|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:15:00 | WinXP | 62.201.94.64 (T-ONLINE.HU): T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL), HU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:21:00 | WinXP | 60.38.12.12 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:686 hits: 07-11 to 07-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:33:00 | WinXP | 85.183.146.180 (ALICEDSL.DE): HANSENET-ADSL, DE. |
n/a | DE:msdirect.servicemail24.de US:gbrands.com.mail5.psmtp.com US:mail.lebanon-online.com.lb US:aspmx.l.google.com US:mail.synacklabs.net US:c.mx.mail.yahoo.com CA:mx.activestate.com :doel.org US:thcuda.there.com DK:mx-cluster2.one.com CA:inbound.here.com.netsolmail.net DK:195.47.247.173:25 CA:204.244.102.3:25 CA:205.178.149.7:25 US:209.85.147.114:25 216.104.34.250:25 US:216.39.53.2:25 US:64.125.216.228:25 US:64.18.5.10:25 US:64.26.62.254:25 US:66.179.101.170:25 DE:84.17.190.211:25 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 31 | 90eed12dab NEW |
a0fe60597c [0] | ASM:Graph |
none|none | lines=84 embedded dns |
trace |
| T:02:36:00 | Win2K-f | 123.212.119.62 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:68 hits: 06-17 to 07-08] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 02:37:00 | Win2K-f | 123.237.102.210 (-): RELIANCE INFOCOMM LIMITED, MUMBAI, MAHARASHTRA, IN. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 31 of 33 |
2d51a863df NEW 65c9f5c345 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:38:00 | WinXP | 92.114.175.68 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | IT:mail.romagiubileo.it GB:mail01.rbs.com GB:serlx01.essex.ac.uk IT:mail.divinf.it BE:mail.melexis.com IT:213.255.42.102:25 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:43:00 | WinXP | 71.75.239.205 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:51:00 | WinXP | 60.236.199.34 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:686 hits: 07-11 to 07-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 03:04:00 | Win2K-f | 4.188.243.181 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 32 of 33 |
79afa2f19b NEW a95d521f60 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:07:00 | Win2K-f | 71.14.141.149 (CHARTER.COM): CHARTER COMMUNICATIONS, DUNCANVILLE, TEXAS, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | bf14e246e6 [Firefox: 6 hits: 07-06 to 07-07] |
none[none] | none:none |
none|none | none | none | |
| 03:44:00 | WinXP | 75.143.197.73 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 29 of 32 |
ae4bed1aa9 [Firefox: 4 hits: 06-21 to 07-05] bc51bd8226 [Firefox: 4 hits: 06-21 to 07-05] |
ae4bed1aa9 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| T:04:04:00 | WinXP | 122.25.149.103 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 3b2958417b NEW |
none[none] | none:none |
none|none | none | none | |
| 04:20:00 | Win2K-f | 71.146.200.1 (-): 2122 LAKESHORE APTS LLP, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.124:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:31:00 | Win2K-f | 71.99.7.81 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 436 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
177f319a98 NEW f015ea1e14 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:32:00 | WinXP | 81.9.225.66 (CM-81-9-211-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 8178c88f5e [Firefox: 2 hits: 07-08 to 07-08] |
none[none] | none:none |
none|none | none | none |
| 04:52:00 | WinXP | 92.40.174.233 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | f58222344f [Firefox:14 hits: 12-31 to 06-22] |
2a56436a64 [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| 05:02:00 | Win2K-f | 122.2.161.22 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 215 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 30 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] bcabcc7cc3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 05:24:00 | WinXP | 222.129.171.227 (-): CNCGROUP BEIJING PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:26:00 | Win2K-f | 77.101.74.139 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.53.125:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
0a44ba387c NEW 6f88847c49 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:28:00 | Win2K-f | 98.175.165.137 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:38:00 | WinXP | 24.31.166.118 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:38:00 | WinXP | 65.173.139.164 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:51:00 | WinXP | 219.97.168.140 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:00:00 | WinXP | 118.216.97.242 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.66.124:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:68 hits: 06-17 to 07-08] 6a4845ca11 [Firefox: 4 hits: 06-27 to 07-08] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:06:18:00 | Win2K-f | 122.2.35.104 (PLDT.NET): JNEC7300I03_CONSUMER, CEBU, CEBU CITY, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 320 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8354fa612f [Firefox: 2 hits: 06-30 to 07-04] |
none[none] | none:none |
none|none | none | none | |
| T:06:30:00 | WinXP | 117.99.43.52 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net :brussels.be.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:vancouver.dal.net :gaspode.zanet.org.za |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 9dab636a01 [Firefox: 3 hits: 07-09 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 06:32:00 | WinXP | 218.53.113.3 (HANANET.NET): HANARO TELECOM INC, PUSAN, PUSAN-GWANGYOKSI, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
9d571adc3c [Firefox: 2 hits: 07-04 to 07-06] a704164588 [Firefox: 2 hits: 07-04 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:39:00 | Win2K-f | 4.163.254.231 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOVELAND, COLORADO, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
4baf939568 NEW 6c080c6d8c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:50:00 | Win2K-f | 203.121.180.155 (-): COLO-CATIONPI-2-203121180128, TH. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] b5919931fe [Firefox:94 hits: 06-20 to 07-08] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:06:59:00 | WinXP | 86.145.78.189 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:20 hits: 06-12 to 07-07] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:07:01:00 | WinXP | 118.165.19.133 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 NEW |
none[none] | none:none |
none|none | none | none |
| 07:01:00 | WinXP | 118.165.19.133 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 NEW |
none[none] | none:none |
none|none | none | none |
| 07:05:00 | Win2K-f | 208.82.41.70 (-): . |
72.10.172.218:9928 | HK:proxim.ircgalaxy.pl CA:tai.ihshsd8.com CA:haiys.eiheihre3.com CA:mypal.urpal43sourpalhuh.com :sdihsihdsfsofhsohs.net CA:wiger.blacktiehsbdcs.com HK:210.245.211.11:65520 CA:72.10.172.218:3838 CA:72.10.172.218:3938 CA:72.10.172.218:7763 CA:72.10.172.218:9928 |
135 | pcap | raw alerts ruleset |
other 276 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 32 | 6914740929 [Firefox: 2 hits: 06-11 to 07-02] |
6914740929 [1] | ASM:Graph |
StarForce| | lines=19 | trace |
| T:07:21:00 | Win2K-f | 119.95.170.21 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
a272491856 NEW f8a6c43c1d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:26:00 | WinXP | 222.123.194.122 (TTTMAXNET.COM): MAXNET INTERNET SERVICE PROVIDER BANGKOK, BANGKOK, KRUNG THEP MAHANAKHON, TH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 8ae2cc2e80 [Firefox:61 hits: 05-06 to 07-08] |
c24ca14cda [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:38:00 | WinXP | 92.40.63.226 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 971f716c7f [Firefox: 2 hits: 04-10 to 04-16] |
4373aeb95c [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| T:07:53:00 | Win2K-f | 68.144.135.11 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:58:00 | WinXP | 85.180.76.94 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:00:00 | Win2K-f | 24.83.86.204 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:08:05:00 | WinXP | 218.175.193.86 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:12:00 | WinXP | 86.56.85.242 (-): INFOCITY, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:37 hits: 12-14 to 07-08] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 08:21:00 | WinXP | 86.56.27.50 (-): INFOCITY CUSTOMER NETWORK, LUTHERSTADT WITTENBERG, SACHSEN-ANHALT, DE. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | b1019195b3 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:39:00 | Win2K-f | 4.143.104.120 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FERGUS FALLS, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.15:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
05dad8f88a NEW b50ce44508 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:53:00 | WinXP | 98.140.228.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:21:00 | WinXP | 220.108.16.189 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:36:00 | Win2K-f | 208.100.252.2 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:45:00 | WinXP | 68.147.48.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:50:00 | Win2K-f | 71.111.2.137 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GRESHAM, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:53:00 | WinXP | 86.133.107.81 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:37 hits: 12-14 to 07-08] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:10:15:00 | WinXP | 67.150.123.103 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad GB:new.egg.com US:204.13.161.51:80 DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 33 29 of 29 |
d02488acb2 NEW df17a625ee [Firefox:480 hits: 05-04 to 07-08] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| T:10:40:00 | WinXP | 80.104.178.240 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA S.P.A, MILANO, LOMBARDIA, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:43:00 | WinXP | 193.93.111.187 (-): GRAT NETWORK INTERNET SERVICE PROVIDER, UA. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:57:00 | Win2K-f | 98.134.131.92 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.46.124:80 US:205.128.79.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox: 9 hits: 06-25 to 07-08] 7f6e032fc0 [Firefox: 9 hits: 06-25 to 07-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:11:00 | WinXP | 65.190.251.11 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:34:00 | Win2K-f | 71.2.176.27 (EMBARQHSD.NET): EMBARQ CORPORATION, CHANDLER, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:48:00 | WinXP | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:207.123.37.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:00:00 | Win2K-f | 61.218.193.218 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.126:80 US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 57ce4acac2 [Firefox:46 hits: 06-17 to 07-08] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:13:00 | Win2K-f | 71.111.85.178 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:192.221.99.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 31 of 33 |
5f11b319ef NEW a3f631e410 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:17:00 | Win2K-f | 68.150.79.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 325 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | a38eaf614a NEW |
none[none] | none:none |
none|none | none | none |
| T:12:22:00 | WinXP | 71.74.168.54 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:38:00 | WinXP | 76.250.195.165 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:57:00 | WinXP | 24.207.85.234 (DCCNET.COM): COAST DCCNET HIGH SPEED INTERNET, GIBSONS, BRITISH COLUMBIA, CA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:32:00 | WinXP | 98.175.205.158 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:34:00 | WinXP | 200.91.199.76 (IFX.NET.CO): IFX NETWORKS COLOMBIA, SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3164 hits: 12-31 to 07-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:50:00 | WinXP | 82.82.189.225 (ARCOR-IP.NET): ARCOR-DSL-NET, HERNE, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 13:56:00 | WinXP | 78.183.215.183 (MAXONCORP.COM): TELEKOM, TR. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:12:00 | WinXP | 210.233.199.44 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox: 3 hits: 06-19 to 07-05] 79c01ec060 [Firefox: 7 hits: 06-18 to 07-05] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:14:26:00 | WinXP | 201.228.54.106 (TELECOM.COM.CO): COLOMBIA TELECOMUNICACIONES S.A. ESP, CO. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 1801222e74 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:26:00 | Win2K-f | 208.126.40.48 (-): WESTERN IOWA NETWORKS, BREDA, IOWA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 187 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 0661732220 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:04:00 | WinXP | 83.91.9.59 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | EU:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1103 hits: 05-01 to 07-07] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:15:22:00 | WinXP | 69.149.220.161 (SWBELL.NET): PPPOX POOL-RBACK1.KSC2MO, KANSAS CITY, MISSOURI, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] e07c29c4ae [Firefox:74 hits: 06-19 to 07-08] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:49:00 | WinXP | 81.153.96.176 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:20 hits: 06-12 to 07-07] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 16:17:00 | WinXP | 71.74.168.54 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:19:00 | Win2K-f | 75.6.232.131 (SBCGLOBAL.NET): RBACK5.PLTNCA, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] 73f1082158 [Firefox:241 hits: 06-18 to 07-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:30:00 | Win2K-f | 76.83.125.237 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] b7082104e4 [Firefox:31 hits: 06-18 to 07-08] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:16:36:00 | WinXP | 116.0.219.86 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:128 hits: 09-28 to 07-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:38:00 | WinXP | 213.130.142.18 (AS15444.NET): NETSERVICESDIALPOOL, LONDON, ENGLAND, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:733 hits: 05-01 to 07-07] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:16:38:00 | WinXP | 213.130.142.18 (AS15444.NET): NETSERVICESDIALPOOL, LONDON, ENGLAND, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:733 hits: 05-01 to 07-07] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:17:03:00 | WinXP | 124.84.149.235 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 3b2958417b NEW |
none[none] | none:none |
none|none | none | none | |
| T:17:38:00 | Win2K-f | 202.105.80.90 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:42:00 | Win2K-f | 61.155.20.168 (-): SUZHOU-DATONG-TECHNOLOGY-CORP, SUZHOU, JIANGSU, CN. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:46 hits: 06-17 to 07-08] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:18:09:00 | Win2K-f | 71.120.32.171 (VERIZON.NET): VERIZON INTERNET SERVICES INC, FT. WAYNE, INDIANA, US. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.124:80 US:207.123.44.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
8fc270a8ba NEW b16e6b2c52 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:41:00 | Win2K-f | 72.84.164.176 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:04:00 | WinXP | 119.1.45.248 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:25:00 | WinXP | 68.149.52.81 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1009 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 32 8 of 33 |
f5939606bd NEW fe384de063 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:19:25:00 | Win2K-f | 96.33.94.14 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
65494b4a08 [Firefox: 3 hits: 06-29 to 07-06] eeb51a6e9e [Firefox: 3 hits: 06-29 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:34:00 | Win2K-f | 76.77.228.13 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 260 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | ea9787a186 [Firefox: 2 hits: 06-20 to 06-21] |
none[4] | none:none |
PolyEnE| | none | trace |
| 20:05:00 | WinXP | 24.67.147.43 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 235 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 33 | 2c2f04d480 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:14:00 | WinXP | 119.95.81.158 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 31 of 33 31 of 33 |
e07c29c4ae [Firefox:74 hits: 06-19 to 07-08] e7a5a1fc24 NEW ef4f675355 NEW |
e07c29c4ae [1] none [none] none [none] |
ASM:Graph none:none none:none |
FSG| none|none none|none |
lines=92 none none |
trace none none |
| T:20:35:00 | WinXP | 118.165.6.179 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:35:00 | WinXP | 118.165.6.179 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 NEW |
none[none] | none:none |
none|none | none | none |
| 20:39:00 | WinXP | 162.42.41.138 (CYBERTRAILS.COM): CYBERTRAILS, HOLBROOK, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:46:00 | Win2K-f | 75.63.172.149 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:48:00 | Win2K-f | 24.79.89.198 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
99c1c370c4 NEW ac59067d9b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:26:00 | WinXP | 70.183.164.54 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] e07c29c4ae [Firefox:74 hits: 06-19 to 07-08] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:31:00 | Win2K-f | 24.78.243.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SQUAMISH, BRITISH COLUMBIA, CA. (DSL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
irc http 771 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 27 of 33 0 of 32 30 of 32 |
65275a1614 [Firefox: 7 hits: 06-21 to 07-08] a014934a72 [Firefox:66 hits: 06-28 to 07-08] b5919931fe [Firefox:94 hits: 06-20 to 07-08] ec0d7783de [Firefox: 7 hits: 06-21 to 07-08] |
65275a1614 [1] none [none] b5919931fe[1] none [4] |
ASM:Graph none:none ASM:Graph none:none |
Armadillo| none|none ASProtect| tElock| |
lines=82 none lines=90 none |
trace none trace trace |
| T:21:33:00 | WinXP | 201.160.136.121 (CABLEONLINE.COM.MX): TELECABLE DE CHIHUAHUA SA DE CV, TIJUANA, MEXICO, MX. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 33 | fce9309509 NEW |
none[none] | none:none |
none|none | none | none |
| 21:44:00 | WinXP | 99.179.99.16 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 07-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:21:50:00 | WinXP | 210.3.38.85 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
135 | pcap | raw alerts ruleset |
irc http 314 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 33 29 of 33 31 of 33 |
a014934a72 [Firefox:66 hits: 06-28 to 07-08] a172052409 NEW acd0af7b38 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:21:51:00 | Win2K-f | 60.37.201.203 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:00:00 | WinXP | 64.201.254.42 (PAXIO.NET): PAXIO INC, COSTA MESA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:509 hits: 06-17 to 07-08] a08f3b74a4 [Firefox:167 hits: 06-18 to 07-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:19:00 | Win2K-f | 211.212.47.127 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:204.160.126.126:80 US:206.33.45.125:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6d6b985d68 NEW d51f383cdb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:29:00 | WinXP | 60.47.189.104 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 4fcfdb63e8 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:11:00 | Win2K-f | 121.124.74.132 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:43 hits: 06-17 to 07-08] 4c3df24b32 [Firefox:68 hits: 06-17 to 07-08] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |