|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:16:00 | WinXP | 78.88.56.30 (-): VECTRA TECHNOLOGIE S.A, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | f1404cd261 NEW |
none[none] | none:none |
none|none | none | none |
| 00:28:00 | WinXP | 92.11.188.91 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:00:35:00 | Win2K-f | 122.53.44.115 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:20 hits: 06-18 to 07-17] 76ee340669 [Firefox:20 hits: 06-18 to 07-17] b5919931fe [Firefox:136 hits: 06-20 to 07-18] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 00:41:00 | Win2K-f | 4.253.132.62 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:00:57:00 | WinXP | 218.168.195.87 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:01:02:00 | WinXP | 218.39.236.172 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com US:b152.mcboo.com US:b155.mcboo.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
irc http 427 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 25 of 33 27 of 33 31 of 33 |
2ef9098242 NEW 897d59617c [Firefox:49 hits: 06-28 to 07-18] a014934a72 [Firefox:73 hits: 06-28 to 07-18] d789c8d157 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 01:22:00 | WinXP | 123.50.75.246 (-): MANA INTERNET SERVICE PROVIDER, PAPEETE, FRENCH POLYNESIA, PF. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:171 hits: 09-28 to 07-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:01:28:00 | Win2K-f | 122.123.133.39 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:31:00 | WinXP | 122.2.35.46 (PLDT.NET): JNEC7300I03_CONSUMER, CEBU, CEBU CITY, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 168 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8354fa612f [Firefox: 3 hits: 06-30 to 07-09] |
none[none] | none:none |
none|none | none | none | |
| T:01:45:00 | WinXP | 220.148.147.72 (T-COM.NE.JP): TOKAI CO.LTD, HANNO, SAITAMA, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:01:46:00 | Win2K-f | 210.205.62.38 (KRLINE.NET): KRNIC, KR. (100Mbps) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3c8ada1df2 NEW b8ba472d64 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:49:00 | WinXP | 124.241.143.152 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
67.43.236.99:5190 | CA:xx.sqlteam.info :nadsam0.info US:130.107.162.25:44826 CA:67.43.236.98:5190 |
135 | pcap | raw alerts ruleset |
irc 360 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 | b2aa60cb38 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:23:00 | WinXP | 70.72.200.183 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 33 32 of 33 |
c9594307a4 NEW e37658a526 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:24:00 | Win2K-f | 71.109.214.84 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LONG BEACH, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 31 of 33 |
5f11b319ef [Firefox: 5 hits: 07-07 to 07-17] a3f631e410 [Firefox: 5 hits: 07-07 to 07-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:24:00 | WinXP | 122.52.19.146 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:26:00 | Win2K-f | 213.242.244.18 (-): PPTP CONNECTIONS, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:342 hits: 03-31 to 07-18] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 02:36:00 | WinXP | 82.61.165.143 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, CALTANISSETTA, SICILIA, IT. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:55:00 | WinXP | 218.210.225.206 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:207.123.46.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:03:00 | Win2K-f | 159.134.164.9 (EIRCOM.NET): EIRCOM GROUP PLC, LIMERICK, LIMERICK, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:29:00 | WinXP | 61.229.185.30 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:33:00 | Win2K-f | 71.112.133.23 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BOTHELL, WASHINGTON, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:45:00 | WinXP | 121.115.77.49 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | fef488dddc NEW |
none[none] | none:none |
none|none | none | none |
| 03:57:00 | Win2K-f | 203.174.217.176 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 9 of 33 |
2851817490 [Firefox: 2 hits: 06-27 to 06-28] 624c441842 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:06:00 | WinXP | 81.9.225.162 (CM-81-9-211-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 8178c88f5e [Firefox: 9 hits: 07-08 to 07-18] |
none[none] | none:none |
none|none | none | none |
| T:04:10:00 | Win2K-f | 218.160.208.192 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 04:11:00 | WinXP | 124.10.86.174 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 7ef46e4e16 [Firefox:15 hits: 11-28 to 07-17] |
ef2e743fd2 [0] | ASM:Graph |
PolyEnE| | lines=74 | trace |
| 04:28:00 | Win2K-f | 61.216.165.79 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:29:00 | WinXP | 61.223.217.132 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:43:00 | Win2K-f | 172.129.179.92 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 7 hits: 07-03 to 07-17] c73f738c30 [Firefox: 7 hits: 07-03 to 07-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:00:00 | Win2K-f | 59.112.228.55 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 05:28:00 | WinXP | 122.122.156.230 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 9a9330fc9a NEW |
none[none] | none:none |
none|none | none | none |
| 05:42:00 | Win2K-f | 118.108.158.120 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:10:00 | WinXP | 202.71.56.189 (WARABI.NE.JP): WARABI CABLE VISION CO. LTD, WARABI, SAITAMA, JP. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox: 6 hits: 04-05 to 06-20] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:06:46:00 | Win2K-f | 219.96.244.163 (PLALA.OR.JP): PLALA NETWORKS INC, TOKYO, TOKYO, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:06:54:00 | WinXP | 4.166.195.177 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN ANTONIO, TEXAS, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 157 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 32 of 33 |
3c6781570e NEW 537e4f8dce NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:08:00 | Win2K-f | 220.138.171.189 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:16:00 | WinXP | 118.165.7.66 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 [Firefox: 7 hits: 07-09 to 07-18] |
none[none] | none:none |
none|none | none | none |
| T:07:26:00 | WinXP | 59.105.21.218 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox: 6 hits: 04-05 to 06-20] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 07:54:00 | WinXP | 4.139.250.26 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MARYLAND, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:319 hits: 05-01 to 07-18] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 08:10:00 | Win2K-f | 70.69.179.144 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, ABBOTSFORD, BRITISH COLUMBIA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 382 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
1c7eb7ddae NEW 20ee6418e6 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:28:00 | Win2K-f | 125.204.102.140 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:38:00 | WinXP | 199.37.173.206 (ATT.NET): AT&T WORLDNET SERVICES, MIDDLETOWN, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.53.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] b7082104e4 [Firefox:51 hits: 06-18 to 07-18] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:08:45:00 | WinXP | 118.236.54.205 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:10 hits: 06-22 to 07-16] |
none[4] | none:none |
none|none | none | trace | |
| T:09:00:00 | WinXP | 218.239.242.25 (-): HANANET-LLINE-POWERNET, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.124:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
45e0b2544f NEW 633a67eac3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:00:00 | WinXP | 118.6.23.200 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:171 hits: 09-28 to 07-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:06:00 | Win2K-f | 196.208.46.31 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:11:00 | WinXP | 4.136.255.240 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARTANBURG, SOUTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 387 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 0965a28cb9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:20:00 | WinXP | 41.207.196.12 (ADSL-41-207-192-10.AVISO.CI): AFRINIC, CI. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox: 3 hits: 07-04 to 07-18] |
none[none] | none:none |
none|none | none | none |
| T:09:33:00 | Win2K-f | 4.165.81.160 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DETROIT, MICHIGAN, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 171 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 32 |
5c089fe241 NEW 6aff15795d NEW b5919931fe [Firefox:136 hits: 06-20 to 07-18] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 09:36:00 | WinXP | 71.119.195.123 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:20:00 | Win2K-f | 211.141.40.84 (-): CHINA MOBILE COMMUNICATIONS CORPORATION - JILIN COMPANY, JILIN, JILIN, CN. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
a92c299250 NEW f0e73c39a8 [Firefox: 2 hits: 06-18 to 06-24] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 10:23:00 | Win2K-f | 66.178.144.34 (RIO.COM): RIO COMMUNICATIONS INC, ROSEBURG, OREGON, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 173 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 30 of 33 |
0fc4826292 NEW 970ae34562 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:27:00 | WinXP | 41.214.158.80 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:29 hits: 03-24 to 07-10] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:29:00 | WinXP | 41.214.158.80 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:29 hits: 03-24 to 07-10] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:39:00 | WinXP | 4.171.177.221 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MADISON, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.46.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 160 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:51:00 | WinXP | 12.215.122.95 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, OTTAWA, ILLINOIS, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3214 hits: 12-31 to 07-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 11:03:00 | WinXP | 216.211.254.189 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:14:00 | WinXP | 72.189.211.148 (RR.COM): ROAD RUNNER HOLDCO LLC, PALM BAY, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1424 hits: 12-31 to 07-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:18:00 | WinXP | 220.227.128.205 (PHOTONINFOTECH.COM): RELIANCE INFOCOM LTD, RAJKOT, GUJARAT, IN. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
1f30ad9ed7 NEW fb6a23eb04 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:24:00 | WinXP | 72.251.76.141 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:24:00 | WinXP | 61.226.252.160 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:27:00 | Win2K-f | 118.109.164.121 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 11:31:00 | WinXP | 76.215.149.76 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.MTRYCA, SALINAS, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:712 hits: 07-11 to 07-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:47:00 | WinXP | 65.25.92.34 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENVILLE, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3214 hits: 12-31 to 07-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:27:00 | Win2K-f | 72.251.42.75 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:30:00 | Win2K-f | 71.101.187.35 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PALMETTO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] a08f3b74a4 [Firefox:249 hits: 06-18 to 07-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:36:00 | Win2K-f | 4.161.229.71 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CANTON, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:58:00 | WinXP | 99.141.18.176 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:66 hits: 05-01 to 05-05] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| T:13:59:00 | WinXP | 4.88.118.195 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:171 hits: 09-28 to 07-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 14:03:00 | Win2K-f | 4.131.129.39 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, UPLAND, CALIFORNIA, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:15:00 | Win2K-f | 92.12.207.45 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:14:21:00 | WinXP | 76.83.28.233 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:94 hits: 05-03 to 07-10] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:14:25:00 | Win2K-f | 216.76.225.175 (BELLSOUTH.NET): BELLSOUTH.NET INC, CARRIERE, MISSISSIPPI, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:27:00 | Win2K-f | 209.214.96.180 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATHENS, GEORGIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:31:00 | Win2K-f | 122.30.207.185 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
72.10.172.218:7382 | CA:done.blacktiehsbdcs.com CA:italian.swiifatecihno.com CA:fuck.urpal43sourpalhuh.com :preek.oihduhdd.net CA:72.10.169.26:3938 CA:72.10.172.218:7382 CA:72.10.172.218:7763 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 30 | 2aa59ba425 [Firefox:44 hits: 06-30 to 07-17] |
2aa59ba425 [1] | ASM:Graph |
ASPack| | lines=10 | trace |
| T:14:36:00 | Win2K-f | 12.74.177.73 (ATT.NET): AT&T WORLDNET SERVICES, MOBILE, ALABAMA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:47:00 | WinXP | 83.255.69.149 (COMHEM.SE): COMHEM, ÖSTERSUND, JAMTLANDS, SE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:712 hits: 07-11 to 07-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:06:00 | Win2K-f | 4.156.255.176 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DUXBURY, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
http 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:29:00 | Win2K-f | 12.74.176.252 (ATT.NET): AT&T WORLDNET SERVICES, CHOCTAW, OKLAHOMA, US. (DIAL) |
12.74.176.252:21 | :irc.drxclusives.info CA:activestate.com :mail.activestate.com :smtp.activestate.com :mx1.activestate.com :mxs.activestate.com :mail1.activestate.com :relay.activestate.com :hut.fi :ns.activestate.com :gate.activestate.com US:fmrco.com.s8a2.psmtp.com DE:mf0.ffm0.de.carpe.net :mx.hut.fi FI:mail.hut.fi US:fmrco.com.s8b1.psmtp.com DE:convex.com FI:smtp.hut.fi US:yahoo.com US:synacklabs.net US:perl.org :alcatel.at FI:130.233.228.129:25 FI:130.233.228.93:25 CA:204.244.102.3:25 CA:204.244.102.6:25 US:206.190.53.191:25 US:209.191.118.103:25 US:209.191.88.247:25 DE:212.96.133.129:25 DE:212.96.133.20:25 US:216.39.53.1:25 US:216.39.53.3:25 US:64.18.7.11:25 US:64.18.7.13:25 US:66.196.82.7:25 US:66.196.97.250:25 |
445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | ce75163af2 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:32:00 | WinXP | 208.127.8.55 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
72.10.172.218:7382 72.10.172.218:9928 | :preek.oihduhdd.net CA:italian.swiifatecihno.com CA:teek.ihshsd8.com CA:72.10.172.218:7382 |
135 | pcap | raw alerts ruleset |
irc 222 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox: 3 hits: 12-27 to 07-16] |
none[none] | none:none |
none|none | none | none |
| 15:45:00 | Win2K-f | 61.231.98.152 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:16:03:00 | Win2K-f | 4.235.12.141 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MERRITT ISLAND, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:15:00 | Win2K-f | 75.14.253.81 (-): REFAT M HIJAZ DBA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] a08f3b74a4 [Firefox:249 hits: 06-18 to 07-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:18:00 | WinXP | 89.204.200.19 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:712 hits: 07-11 to 07-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:19:00 | Win2K-f | 4.90.21.128 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:21:00 | WinXP | 72.234.250.15 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, PEARL CITY, HAWAII, US. |
n/a | HK:proxim.ircgalaxy.pl :preek.oihduhdd.net CA:done.blacktiehsbdcs.com HK:210.245.211.11:65520 CA:72.10.169.26:3938 |
135 | pcap | raw alerts ruleset |
other 642 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | ce20f92227 [Firefox: 2 hits: 07-07 to 07-07] |
none[none] | none:none |
none|none | none | none |
| 16:25:00 | Win2K-f | 221.142.18.35 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.220.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:58 hits: 06-17 to 07-18] 4c3df24b32 [Firefox:96 hits: 06-17 to 07-18] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:29:00 | Win2K-f | 59.112.40.229 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 17:06:00 | Win2K-f | 58.227.227.95 (DIEHLAUTO.COM): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:96 hits: 06-17 to 07-18] 53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:17:17:00 | WinXP | 118.237.119.131 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:10 hits: 06-20 to 07-11] |
none[4] | none:none |
none|none | none | trace | |
| 17:22:00 | Win2K-f | 59.117.125.43 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 9341482fac NEW |
none[none] | none:none |
none|none | none | none |
| T:17:28:00 | WinXP | 24.77.17.186 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.79.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox: 8 hits: 06-20 to 07-15] e5c7bce70e [Firefox: 8 hits: 06-20 to 07-15] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:36:00 | Win2K-f | 61.229.34.192 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:17:46:00 | Win2K-f | 60.239.202.191 (MESH.AD.JP): NEC CORPORATION, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com US:b152.mcboo.com US:206.71.190.187:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp irc http 182 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 33 27 of 33 31 of 33 |
897d59617c [Firefox:49 hits: 06-28 to 07-18] a014934a72 [Firefox:73 hits: 06-28 to 07-18] cbb15caa12 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:18:05:00 | Win2K-f | 97.89.15.192 (-): . |
n/a | IL:dl.mcboo.com US:b156.mcboo.com CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:19:00 | WinXP | 60.251.238.167 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:21:00 | Win2K-f | 4.252.2.206 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ALBERTVILLE, ALABAMA, US. (DIAL) |
n/a | :www.speed-runner.com US:b157.mcboo.com IL:194.90.224.82:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
http http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
8 of 33 21 of 33 0 of 33 27 of 33 |
1ac39aea6b NEW 7b1de9d82d NEW 820bef376c NEW d6fbe37100 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 18:28:00 | WinXP | 4.230.150.64 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN ANTONIO, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:36:00 | Win2K-f | 61.193.4.31 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | US:wr.mcboo.com IL:dl.mcboo.com US:dl.targetsaver.com US:216.133.246.155:80 US:216.133.246.157:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
17 of 33 | c4cbb2e5e5 NEW |
none[none] | none:none |
none|none | none | none |
| 18:43:00 | Win2K-f | 76.236.155.152 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:46:00 | Win2K-f | 124.100.100.237 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:a.targetsaver.com :www.google.com :www.speed-runner.com US:csx.adservs.com US:dl.targetsaver.com US:b103.mcboo.com US:206.71.190.187:80 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
http http http http http http http http http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 33 | 215317b391 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:03:00 | Win2K-f | 61.225.197.152 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:04:00 | WinXP | 220.139.46.118 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:09:00 | Win2K-f | 61.230.204.71 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:26:00 | WinXP | 118.236.246.122 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:10 hits: 06-22 to 07-16] |
none[4] | none:none |
none|none | none | trace | |
| 19:29:00 | Win2K-f | 61.223.218.217 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:43:00 | Win2K-f | 218.170.113.147 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 19:44:00 | WinXP | 99.151.57.24 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:712 hits: 07-11 to 07-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:46:00 | WinXP | 221.143.113.222 (GUTZWILLER.CH): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 HK:210.245.211.11:65520 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
06f27eb5cb [Firefox: 2 hits: 07-02 to 07-07] d27dfd506b [Firefox: 2 hits: 07-02 to 07-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:49:00 | Win2K-f | 218.168.24.155 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:19:56:00 | WinXP | 59.115.235.86 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 20:16:00 | WinXP | 222.145.22.68 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:16:00 | WinXP | 220.156.91.147 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:171 hits: 09-28 to 07-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 20:25:00 | Win2K-f | 72.251.8.188 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:32:00 | Win2K-f | 220.129.119.85 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:20:48:00 | Win2K-f | 218.175.179.199 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:21:01:00 | Win2K-f | 118.169.83.148 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:21:06:00 | WinXP | 218.169.7.87 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:171 hits: 09-28 to 07-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:19:00 | Win2K-f | 12.73.195.2 (ATT.NET): AT&T WORLDNET SERVICES, BLUE SPRINGS, MISSOURI, US. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:21:22:00 | WinXP | 61.229.189.61 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:26:00 | WinXP | 98.26.212.191 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3214 hits: 12-31 to 07-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:30:00 | WinXP | 116.127.102.99 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:96 hits: 06-17 to 07-18] 53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 21:38:00 | Win2K-f | 98.134.250.15 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:15 hits: 06-25 to 07-12] 7f6e032fc0 [Firefox:15 hits: 06-25 to 07-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:39:00 | Win2K-f | 71.111.227.145 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 33 | 50cf31abc4 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:41:00 | WinXP | 202.59.116.62 (CHUKAI.NE.JP): CHUKAI TELEVISION CO .LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:712 hits: 07-11 to 07-17] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:03:00 | Win2K-f | 118.165.120.160 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:22:09:00 | WinXP | 67.1.232.178 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | eecf32426c NEW |
none[none] | none:none |
none|none | none | none | |
| 22:12:00 | Win2K-f | 124.25.211.58 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | dfcd73f7a7 [Firefox: 8 hits: 07-03 to 07-17] |
none[none] | none:none |
none|none | none | none |
| 22:21:00 | WinXP | 122.134.240.3 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | 79a7a6d0ef NEW |
none[none] | none:none |
none|none | none | none | |
| 22:26:00 | WinXP | 125.58.74.80 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:96 hits: 06-17 to 07-18] dbce870f48 [Firefox: 2 hits: 07-03 to 07-05] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| 22:27:00 | WinXP | 144.134.155.44 (TMNS.NET.AU): TELSTRAINTERNET27, MELBOURNE, VICTORIA, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:753 hits: 06-17 to 07-18] 73f1082158 [Firefox:361 hits: 06-18 to 07-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:42:00 | Win2K-f | 68.154.33.26 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:43:00 | WinXP | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
72.10.172.218:3838 | :sdihsihdsfsofhsohs.net CA:haiys.eiheihre3.com |
135 | pcap | raw alerts ruleset |
irc http 347 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 29 15 of 33 |
0a0261b96a [Firefox: 8 hits: 07-16 to 07-16] 16d7c031c5 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:46:00 | Win2K-f | 220.129.119.85 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 22:51:00 | WinXP | 216.10.168.149 (WISPNET.NET): WISPNET LLC, WILSON, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:16:00 | WinXP | 125.225.129.20 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:23:26:00 | WinXP | 125.225.129.20 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2996 hits: 12-31 to 07-18] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:23:43:00 | WinXP | 116.123.57.165 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:58 hits: 06-17 to 07-18] 4c3df24b32 [Firefox:96 hits: 06-17 to 07-18] e07c29c4ae [Firefox:106 hits: 06-19 to 07-18] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |