|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:05:00 | Win2K-f | 218.190.78.46 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:00:08:00 | Win2K-f | 61.250.147.214 (KRLINE.NET): KRNIC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:00:08:00 | WinXP | 212.163.51.41 (LOCALHOST): CONCERT, ES. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 00:08:00 | WinXP | 116.121.159.108 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.79.126:80 US:207.123.44.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:52 hits: 06-17 to 07-13] 667f0c59f3 [Firefox: 2 hits: 07-04 to 07-07] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:00:11:00 | WinXP | 116.59.16.160 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox: 4 hits: 07-06 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 00:17:00 | Win2K-f | 24.86.152.62 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 273 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 7df41a77e6 [Firefox: 5 hits: 06-16 to 07-12] |
none[4] | none:none |
PolyEnE| | none | trace |
| 00:25:00 | WinXP | 75.138.49.145 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 00:31:00 | Win2K-f | 24.76.14.124 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:206.33.45.125:80 US:207.123.46.125:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
afc1e634b2 NEW eee8ce8675 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:46:00 | WinXP | 79.138.158.32 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:59:00 | WinXP | 79.138.209.126 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:07:00 | Win2K-f | 122.53.112.91 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:14 hits: 06-18 to 07-10] 76ee340669 [Firefox:14 hits: 06-18 to 07-10] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 01:25:00 | WinXP | 211.108.65.198 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 32 of 33 |
ce46f7ab87 [Firefox: 2 hits: 07-02 to 07-06] d7dc1e3bea [Firefox: 2 hits: 07-02 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:35:00 | Win2K-f | 93.81.72.87 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | b5919931fe [Firefox:121 hits: 06-20 to 07-13] |
b5919931fe [1] | ASM:Graph |
ASProtect| | lines=90 | trace |
| T:01:37:00 | WinXP | 221.125.143.154 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 131351dd21 [Firefox: 7 hits: 05-22 to 06-29] |
none[4] | none:none |
none|none | none | trace | |
| 01:54:00 | WinXP | 92.40.6.44 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 none |
7452c8448d [Firefox: 2 hits: 06-17 to 06-23] fd9b49840f NEW |
none[4] fd9b49840f[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 01:59:00 | WinXP | 118.108.251.207 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:07:00 | WinXP | 24.165.140.55 (RR.COM): ROAD RUNNER HOLDCO LLC, LORAIN, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad GB:217.145.225.22:80 |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1113 hits: 05-01 to 07-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:02:12:00 | WinXP | 122.118.157.111 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 02:36:00 | Win2K-f | 70.63.150.45 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 211 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 none |
2110c8100f [Firefox: 8 hits: 06-19 to 07-11] e818015a89 [Firefox: 7 hits: 06-23 to 07-11] |
none[4] e818015a89[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
|
| 02:41:00 | WinXP | 74.79.141.220 (RR.COM): ROAD RUNNER HOLDCO LLC, CICERO, NEW YORK, US. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:02:43:00 | WinXP | 98.150.224.239 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:56:00 | WinXP | 203.82.124.88 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 31 | cc545e1c99 NEW |
97a4355156 [0] | ASM:Graph |
none|none | lines=90 | trace | |
| T:03:18:00 | Win2K-f | 218.162.183.35 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:03:29:00 | WinXP | 119.95.68.242 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 32 |
5601dcf617 NEW d0c1f3c8c7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:30:00 | WinXP | 119.95.68.242 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.126:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 382 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 32 |
5601dcf617 NEW d0c1f3c8c7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:34:00 | Win2K-f | 122.133.224.69 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 661a97baa1 [Firefox: 2 hits: 07-02 to 07-02] |
none[none] | none:none |
none|none | none | none |
| 03:34:00 | Win2K-f | 122.120.9.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:35:00 | WinXP | 218.173.226.10 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 03:40:00 | WinXP | 59.100.146.224 (CONNECT.NET.AU): AAPT LIMITED, RICHMOND, QUEENSLAND, AU. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:03:58:00 | WinXP | 61.231.69.27 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 04:02:00 | Win2K-f | 61.230.185.105 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:07:00 | WinXP | 61.229.74.99 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 04:11:00 | Win2K-f | 217.98.230.46 (TPNET.PL): TELEKOMUNIKACJA POLSKA S.A. CST, PL. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:13:00 | WinXP | 88.186.44.130 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:04:16:00 | WinXP | 74.79.141.220 (RR.COM): ROAD RUNNER HOLDCO LLC, CICERO, NEW YORK, US. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:04:27:00 | WinXP | 61.218.108.122 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] e07c29c4ae [Firefox:92 hits: 06-19 to 07-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:04:36:00 | WinXP | 118.168.168.59 (-): . |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 04:37:00 | Win2K-f | 93.149.248.31 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:38:00 | Win2K-f | 221.124.238.218 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:04:55:00 | Win2K-f | 218.168.124.124 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:05:20:00 | WinXP | 24.92.23.103 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.44.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:33:00 | WinXP | 12.78.10.169 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:480 hits: 12-31 to 07-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:33:00 | WinXP | 66.50.97.27 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | e3ce8985e6 [Firefox: 2 hits: 03-08 to 03-12] |
3762d19d64 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:47:00 | WinXP | 221.184.171.185 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:154 hits: 09-28 to 07-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:50:00 | Win2K-f | 61.228.113.238 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 6aaaa4c587 NEW |
none[none] | none:none |
none|none | none | none |
| 06:02:00 | Win2K-f | 218.169.184.140 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 06:12:00 | WinXP | 83.238.227.113 (INETIA.PL): INTERNETIA, KATOWICE, SLASKIE, PL. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:06:24:00 | WinXP | 83.97.228.163 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:32:00 | Win2K-f | 218.167.247.127 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | e64061f403 [Firefox: 4 hits: 10-08 to 03-13] |
5c0b28de87 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:45:00 | WinXP | 75.17.28.193 (SBCGLOBAL.NET): PPPOX POOL - RBACK34.IRVNCA, HOUSTON, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] b7082104e4 [Firefox:41 hits: 06-18 to 07-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:06:51:00 | Win2K-f | 218.173.234.116 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 06:55:00 | Win2K-f | 4.154.123.161 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ATLANTA, GEORGIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:56:00 | Win2K-f | 61.231.224.209 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:06:00 | WinXP | 218.165.183.205 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 07:15:00 | Win2K-f | 118.6.93.228 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:23:00 | WinXP | 122.118.157.111 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 07:30:00 | WinXP | 220.143.149.42 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:07:33:00 | WinXP | 85.154.166.17 (-): OMAN-EXP, OM. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:480 hits: 12-31 to 07-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:34:00 | Win2K-f | 122.118.187.122 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:07:35:00 | Win2K-f | 85.186.131.68 (-): ASTRAL-BZ-CPE, BUZAU, BUZAU, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 07:42:00 | Win2K-f | 83.255.72.80 (COMHEM.SE): COMHEM, ÖSTERSUND, JAMTLANDS, SE. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 07:43:00 | WinXP | 82.233.167.8 (PROXAD.NET): PROXAD / FREE SAS, TOURS, CENTRE, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 07:44:00 | WinXP | 219.255.190.75 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:206.33.45.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:52 hits: 06-17 to 07-13] 4c3df24b32 [Firefox:86 hits: 06-17 to 07-13] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:44:00 | WinXP | 4.242.147.250 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SILVERDALE, WASHINGTON, US. (DIAL) |
n/a | UA:citi-bank.ru US:adult-empire.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:48:00 | Win2K-f | 85.67.59.213 (-): FIBERNET, HU. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 08:02:00 | WinXP | 70.68.184.115 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 08:09:00 | WinXP | 59.117.35.156 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:08:10:00 | Win2K-f | 58.76.144.128 (-): BORA4053274C1, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 35350ef80b NEW |
none[none] | none:none |
none|none | none | none | |
| 08:28:00 | WinXP | 86.155.143.221 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SHEFFIELD, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:693 hits: 07-11 to 07-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:29:00 | Win2K-f | 67.48.115.214 (RR.COM): ROAD RUNNER HOLDCO LLC, LEES SUMMIT, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:31:00 | Win2K-f | 59.116.128.200 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:08:34:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 57ce4acac2 [Firefox:56 hits: 06-17 to 07-13] e07c29c4ae [Firefox:92 hits: 06-19 to 07-13] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:08:47:00 | WinXP | 59.115.239.211 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:08:49:00 | Win2K-f | 59.113.160.230 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 08:58:00 | WinXP | 59.105.30.105 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:08:59:00 | WinXP | 190.17.142.83 (COM.AR): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:03:00 | Win2K-f | 77.253.242.128 (COM.PL): NETIA, PL. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 09:14:00 | WinXP | 70.119.96.153 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.124:80 US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:18:00 | WinXP | 79.9.237.237 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:154 hits: 09-28 to 07-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:22:00 | WinXP | 88.30.158.178 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 09:30:00 | Win2K-f | 221.125.129.22 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 33 | 0efbb2ee6a NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:39:00 | WinXP | 61.231.127.137 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:09:41:00 | WinXP | 59.115.117.144 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
217.170.244.2:443 | CZ:217.170.244.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 09:47:00 | Win2K-f | 59.115.239.211 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:09:48:00 | Win2K-f | 61.229.32.151 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:09:51:00 | WinXP | 91.9.83.46 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
irc 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:59:00 | Win2K-f | 4.228.237.203 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:03:00 | WinXP | 62.11.204.118 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, CAGLIARI, SARDEGNA, IT. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad :www.proxy-socks.net EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 33 29 of 29 |
881c59659d NEW df17a625ee [Firefox:486 hits: 05-04 to 07-13] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| T:10:05:00 | Win2K-f | 24.68.64.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:12 hits: 06-18 to 07-12] e53a9ea82e [Firefox:12 hits: 06-18 to 07-12] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 10:08:00 | WinXP | 218.173.179.206 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:16:00 | WinXP | 209.94.211.212 (TSTT.NET.TT): TSTT ISP, TT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:315 hits: 05-01 to 07-12] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 10:30:00 | WinXP | 200.100.70.210 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 773c775064 NEW |
none[none] | none:none |
none|none | none | none |
| 10:30:00 | Win2K-f | 61.228.177.33 (PRESTONAUTO.COM): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:10:35:00 | Win2K-f | 59.105.30.105 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:35:00 | WinXP | 85.67.99.107 (-): FIBERNET, HU. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | de288d3080 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:55:00 | WinXP | 66.69.78.123 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. (100Mbps) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | e321efdb3f [Firefox: 9 hits: 05-07 to 10-21] |
none[none] | none:none |
none|none | none | none |
| T:10:58:00 | WinXP | 61.59.148.70 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 11:03:00 | WinXP | 86.152.246.185 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:27 hits: 06-12 to 07-13] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:11:12:00 | WinXP | 68.201.101.35 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | GB:welcome3.smile.co.uk :wpad DE:siliconfireware.ru GB:195.92.84.198:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1113 hits: 05-01 to 07-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 11:24:00 | Win2K-f | 61.59.148.70 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 11:30:00 | Win2K-f | 4.240.233.99 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TUCSON, ARIZONA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp shell shell 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:37:00 | WinXP | 41.214.174.101 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 7bd63bb17d [Firefox: 2 hits: 07-12 to 07-12] |
none[none] | none:none |
none|none | none | none |
| T:11:42:00 | Win2K-f | 130.13.111.132 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 277 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 4cb4a015fc NEW |
none[none] | none:none |
none|none | none | none |
| T:11:53:00 | WinXP | 220.139.47.251 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 12:01:00 | Win2K-f | 220.139.176.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:12:09:00 | WinXP | 212.163.132.127 (LOCALHOST): BT TELECOMUNICACIONES, MADRID, MADRID, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | d1377a8b90 [Firefox: 2 hits: 03-25 to 04-26] |
ad56da3672 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:12:00 | Win2K-f | 77.253.45.69 (COM.PL): NETIA, PL. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:12:25:00 | Win2K-f | 125.231.132.24 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:12:37:00 | WinXP | 92.40.242.103 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 5f96502533 NEW |
none[none] | none:none |
none|none | none | none |
| 12:37:00 | Win2K-f | 61.230.221.112 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 5f3232223a NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:39:00 | WinXP | 92.227.44.185 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | WinXP | 200.199.44.178 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 1e03efd64c NEW |
none[none] | none:none |
none|none | none | none |
| 12:46:00 | WinXP | 117.99.20.74 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:50:00 | WinXP | 98.25.97.90 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1415 hits: 12-31 to 07-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:58:00 | WinXP | 70.76.139.162 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:205.128.79.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
81264c16dd [Firefox: 2 hits: 07-03 to 07-11] 9a91743938 [Firefox: 2 hits: 07-03 to 07-11] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:07:00 | Win2K-f | 217.202.49.30 (-): TELECOM ITALIA MOBILE, IT. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 13:08:00 | WinXP | 77.253.198.1 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox:13 hits: 04-21 to 06-25] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| T:13:17:00 | WinXP | 220.139.176.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 13:27:00 | WinXP | 85.31.152.27 (RES.QUALITYNET.LI): LI-GATE, LI. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:13:38:00 | WinXP | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] e07c29c4ae [Firefox:92 hits: 06-19 to 07-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 13:49:00 | WinXP | 70.166.104.29 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.126:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 28 of 32 |
4250d77f5b NEW 7da49624d7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:49:00 | Win2K-f | 199.227.202.49 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.126:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:57:00 | WinXP | 4.235.6.29 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ORLANDO, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:154 hits: 09-28 to 07-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 13:58:00 | Win2K-f | 76.192.137.232 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:02:00 | WinXP | 78.49.96.84 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:08:00 | WinXP | 86.142.3.109 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:27 hits: 06-12 to 07-13] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 14:12:00 | WinXP | 212.27.14.107 (-): MLIFENET, RU. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1415 hits: 12-31 to 07-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:13:00 | WinXP | 76.87.209.158 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] e07c29c4ae [Firefox:92 hits: 06-19 to 07-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 14:17:00 | WinXP | 4.235.6.29 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ORLANDO, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:154 hits: 09-28 to 07-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:14:32:00 | WinXP | 201.229.53.12 (201-229-49-10.CTANET.AW): SETAR-CABLE-TV, AW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 0fa273d7cb NEW |
none[none] | none:none |
none|none | none | none |
| 14:35:00 | WinXP | 92.40.57.131 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | d3cdd013ea NEW |
none[none] | none:none |
none|none | none | none |
| T:14:54:00 | Win2K-f | 24.86.81.245 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
72.10.172.218:9928 | HK:proxim.ircgalaxy.pl CA:dong.nagitiriheiwu.net CA:teek.ihshsd8.com CA:72.10.169.26:2293 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | f99b3c8fe6 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:55:00 | WinXP | 78.97.116.164 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 33 | 87835b2882 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:02:00 | WinXP | 85.86.177.132 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 15:13:00 | Win2K-f | 116.81.84.48 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:15:16:00 | Win2K-f | 122.43.61.89 (-): POWERCOMM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 [Firefox: 6 hits: 07-06 to 07-11] bc94f66052 [Firefox: 6 hits: 07-06 to 07-11] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:30:00 | Win2K-f | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] b5919931fe [Firefox:121 hits: 06-20 to 07-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:32:00 | Win2K-f | 81.36.210.216 (RIMA-TDE.NET): TELEFONICA DE ESPANA, PONTEVEDRA, GALICIA, ES. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 15:46:00 | WinXP | 61.223.41.74 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 15:54:00 | Win2K-f | 78.96.223.179 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | f806c334f0 [Firefox: 2 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 16:15:00 | Win2K-f | 79.150.79.24 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| T:16:23:00 | Win2K-f | 88.30.158.178 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:25:00 | WinXP | 65.79.136.210 (CAMPTV.COM): LAMONT DIGITAL SYSTEMS INC, BRISTOW, VIRGINIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 0 of 33 |
9242113c52 NEW 92df1d8b32 NEW e07c29c4ae [Firefox:92 hits: 06-19 to 07-13] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 16:43:00 | Win2K-f | 165.154.153.41 (AURACOM.NET): HOOKUP COMMUNICATIONS, NEWMARKET, ONTARIO, CA. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:10:00 | Win2K-f | 88.240.89.171 (TTNET.NET.TR): TT ADSL-ALCATEL_ACI, BURSA, BURSA, TR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 17:35:00 | Win2K-f | 77.253.45.69 (COM.PL): NETIA, PL. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| T:17:54:00 | WinXP | 218.173.180.169 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 18:05:00 | WinXP | 211.172.230.35 (KCI.CO.KR): HANNET-LLINE-KCI, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
a704164588 [Firefox: 4 hits: 07-04 to 07-13] eb270b5ad2 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:27:00 | Win2K-f | 97.89.7.34 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 205 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
7ba9e53288 NEW d2e7fab9c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:29:00 | WinXP | 61.231.66.16 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:43 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 18:48:00 | WinXP | 4.152.84.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND, VIRGINIA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9543d041a7 [Firefox: 8 hits: 05-16 to 05-29] |
49e3eed5c5 [0] | ASM:Graph |
PolyEnE| | lines=77 embedded dns |
trace |
| T:18:48:00 | WinXP | 4.152.84.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND, VIRGINIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 9543d041a7 [Firefox: 8 hits: 05-16 to 05-29] |
49e3eed5c5 [0] | ASM:Graph |
PolyEnE| | lines=77 embedded dns |
trace |
| 19:03:00 | Win2K-f | 130.13.109.79 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info CA:done.blacktiehsbdcs.com CA:72.10.169.26:3938 CA:72.10.172.218:2938 |
135 | pcap | raw alerts ruleset |
other 738 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | 493624c3e6 NEW |
none[none] | none:none |
none|none | none | none |
| 19:04:00 | Win2K-f | 74.161.160.98 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | e64061f403 [Firefox: 4 hits: 10-08 to 03-13] |
5c0b28de87 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:19:14:00 | WinXP | 66.50.92.134 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3197 hits: 12-31 to 07-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:18:00 | Win2K-f | 24.100.7.192 (-): . |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none | |
| 19:27:00 | WinXP | 119.95.94.136 (-): . |
n/a | US:trying.7lmalq8.com US:66.252.13.206:32321 |
135 | pcap | raw alerts ruleset |
other 263 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 | 5971a3c5fb NEW |
none[none] | none:none |
none|none | none | none |
| T:19:48:00 | WinXP | 75.84.139.120 (RR.COM): ROAD RUNNER HOLDCO LLC, SANTA MONICA, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:480 hits: 12-31 to 07-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:54:00 | WinXP | 4.226.45.79 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:4.226.45.79:61387 |
445 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:02:00 | WinXP | 71.74.93.13 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad DE:212.227.111.29:80 GB:217.145.225.22:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1113 hits: 05-01 to 07-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:13:00 | Win2K-f | 122.110.159.115 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:20:36:00 | Win2K-f | 124.115.15.45 (163DATA.COM.CN): CHINANET SHANXI(SN) PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] a08f3b74a4 [Firefox:206 hits: 06-18 to 07-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:51:00 | Win2K-f | 172.166.194.187 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 57ce4acac2 [Firefox:56 hits: 06-17 to 07-13] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:58:00 | WinXP | 124.107.134.59 (PLDT.NET): GNTC7300I09_CONSUMER, PH. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 33 | ecb8ed0ff5 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:18:00 | WinXP | 99.158.59.113 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:693 hits: 07-11 to 07-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:21:00 | WinXP | 24.100.7.192 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox: 3 hits: 07-13 to 07-13] |
none[none] | none:none |
none|none | none | none |
| 21:25:00 | WinXP | 61.214.2.227 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:48:00 | WinXP | 69.41.137.100 (SEISMICINTERNET.NET): SEISMIC ENTERPRISES, KAILUA KONA, HAWAII, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:59:00 | WinXP | 125.197.16.200 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | HK:proxim.ircgalaxy.pl CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 3a400e5085 NEW |
none[none] | none:none |
none|none | none | none |
| 22:08:00 | WinXP | 118.166.167.180 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 22:20:00 | Win2K-f | 66.57.180.53 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:21:00 | WinXP | 218.168.78.10 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:31:00 | WinXP | 124.241.141.83 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:47:00 | Win2K-f | 208.100.241.96 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 194 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:307 hits: 06-18 to 07-13] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 23:04:00 | Win2K-f | 58.191.186.199 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2893 hits: 12-31 to 07-13] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 23:32:00 | WinXP | 59.104.87.167 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:47:00 | Win2K-f | 172.191.35.121 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:638 hits: 06-17 to 07-13] 73f1082158 [Firefox:307 hits: 06-18 to 07-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |