|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:11:00 | WinXP | 122.16.125.89 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 00:33:00 | WinXP | 24.84.65.54 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox: 7 hits: 06-20 to 07-13] e5c7bce70e [Firefox: 7 hits: 06-20 to 07-13] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:34:00 | WinXP | 99.164.35.181 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:34:00 | Win2K-f | 118.160.228.210 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 00:43:00 | WinXP | 4.131.81.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:206.33.45.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b7082104e4 [Firefox:42 hits: 06-18 to 07-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:01:06:00 | WinXP | 91.65.159.8 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:01:11:00 | Win2K-f | 121.92.150.99 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:01:21:00 | Win2K-f | 118.171.137.236 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| 01:35:00 | WinXP | 119.94.9.104 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 28 of 33 |
56a3822608 NEW a4c433c5d3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:41:00 | Win2K-f | 81.102.114.136 (NTL.COM): NTLI, PORTSMOUTH, ENGLAND, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 1 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] c562e2226d NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 01:53:00 | WinXP | 76.215.155.6 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.MTRYCA, PLANO, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:06:00 | Win2K-f | 24.81.138.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 573 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
0fb0a0ba76 NEW 618dc6f4bb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:16:00 | Win2K-f | 41.236.19.90 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:19:00 | Win2K-f | 118.160.233.141 (-): . |
217.170.244.2:443 | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:21:00 | Win2K-f | 61.231.66.16 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| 02:30:00 | WinXP | 83.32.217.64 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, VILLANUEVA DE LA CAñADA, MADRID, ES. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 33 | 89953ae602 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:31:00 | WinXP | 86.154.236.143 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:44:00 | Win2K-f | 125.232.142.16 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:44:00 | WinXP | 220.219.253.143 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:158 hits: 09-28 to 07-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:02:45:00 | Win2K-f | 59.100.154.108 (CONNECT.NET.AU): AAPT LIMITED, RICHMOND, QUEENSLAND, AU. (DSL) |
217.170.244.2:443 | 445 | pcap | raw alerts ruleset |
shell ftp irc 29 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace | |
| T:02:53:00 | WinXP | 86.147.165.53 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:29 hits: 06-12 to 07-14] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 02:55:00 | WinXP | 60.237.235.141 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | c1a25369a4 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:20:00 | Win2K-f | 59.112.36.95 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:26:00 | Win2K-f | 211.176.174.28 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 0 of 32 |
4c3df24b32 [Firefox:87 hits: 06-17 to 07-14] 8390780c27 [Firefox:17 hits: 06-18 to 07-12] b5919931fe [Firefox:123 hits: 06-20 to 07-14] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 03:27:00 | Win2K-f | 59.100.154.108 (CONNECT.NET.AU): AAPT LIMITED, RICHMOND, QUEENSLAND, AU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:28:00 | WinXP | 78.130.67.226 (REV.OPTIMUS.PT): OPTIMUS TELECOMUNICAGUES S.A, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | f787dac1e0 NEW |
none[none] | none:none |
none|none | none | none |
| 03:36:00 | WinXP | 4.170.30.53 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MIAMI, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:39:00 | WinXP | 122.53.160.182 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:199.93.44.126:80 US:204.160.126.126:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:15 hits: 06-18 to 07-14] 76ee340669 [Firefox:15 hits: 06-18 to 07-14] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 03:59:00 | Win2K-f | 4.156.90.100 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOSTON, MASSACHUSETTS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:10:00 | Win2K-f | 75.14.253.81 (-): REFAT M HIJAZ DBA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:23:00 | Win2K-f | 218.220.145.120 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox: 7 hits: 06-19 to 07-13] 53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:04:24:00 | Win2K-f | 218.220.145.120 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox: 7 hits: 06-19 to 07-13] 53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:04:33:00 | WinXP | 4.171.129.72 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, JACKSONVILLE, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 5126de19b5 [Firefox: 3 hits: 06-27 to 07-11] |
none[none] | none:none |
none|none | none | none | |
| T:04:35:00 | Win2K-f | 218.223.58.236 (WIND.NE.JP): GUUMA INTERNET CO .LTD, FUKUOKA, FUKUOKA, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:05:31:00 | WinXP | 123.217.2.67 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:40:00 | WinXP | 86.155.13.3 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:40:00 | WinXP | 61.69.151.221 (CONNECT.NET.AU): CCADIALPOOLS3-CC, SOUTHPORT, QUEENSLAND, AU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:49:00 | WinXP | 60.56.92.254 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.90.2:443 |
445 | pcap | raw alerts ruleset |
shell ftp 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
16 of 31 | 23c32fbd78 [Firefox: 8 hits: 05-03 to 07-13] |
none[4] | none:none |
PeCompact| | none | trace |
| T:05:56:00 | WinXP | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:04:00 | Win2K-f | 118.110.119.235 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:15:00 | Win2K-f | 118.219.44.54 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 71 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | 58c343a8d8 [Firefox: 7 hits: 06-21 to 07-12] |
58c343a8d8 [1] | ASM:Graph |
Armadillo| | lines=82 | trace | |
| 06:27:00 | WinXP | 92.40.71.23 (IKBCC.COM): EU-ZZ, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:30:00 | Win2K-f | 70.62.193.159 (RR.COM): ROAD RUNNER HOLDCO LLC, MENTOR, OHIO, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| T:06:41:00 | WinXP | 122.2.155.75 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 172 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
68cac0810a NEW dee14ccd21 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:00:00 | WinXP | 4.228.123.100 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:01:00 | Win2K-f | 196.208.34.127 (DIAL-UP.NET): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 192 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 30 of 33 |
73f1082158 [Firefox:315 hits: 06-18 to 07-14] cf298ee908 NEW |
73f1082158 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
|
| T:07:03:00 | Win2K-f | 88.189.208.26 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, FR. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:07:06:00 | WinXP | 61.228.134.187 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:08:00 | Win2K-f | 65.255.191.8 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:17:00 | WinXP | 85.180.15.182 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 330e249237 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:25:00 | Win2K-f | 88.104.45.8 (AS9105.COM): TISCALI UK LTD, LIVERPOOL, ENGLAND, UK. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:07:27:00 | WinXP | 124.102.32.77 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:48:00 | WinXP | 218.168.79.251 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox: 3 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| 07:49:00 | Win2K-f | 4.229.232.235 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BUCHANAN, MICHIGAN, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:07:00 | WinXP | 116.126.250.137 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none 0 of 33 |
4c3df24b32 [Firefox:87 hits: 06-17 to 07-14] 6a4845ca11 [Firefox: 5 hits: 06-27 to 07-09] e07c29c4ae [Firefox:97 hits: 06-19 to 07-14] |
4c3df24b32 [1] none [none] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| none|none FSG| |
lines=81 none lines=92 |
trace none trace |
| 08:09:00 | Win2K-f | 24.241.170.232 (CHARTER.COM): CHARTER COMMUNICATIONS, HARLEM, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 321 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
378a4bac36 NEW d11b4c2e19 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:14:00 | WinXP | 193.248.221.165 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:25:00 | Win2K-f | 4.228.114.25 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LITTLETON, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 148 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] b5919931fe [Firefox:123 hits: 06-20 to 07-14] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:08:28:00 | Win2K-f | 122.52.25.241 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:45:00 | WinXP | 75.63.168.239 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:08:53:00 | WinXP | 220.139.149.28 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:11:00 | WinXP | 66.53.209.221 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sptc02.information.com US:ads1.revenue.net US:as.casalemedia.com US:activex.microsoft.com US:codecs.microsoft.com :wpad US:208.73.210.32:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http http http http 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 33 29 of 29 |
3101b958d3 NEW df17a625ee [Firefox:487 hits: 05-04 to 07-14] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| 09:12:00 | WinXP | 203.148.112.168 (ENJOY.NE.JP): DEODEO CORPORATION, HIROSHIMA, HIROSHIMA, JP. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 09:32:00 | WinXP | 78.49.249.76 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:42:00 | Win2K-f | 74.75.3.142 (RR.COM): ROAD RUNNER HOLDCO LLC, PITTSFIELD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 32 |
4c3df24b32 [Firefox:87 hits: 06-17 to 07-14] 53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b5919931fe [Firefox:123 hits: 06-20 to 07-14] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 09:52:00 | Win2K-f | 69.216.101.242 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:206.33.45.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b7082104e4 [Firefox:42 hits: 06-18 to 07-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:54:00 | WinXP | 71.74.93.13 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | EU:siliconfireware.ru DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1116 hits: 05-01 to 07-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:10:00:00 | Win2K-f | 85.181.59.55 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:06:00 | Win2K-f | 4.238.30.13 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. CLOUD, FLORIDA, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 206 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
23b2288763 NEW ef8dc9850c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:12:00 | Win2K-f | 85.183.155.92 (ALICEDSL.DE): HANSENET-ADSL, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:21:00 | Win2K-f | 64.201.110.106 (RACE.COM): RACE TECHNOLOGIES INC, SOUTH SAN FRANCISCO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:22:00 | Win2K-f | 71.111.73.253 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 31 of 33 |
5f11b319ef [Firefox: 3 hits: 07-07 to 07-10] a3f631e410 [Firefox: 3 hits: 07-07 to 07-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:26:00 | WinXP | 24.67.162.209 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 HK:210.245.211.11:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 1 of 33 |
48f8b1a711 [Firefox: 6 hits: 06-19 to 07-08] aecf2a5fc9 [Firefox: 4 hits: 06-19 to 06-30] |
none[4] aecf2a5fc9[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:10:50:00 | WinXP | 76.182.6.242 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1116 hits: 05-01 to 07-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:10:57:00 | WinXP | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:10:00 | WinXP | 205.240.139.184 (-): SALINA-SPAVINAW TELEPHONE, SALINA, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:23:00 | WinXP | 122.146.80.229 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:29:00 | WinXP | 92.40.97.101 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7a393628ea [Firefox: 6 hits: 05-12 to 07-12] |
none[4] | none:none |
ASProtect| | none | trace |
| T:11:59:00 | WinXP | 70.78.32.19 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 293 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
1ef970bc07 NEW 905e570ec5 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:03:00 | WinXP | 218.168.155.108 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:22:00 | WinXP | 92.40.16.161 (IKBCC.COM): EU-ZZ, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:12:45:00 | WinXP | 98.150.228.114 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1417 hits: 12-31 to 07-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:50:00 | Win2K-f | 76.77.225.153 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:206.33.45.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b7082104e4 [Firefox:42 hits: 06-18 to 07-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:13:09:00 | WinXP | 122.118.160.14 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| T:13:13:00 | Win2K-f | 98.140.229.237 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:20:00 | WinXP | 24.229.233.134 (PTD.NET): PENTELEDATA INC. - CABLE, TOBYHANNA, PENNSYLVANIA, US. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:11 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| 13:42:00 | WinXP | 122.147.97.60 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 182 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 32 | 1d73d779df NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:50:00 | Win2K-f | 85.181.53.56 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:57:00 | WinXP | 61.231.98.15 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:13:58:00 | WinXP | 88.177.141.242 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:483 hits: 12-31 to 07-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:14:00 | WinXP | 208.127.8.96 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
72.10.172.218:2938 | CA:done.blacktiehsbdcs.com CA:dong.nagitiriheiwu.net CA:japan.youngpeyatech.info CA:72.10.169.26:2293 CA:72.10.169.26:3938 CA:72.10.172.218:2938 |
135 | pcap | raw alerts ruleset |
other 214 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 NEW |
none[none] | none:none |
none|none | none | none |
| 14:16:00 | WinXP | 65.191.30.213 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:316 hits: 05-01 to 07-14] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 14:20:00 | WinXP | 166.165.213.247 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:27:00 | Win2K-f | 218.168.91.63 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| 14:45:00 | Win2K-f | 221.116.121.28 (UCOM.NE.JP): B-TK1112-NET, JP. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:11 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| T:15:05:00 | WinXP | 59.113.169.213 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| 15:12:00 | Win2K-f | 74.0.86.202 (COVAD.NET): COVAD COMMUNICATIONS CO, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:11 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| 15:13:00 | WinXP | 72.230.159.227 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1417 hits: 12-31 to 07-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:15:00 | WinXP | 218.167.7.152 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:41:00 | Win2K-f | 88.70.67.41 (ARCOR-IP.NET): ARCOR-DSL-NET, OSNABRUCK, NIEDERSACHSEN, DE. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:15:50:00 | Win2K-f | 72.251.76.189 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:06:00 | Win2K-f | 61.20.164.199 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
dc20b6fe59 [Firefox: 6 hits: 06-23 to 07-11] f97070ef2b [Firefox: 6 hits: 06-23 to 07-11] |
dc20b6fe59 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| T:16:26:00 | WinXP | 201.22.104.51 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | cd43f33285 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:34:00 | WinXP | 218.167.7.152 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:16:35:00 | Win2K-f | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:35:00 | WinXP | 61.94.124.40 (TELKOM.NET.ID): PT TELKOM INDONESIA, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3203 hits: 12-31 to 07-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:51:00 | Win2K-f | 77.253.39.232 (COM.PL): NETIA, PL. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:90 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none | |
| 17:29:00 | WinXP | 66.50.89.167 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | 445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:33:00 | WinXP | 222.149.152.170 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:695 hits: 07-11 to 07-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:58:00 | Win2K-f | 218.160.169.224 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 18:12:00 | Win2K-f | 75.5.3.192 (SBCGLOBAL.NET): RBACK34C.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.66.124:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b7082104e4 [Firefox:42 hits: 06-18 to 07-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:18:18:00 | WinXP | 222.238.27.211 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.66.124:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:87 hits: 06-17 to 07-14] 8390780c27 [Firefox:17 hits: 06-18 to 07-12] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:18:25:00 | WinXP | 208.126.70.135 (NETINS.NET): NORWAY RURAL TEL CO, KANAWHA, IOWA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 33 0 of 33 |
2ef2f78792 [Firefox: 7 hits: 06-21 to 07-13] b7a332eb7c [Firefox: 7 hits: 06-21 to 07-13] e07c29c4ae [Firefox:97 hits: 06-19 to 07-14] |
2ef2f78792 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=82 none lines=92 |
trace trace trace |
| 18:30:00 | Win2K-f | 12.74.193.71 (ATT.NET): AT&T WORLDNET SERVICES, FT. WORTH, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox:12 hits: 06-22 to 07-12] |
none[4] | none:none |
none|none | none | trace | |
| T:18:30:00 | Win2K-f | 122.52.75.194 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:15 hits: 06-18 to 07-14] 76ee340669 [Firefox:15 hits: 06-18 to 07-14] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:18:45:00 | Win2K-f | 70.71.56.38 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.37.126:80 HK:210.245.211.11:80 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
765181de43 NEW aad35e5bc5 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:48:00 | Win2K-f | 71.109.255.39 (VERIZON.NET): VERIZON INTERNET SERVICES INC, HUNTINGTON BEACH, CALIFORNIA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:56:00 | WinXP | 76.214.146.38 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] e07c29c4ae [Firefox:97 hits: 06-19 to 07-14] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 18:58:00 | WinXP | 71.53.87.220 (EMBARQHSD.NET): EMBARQ CORPORATION, KILLEEN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:46:00 | WinXP | 96.14.130.202 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | 8870f527fa NEW |
none[none] | none:none |
none|none | none | none |
| 20:31:00 | WinXP | 218.167.96.56 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:44:00 | WinXP | 4.225.212.4 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOVELAND, COLORADO, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 38051f1669 [Firefox: 3 hits: 08-30 to 12-11] |
none[none] | none:none |
none|none | none | none |
| T:20:52:00 | WinXP | 98.140.229.160 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:17:00 | WinXP | 119.72.9.140 (-): . |
217.170.244.2:443 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | dc1cd61891 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:18:00 | WinXP | 122.24.70.197 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:22:00 | WinXP | 219.110.165.70 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:158 hits: 09-28 to 07-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:36:00 | Win2K-f | 4.240.255.169 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHOENIX, ARIZONA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:39:00 | WinXP | 118.104.235.127 (-): . |
n/a | DE:siliconfireware.ru :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1116 hits: 05-01 to 07-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 21:45:00 | Win2K-f | 59.116.102.134 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 21:47:00 | Win2K-f | 123.213.2.138 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
1509c8d024 [Firefox: 7 hits: 06-17 to 07-07] bd3f6e4ea3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:49:00 | WinXP | 70.113.90.20 (RR.COM): ROAD RUNNER HOLDCO LLC, AUSTIN, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] b7082104e4 [Firefox:42 hits: 06-18 to 07-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 22:18:00 | Win2K-f | 199.227.202.48 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.41.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:23:00 | WinXP | 59.115.159.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 22:27:00 | WinXP | 208.100.253.14 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:32:00 | Win2K-f | 122.53.11.127 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:15 hits: 06-18 to 07-14] 76ee340669 [Firefox:15 hits: 06-18 to 07-14] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 22:43:00 | Win2K-f | 70.254.8.18 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:204.160.126.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] a08f3b74a4 [Firefox:212 hits: 06-18 to 07-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:43:00 | WinXP | 74.215.161.227 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:08:00 | Win2K-f | 66.65.189.115 (RR.COM): ROAD RUNNER HOLDCO LLC, MT. VERNON, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:206.33.45.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:28:00 | WinXP | 61.230.3.78 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2908 hits: 12-31 to 07-14] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 23:28:00 | Win2K-f | 61.228.151.235 (PRESTONAUTO.COM): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:30:00 | Win2K-f | 58.106.235.19 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 0 of 32 |
2ca2e34968 NEW 61f8a55907 NEW b5919931fe [Firefox:123 hits: 06-20 to 07-14] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:23:34:00 | Win2K-f | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:654 hits: 06-17 to 07-14] 73f1082158 [Firefox:315 hits: 06-18 to 07-14] b5919931fe [Firefox:123 hits: 06-20 to 07-14] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:23:45:00 | Win2K-f | 4.248.57.119 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:49:00 | Win2K-f | 61.224.40.65 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |