXP | 122.134.89.40 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:680 hits: 07-11 to 07-06] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:26:00 | WinXP | 69.205.103.218 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1390 hits: 12-31 to 07-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 21:49:00 | WinXP | 116.59.27.138 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 31 | 4d244a981f [Firefox: 2 hits: 03-30 to 07-06] |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:21:49:00 | WinXP | 96.15.46.36 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 0 of 33 |
6d86a1ff5a [Firefox: 5 hits: 06-25 to 07-05] 7f6e032fc0 [Firefox: 5 hits: 06-25 to 07-05] e07c29c4ae [Firefox:71 hits: 06-19 to 07-06] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:21:58:00 | WinXP | 76.83.26.162 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:91 hits: 05-03 to 07-01] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 22:15:00 | Win2K-f | 123.212.119.62 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:59 hits: 06-17 to 07-06] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 22:20:00 | WinXP | 99.163.50.143 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:31 hits: 12-14 to 07-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:22:35:00 | Win2K-f | 4.167.244.219 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 146 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:450 hits: 06-17 to 07-06] 73f1082158 [Firefox:207 hits: 06-18 to 07-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:44:00 | WinXP | 218.175.204.14 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 31 | 4d244a981f [Firefox: 2 hits: 03-30 to 07-06] |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:22:53:00 | Win2K-f | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | e30fb27bda NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:12:00 | Win2K-f | 4.177.18.185 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN DIEGO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 0 of 32 32 of 33 |
62cfe21240 NEW b5919931fe [Firefox:79 hits: 06-20 to 07-06] b99badda6e NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 23:13:00 | WinXP | 203.91.165.8 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 335 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 2c2a1a4b67 NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:39:00 | WinXP | 99.163.50.143 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:31 hits: 12-14 to 07-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:23:45:00 | Win2K-f | 68.145.39.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 269 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | d70e9267fe NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:23:57:00 | WinXP | 116.126.197.177 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:207.123.46.125:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:40 hits: 06-17 to 07-06] 667f0c59f3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |