|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:12:00 | Win2K-f | 24.39.9.223 (RR.COM): ROAD RUNNER HOLDCO LLC, SACO, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:32:00 | Win2K-f | 76.94.210.42 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] b5919931fe [Firefox:116 hits: 06-20 to 07-12] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:00:33:00 | WinXP | 4.182.93.81 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MEADOW VISTA, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:47:00 | WinXP | 91.84.108.147 (ECLIPSE.NET.UK): ECLIPSE NETWORKING LIMITED, LONDON, ENGLAND, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:51:00 | WinXP | 208.61.172.182 (BELLSOUTH.NET): BELLSOUTH.NET INC, JACKSONVILLE, FLORIDA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 00:53:00 | WinXP | 208.61.172.182 (BELLSOUTH.NET): BELLSOUTH.NET INC, JACKSONVILLE, FLORIDA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:06:00 | WinXP | 218.174.199.16 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:303 hits: 05-03 to 07-11] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:01:37:00 | Win2K-f | 219.255.146.20 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
69be040d0b [Firefox: 3 hits: 06-21 to 07-02] 81bbbeac34 [Firefox: 3 hits: 06-21 to 07-02] |
none[4] 81bbbeac34[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:01:49:00 | Win2K-f | 61.45.41.233 (WAKWAK.NE.JP): XEPHION(NTT-ME CORPORATION), TOKYO, TOKYO, JP. (DIAL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 29 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| 02:03:00 | WinXP | 59.117.181.244 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:12:00 | Win2K-f | 121.83.71.64 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
16 of 31 | 23c32fbd78 [Firefox: 7 hits: 05-03 to 07-12] |
none[4] | none:none |
PeCompact| | none | trace |
| T:02:13:00 | Win2K-f | 78.96.210.38 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:323 hits: 03-31 to 07-08] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:02:14:00 | Win2K-f | 91.64.194.111 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | 6686b0fe5f [Firefox: 2 hits: 06-06 to 07-08] |
none[4] | none:none |
ASProtect| | none | trace |
| 02:18:00 | WinXP | 61.215.245.135 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCROPORATE), OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:34:00 | WinXP | 88.147.201.164 (-): VTSARATOV, RU. |
69.42.216.90:9890 149.9.1.16:6667 | :f.unicat.org US:v1rg1n.100free.com US:irc.dal.net 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp irc http 906 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 32 13 of 31 |
c7fd48a934 NEW e8d4d8cde1 [Firefox:323 hits: 03-31 to 07-08] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| 02:39:00 | WinXP | 122.122.222.128 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:45:00 | WinXP | 92.114.188.133 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox: 2 hits: 07-06 to 07-11] |
none[none] | none:none |
none|none | none | none |
| T:02:48:00 | WinXP | 94.26.135.133 (-): . |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:323 hits: 03-31 to 07-08] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 02:49:00 | Win2K-f | 59.117.165.168 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:55:00 | WinXP | 220.219.255.203 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:150 hits: 09-28 to 07-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:58:00 | WinXP | 12.72.22.210 (ATT.NET): AT&T WORLDNET SERVICES, SAN DIEGO, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:10:00 | Win2K-f | 76.189.158.228 (RR.COM): ROAD RUNNER HOLDCO LLC, OLIVE BRANCH, MISSISSIPPI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] b7082104e4 [Firefox:38 hits: 06-18 to 07-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:03:13:00 | WinXP | 92.40.12.25 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 31 | f58222344f [Firefox:15 hits: 12-31 to 07-09] |
2a56436a64 [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| 03:20:00 | WinXP | 124.61.33.24 (-): POWERCOM, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.46.125:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 32 of 33 |
4c3df24b32 [Firefox:81 hits: 06-17 to 07-12] 58408136a4 [Firefox: 4 hits: 06-28 to 07-12] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| 04:02:00 | Win2K-f | 218.238.57.62 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:49 hits: 06-17 to 07-12] 4c3df24b32 [Firefox:81 hits: 06-17 to 07-12] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:04:00 | WinXP | 220.143.0.183 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cb7afa263c NEW |
none[none] | none:none |
none|none | none | none |
| 04:22:00 | Win2K-f | 70.241.139.33 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:26:00 | WinXP | 61.216.233.182 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:30:00 | WinXP | 118.160.240.64 (-): . |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:35:00 | Win2K-f | 118.83.135.141 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:39:00 | WinXP | 75.4.226.96 (SBCGLOBAL.NET): RBACK34A.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.66.126:80 US:207.123.44.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:04:00 | Win2K-f | 122.120.4.94 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:22:00 | Win2K-f | 61.228.107.24 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 25 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 | b51c7dc59d NEW |
none[none] | none:none |
none|none | none | none |
| T:05:25:00 | WinXP | 82.84.245.75 (CUST-ADSL.TISCALI.IT): TISCALI ITALIA SPA, BARI, PUGLIA, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 05:38:00 | WinXP | 125.225.9.221 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:05:38:00 | Win2K-f | 88.64.71.63 (ARCOR-IP.NET): ARCOR-DSL-NET, MUNICH, BAYERN, DE. (DSL) |
217.170.244.2:443 | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:52:00 | WinXP | 116.59.177.236 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox: 2 hits: 07-06 to 07-11] |
none[none] | none:none |
none|none | none | none |
| 05:54:00 | WinXP | 61.199.106.174 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:00:00 | WinXP | 211.172.230.35 (KCI.CO.KR): HANNET-LLINE-KCI, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
a704164588 [Firefox: 3 hits: 07-04 to 07-09] eb270b5ad2 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:01:00 | WinXP | 88.70.95.190 (ARCOR-IP.NET): ARCOR-DSL-NET, OSNABRUCK, NIEDERSACHSEN, DE. |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:03:00 | Win2K-f | 219.105.237.147 (SANNET.NE.JP): SANNET INTERNET SERVICES, JP. |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 36 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 06:03:00 | WinXP | 117.102.157.36 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 29 | 6887c0c417 [Firefox:12 hits: 08-17 to 07-02] |
0a9bea2750 [0] | ASM:Graph |
FSG| | lines=1932 embedded dns |
trace |
| 06:09:00 | WinXP | 61.231.138.64 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:17:00 | WinXP | 212.44.75.44 (GAZINTER.NET): OOO GAZINTERNET, KALININGRAD, KALININGRADSKAYA OBLAST', RU. |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:220 hits: 05-02 to 07-11] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:06:25:00 | WinXP | 69.221.34.88 (SBCGLOBAL.NET): SFLDMI ADSL RBACK8 PPPOX, ALLEN PARK, MICHIGAN, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:34:00 | Win2K-f | 125.196.227.214 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 06:44:00 | WinXP | 118.160.230.122 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 06:48:00 | Win2K-f | 211.21.230.12 (CATEYE.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 57ce4acac2 [Firefox:54 hits: 06-17 to 07-12] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:11:00 | WinXP | 193.248.33.51 (ABO.WANADOO.FR): WANADOO FRANCE, LIMOGES, LIMOUSIN, FR. |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:485 hits: 05-04 to 07-12] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:07:15:00 | Win2K-f | 61.46.136.231 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
07fabc79ef [Firefox: 5 hits: 06-19 to 07-08] 53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] b5919931fe [Firefox:116 hits: 06-20 to 07-12] |
07fabc79ef [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 07:15:00 | WinXP | 61.46.136.231 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox: 5 hits: 06-19 to 07-08] 53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:07:18:00 | WinXP | 219.105.101.57 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:479 hits: 12-31 to 07-12] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:22:00 | WinXP | 89.186.159.228 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | ad0c5ff63e [Firefox: 2 hits: 07-03 to 07-06] |
none[none] | none:none |
none|none | none | none |
| T:07:31:00 | Win2K-f | 118.169.65.210 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:05:00 | Win2K-f | 61.229.83.138 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:05:00 | WinXP | 122.254.36.11 (-): PHOENIX CATV C, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 62 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] b7082104e4 [Firefox:38 hits: 06-18 to 07-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:08:10:00 | Win2K-f | 118.171.138.192 (-): . |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:13:00 | WinXP | 217.201.170.74 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 87004ccddb NEW |
none[none] | none:none |
none|none | none | none |
| T:08:15:00 | WinXP | 217.201.170.74 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 87004ccddb NEW |
none[none] | none:none |
none|none | none | none |
| T:08:22:00 | WinXP | 67.55.134.159 (WCCTA.NET): WEBSTER CALHOUN TELEPHONE CO, FT. DODGE, IOWA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 8e4e9c46a1 NEW |
none[none] | none:none |
none|none | none | none |
| 08:23:00 | Win2K-f | 220.139.176.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 08:40:00 | Win2K-f | 4.248.234.15 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOUISA, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 33 | bfb1452860 NEW |
none[none] | none:none |
none|none | none | none | |
| T:08:44:00 | Win2K-f | 122.118.178.86 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:46:00 | WinXP | 61.59.148.6 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:47:00 | Win2K-f | 220.139.176.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:53:00 | Win2K-f | 218.173.227.220 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:59:00 | Win2K-f | 85.181.44.112 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:07:00 | WinXP | 218.169.157.103 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:14:00 | Win2K-f | 125.231.130.8 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:15:00 | WinXP | 24.87.99.200 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 32 of 33 0 of 33 |
0dc39cd3c1 [Firefox: 4 hits: 06-27 to 07-11] a120847406 [Firefox: 4 hits: 06-27 to 07-11] e07c29c4ae [Firefox:87 hits: 06-19 to 07-12] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 09:20:00 | Win2K-f | 217.202.214.39 (-): TELECOM ITALIA MOBILE, IT. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:23:00 | WinXP | 4.157.65.12 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, QUEENSBURY, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] e07c29c4ae [Firefox:87 hits: 06-19 to 07-12] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:09:28:00 | Win2K-f | 88.168.176.200 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | b8d8774b59 NEW |
none[none] | none:none |
none|none | none | none | |
| 09:31:00 | Win2K-f | 218.173.156.228 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:32:00 | Win2K-f | 41.249.252.178 (IAM.NET.MA): AFRINIC, MA. |
n/a | US:game.doiluc.com | 445 | pcap | raw alerts ruleset |
http 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
2 of 32 | 2dd94db23c NEW |
none[none] | none:none |
none|none | none | none |
| T:09:40:00 | WinXP | 149.225.62.254 (UU.NET): VERIZON DEUTSCHLAND GMBH, KAMP-LINTFORT, NORDRHEIN-WESTFALEN, DE. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 09:47:00 | WinXP | 123.218.161.142 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:150 hits: 09-28 to 07-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:51:00 | Win2K-f | 83.215.17.56 (SALZBURG-ONLINE.AT): SALZBURG AG PROVIDES INTERNET-SERVICES, SALZBURG, SALZBURG, AT. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:57:00 | WinXP | 218.169.177.90 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:150 hits: 09-28 to 07-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:02:00 | WinXP | 83.215.17.56 (SALZBURG-ONLINE.AT): SALZBURG AG PROVIDES INTERNET-SERVICES, SALZBURG, SALZBURG, AT. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:26:00 | Win2K-f | 85.180.239.224 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:28:00 | WinXP | 59.112.99.45 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 10:33:00 | Win2K-f | 219.115.105.243 (ZAQ.NE.JP): J-COM KANSAI CO. LTD, JP. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:33:00 | Win2K-f | 125.225.106.100 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:10:44:00 | Win2K-f | 83.103.164.96 (-): ASTRAL-ALBA-DOCSIS, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:14:00 | Win2K-f | 85.180.239.224 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:20:00 | Win2K-f | 24.78.161.208 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 375 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
252e07202f NEW 9f886e1087 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:11:21:00 | Win2K-f | 24.78.161.208 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 219 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 9f886e1087 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:26:00 | WinXP | 81.132.252.234 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:26 hits: 06-12 to 07-10] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 11:34:00 | WinXP | 87.54.210.236 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:37:00 | Win2K-f | 24.67.104.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | 87835b2882 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:39:00 | Win2K-f | 66.137.168.37 (DURACOM.NET): AT&T INTERNET SERVICES, DURANT, OKLAHOMA, US. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 11:50:00 | WinXP | 218.162.98.137 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:11:51:00 | WinXP | 216.76.239.99 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATHENS, ALABAMA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad GB:new.egg.com |
445 | pcap | raw alerts ruleset |
http http http http 35 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1111 hits: 05-01 to 07-12] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:11:52:00 | Win2K-f | 70.68.184.115 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:54:00 | Win2K-f | 74.79.141.220 (RR.COM): ROAD RUNNER HOLDCO LLC, CICERO, NEW YORK, US. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 12:04:00 | Win2K-f | 218.173.233.59 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 12:14:00 | Win2K-f | 208.127.98.172 (DSLEXTREME.COM): DSL EXTREME, TUJUNGA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 33 |
2ef2f78792 [Firefox: 6 hits: 06-21 to 07-10] b7a332eb7c [Firefox: 6 hits: 06-21 to 07-10] |
2ef2f78792 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:12:16:00 | Win2K-f | 219.39.220.70 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] b5919931fe [Firefox:116 hits: 06-20 to 07-12] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:17:00 | WinXP | 82.233.167.8 (PROXAD.NET): PROXAD / FREE SAS, TOURS, CENTRE, FR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:30:00 | WinXP | 24.64.86.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:36:00 | Win2K-f | 149.225.72.198 (UU.NET): VERIZON DEUTSCHLAND GMBH, BOCHUM, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:42:00 | WinXP | 63.245.190.140 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, MCPHERSON, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:300 hits: 06-18 to 07-12] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 12:53:00 | Win2K-f | 4.238.11.248 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ORLANDO, FLORIDA, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 82a2f48f4b NEW |
none[none] | none:none |
none|none | none | none |
| 12:55:00 | WinXP | 220.140.224.12 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 12:58:00 | WinXP | 80.63.230.245 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:24 hits: 05-12 to 07-11] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:13:05:00 | Win2K-f | 219.115.105.243 (ZAQ.NE.JP): J-COM KANSAI CO. LTD, JP. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:07:00 | WinXP | 85.183.222.224 (ALICEDSL.DE): HANSENET-ADSL, DUSSELDORF, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:14:00 | WinXP | 218.173.156.228 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:21:00 | WinXP | 64.237.124.29 (-): HALLETTSVILLE COMMUNICATION, SAN JUAN, PUERTO RICO, PR. |
n/a | EU:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1111 hits: 05-01 to 07-12] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:22:00 | Win2K-f | 4.174.177.78 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
135 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:28:00 | Win2K-f | 122.118.15.201 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 13:29:00 | WinXP | 217.184.77.168 (MEDIAWAYS.NET): VARIOUS ONLINE SERVICES, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:41 hits: 12-14 to 07-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:13:35:00 | WinXP | 61.229.125.23 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:35:00 | Win2K-f | 172.168.226.92 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 157 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 1c3210698a NEW |
none[none] | none:none |
none|none | none | none | |
| 13:48:00 | WinXP | 84.140.205.132 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, AHRENSBURG, SCHLESWIG-HOLSTEIN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:41 hits: 12-14 to 07-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:14:11:00 | Win2K-f | 70.183.235.134 (COX.NET): COX COMMUNICATIONS, PENSACOLA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] b5919931fe [Firefox:116 hits: 06-20 to 07-12] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 14:12:00 | WinXP | 83.255.73.227 (COMHEM.SE): COMHEM, ÖSTERSUND, JAMTLANDS, SE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:691 hits: 07-11 to 07-11] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:25:00 | WinXP | 71.108.79.8 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LANCASTER, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.126:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 317 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
5913ead1a1 [Firefox: 2 hits: 06-18 to 07-11] ac99506c36 [Firefox: 2 hits: 06-18 to 07-11] |
5913ead1a1 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:14:25:00 | WinXP | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:29:00 | WinXP | 221.125.5.154 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:39:00 | Win2K-f | 59.121.37.151 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 14:46:00 | Win2K-f | 76.169.135.73 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:03:00 | WinXP | 61.229.167.97 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:12:00 | Win2K-f | 125.102.30.165 (UCOM.NE.JP): OS0212116C, JP. (100Mbps) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:12:00 | Win2K-f | 78.96.223.179 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | f806c334f0 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:25:00 | Win2K-f | 24.92.23.103 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:28:00 | WinXP | 59.112.131.215 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 27 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 15:28:00 | WinXP | 77.102.76.207 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:44:00 | Win2K-f | 59.115.130.9 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:45:00 | WinXP | 138.89.74.15 (VERIZON.NET): VERIZON INTERNET SERVICES, JERSEY CITY, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:41 hits: 12-14 to 07-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 15:48:00 | Win2K-f | 118.171.99.191 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:51:00 | Win2K-f | 221.124.137.144 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 16:00:00 | WinXP | 122.118.178.86 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 16:18:00 | WinXP | 157.157.125.127 (SIMNET.IS): ICENET, SELFOSS, ARNESSYSLA, IS. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:150 hits: 09-28 to 07-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:39:00 | WinXP | 24.77.17.186 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:205.128.79.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox: 6 hits: 06-20 to 07-12] e5c7bce70e [Firefox: 6 hits: 06-20 to 07-12] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:44:00 | Win2K-f | 61.216.229.29 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:16:45:00 | Win2K-f | 208.100.253.197 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:46:00 | Win2K-f | 78.96.223.179 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | f806c334f0 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:56:00 | WinXP | 24.67.104.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 17:07:00 | Win2K-f | 116.80.227.136 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), JP. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | dfcd73f7a7 [Firefox: 4 hits: 07-03 to 07-12] |
none[none] | none:none |
none|none | none | none |
| T:17:12:00 | Win2K-f | 59.121.37.151 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:17:00 | WinXP | 116.80.227.136 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), JP. |
210.245.211.11:65520 | :proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc http 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 33 30 of 33 |
a014934a72 [Firefox:69 hits: 06-28 to 07-11] dfcd73f7a7 [Firefox: 4 hits: 07-03 to 07-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:21:00 | Win2K-f | 125.231.129.112 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:17:24:00 | Win2K-f | 4.188.38.112 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PRINCE GEORGE, VIRGINIA, US. (DIAL) |
210.245.211.11:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
irc http 193 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 32 of 33 27 of 33 |
1f5e79b151 NEW 9310fe936e NEW a014934a72 [Firefox:69 hits: 06-28 to 07-11] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:17:33:00 | WinXP | 200.199.33.123 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
210.245.211.11:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 1e03efd64c NEW |
none[none] | none:none |
none|none | none | none |
| T:17:37:00 | Win2K-f | 65.79.136.210 (CAMPTV.COM): LAMONT DIGITAL SYSTEMS INC, BRISTOW, VIRGINIA, US. |
210.245.211.11:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 US:208.111.148.15:80 HK:210.245.211.11:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
irc http 165 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 32 of 33 27 of 33 |
9242113c52 NEW 92df1d8b32 NEW a014934a72 [Firefox:69 hits: 06-28 to 07-11] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 17:41:00 | WinXP | 4.245.27.199 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDEPENDENCE, MISSOURI, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:17:56:00 | Win2K-f | 201.47.47.88 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
210.245.211.11:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
445 | pcap | raw alerts ruleset |
irc 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:57:00 | WinXP | 205.163.99.164 (NETSCOPE.NET): MIKROTEC INTERNET SERVICES INC, LEXINGTON, KENTUCKY, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:57:00 | Win2K-f | 99.161.80.157 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] b5919931fe [Firefox:116 hits: 06-20 to 07-12] b7082104e4 [Firefox:38 hits: 06-18 to 07-12] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 18:08:00 | WinXP | 219.115.105.243 (ZAQ.NE.JP): J-COM KANSAI CO. LTD, JP. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 18:24:00 | WinXP | 218.168.65.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:26:00 | WinXP | 4.252.69.51 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com EU:ebookfinaltrash.ru DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 36 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | b4576532a0 NEW |
none[4] | none:none |
ASPack| | none | trace |
| T:18:31:00 | WinXP | 70.182.166.103 (COX.NET): COX COMMUNICATIONS, HALSTEAD, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 0 of 33 |
48ff2434c0 NEW 53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] e07c29c4ae [Firefox:87 hits: 06-19 to 07-12] |
none[none] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none tElock| FSG| |
none none lines=92 |
none trace trace |
| T:18:36:00 | Win2K-f | 75.136.142.164 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | ca65a289a3 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:41:00 | Win2K-f | 24.86.81.245 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | f99b3c8fe6 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:42:00 | WinXP | 61.34.194.118 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. (100Mbps) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 30 of 33 |
3690b64ca2 [Firefox: 4 hits: 06-18 to 06-25] a6fb77fd26 [Firefox: 4 hits: 06-18 to 06-25] |
none[4] a6fb77fd26[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=82 |
trace trace |
| T:18:53:00 | Win2K-f | 61.231.127.192 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:54:00 | Win2K-f | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.37.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 57ce4acac2 [Firefox:54 hits: 06-17 to 07-12] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:59:00 | WinXP | 99.151.59.25 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:691 hits: 07-11 to 07-11] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:07:00 | Win2K-f | 12.74.142.69 (ATT.NET): AT&T WORLDNET SERVICES, MEMPHIS, TENNESSEE, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 97764d927e NEW |
none[none] | none:none |
none|none | none | none |
| T:19:11:00 | WinXP | 199.227.202.43 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] e07c29c4ae [Firefox:87 hits: 06-19 to 07-12] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:19:22:00 | Win2K-f | 122.42.15.130 (-): POWERCOMM, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 33 |
2949152a24 [Firefox: 2 hits: 07-02 to 07-06] f1a10a0d85 [Firefox: 2 hits: 07-02 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:23:00 | WinXP | 4.152.216.122 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTSMOUTH, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 101 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] a08f3b74a4 [Firefox:199 hits: 06-18 to 07-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:41:00 | Win2K-f | 220.139.139.78 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:19:43:00 | WinXP | 71.85.120.154 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:19:48:00 | WinXP | 12.73.150.183 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3189 hits: 12-31 to 07-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:03:00 | Win2K-f | 166.82.10.36 (VNET.NET): CTC INTERNET SERVICES INC, CONCORD, NORTH CAROLINA, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:33:00 | WinXP | 4.88.59.61 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MT. PLEASANT, SOUTH CAROLINA, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | b2178fdd32 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:33:00 | WinXP | 218.164.124.141 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 2b8c0ae381 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:36:00 | Win2K-f | 59.115.237.76 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:37:00 | WinXP | 78.97.16.221 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 20:42:00 | WinXP | 122.2.98.106 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.37.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
319dddbd87 NEW bcabcc7cc3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:44:00 | WinXP | 118.168.138.206 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 20:57:00 | Win2K-f | 118.219.178.36 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:07:00 | Win2K-f | 61.223.178.34 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:21:13:00 | Win2K-f | 218.165.82.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:13:00 | Win2K-f | 116.127.207.166 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:204.160.126.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:81 hits: 06-17 to 07-12] 53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 21:19:00 | WinXP | 119.95.51.23 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 8020eb2d22 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:21:24:00 | WinXP | 218.168.67.43 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:25:00 | WinXP | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:615 hits: 06-17 to 07-12] 73f1082158 [Firefox:300 hits: 06-18 to 07-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:34:00 | WinXP | 200.165.239.162 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 6 hits: 08-25 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace |
| 21:46:00 | Win2K-f | 59.113.79.112 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DIAL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 22:03:00 | Win2K-f | 203.70.216.53 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:09:00 | WinXP | 116.122.234.42 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.126:80 US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:49 hits: 06-17 to 07-12] 4c3df24b32 [Firefox:81 hits: 06-17 to 07-12] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:12:00 | WinXP | 61.223.42.112 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:13:00 | Win2K-f | 4.244.96.185 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TULSA, OKLAHOMA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell shell shell shell shell 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:14:00 | WinXP | 118.171.131.139 (-): . |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:16:00 | WinXP | 116.122.234.42 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:49 hits: 06-17 to 07-12] 4c3df24b32 [Firefox:81 hits: 06-17 to 07-12] e07c29c4ae [Firefox:87 hits: 06-19 to 07-12] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:23:00 | WinXP | 123.222.139.25 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 6db3373938 NEW |
none[none] | none:none |
none|none | none | none |
| 22:35:00 | Win2K-f | 89.241.69.68 (-): OPAL TELECOM DSL, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2864 hits: 12-31 to 07-12] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 22:38:00 | WinXP | 24.65.231.174 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 230 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 33 | 2c2f04d480 [Firefox: 2 hits: 07-05 to 07-09] |
none[none] | none:none |
none|none | none | none | |
| 22:47:00 | WinXP | 61.229.88.78 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:48:00 | WinXP | 24.87.54.168 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:55:00 | WinXP | 59.93.72.78 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), HYDERABAD, ANDHRA PRADESH, IN. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| 23:02:00 | Win2K-f | 218.173.234.116 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:06:00 | WinXP | 122.118.15.201 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:12:00 | WinXP | 61.223.42.112 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:42:00 | WinXP | 59.117.35.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 NEW |
none[none] | none:none |
none|none | none | none |