|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:07:00 | Win2K-f | 203.145.89.167 (-): HUTCHISON TELECOMMUNICATION (HK) LIMITED, HK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 30 of 34 |
c00daf0998 NEW e7354030cc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:24:00 | Win2K-f | 218.47.84.193 (PLALA.OR.JP): PLALA NETWORKS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:31:00 | Win2K-f | 221.143.113.222 (GUTZWILLER.CH): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
06f27eb5cb [Firefox: 3 hits: 07-02 to 07-19] d27dfd506b [Firefox: 3 hits: 07-02 to 07-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:48:00 | WinXP | 58.1.138.12 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3052 hits: 12-31 to 07-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:00:48:00 | WinXP | 218.165.38.49 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:15:00 | WinXP | 202.150.120.177 (-): KOL-DIAL, AUCKLAND, AUCKLAND, NZ. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.46.125:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
a1a5fa95b9 NEW e655846fa1 NEW |
none[4] e655846fa1[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:01:21:00 | WinXP | 218.239.82.124 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.46.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:103 hits: 06-17 to 07-20] 53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:01:24:00 | WinXP | 76.215.152.252 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.MTRYCA, SALINAS, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:723 hits: 07-11 to 07-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:26:00 | Win2K-f | 125.58.98.162 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.79.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:26:00 | Win2K-f | 4.164.9.27 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LONGMONT, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.79.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:03:00 | Win2K-f | 121.82.141.139 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3052 hits: 12-31 to 07-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 02:04:00 | WinXP | 116.59.21.117 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1430 hits: 12-31 to 07-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:02:29:00 | WinXP | 222.159.0.168 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:35:00 | WinXP | 86.155.22.152 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:723 hits: 07-11 to 07-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:53:00 | WinXP | 220.104.132.95 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:723 hits: 07-11 to 07-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:54:00 | WinXP | 117.99.60.165 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:453 hits: 05-02 to 07-20] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:00:00 | WinXP | 122.209.39.222 (UCOM.NE.JP): G-KG0050N, JP. (100Mbps) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 3909702c20 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:02:00 | WinXP | 122.209.39.222 (UCOM.NE.JP): G-KG0050N, JP. (100Mbps) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 3909702c20 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:14:00 | Win2K-f | 125.231.33.221 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3052 hits: 12-31 to 07-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:03:26:00 | WinXP | 211.207.9.34 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 0 of 33 |
4c3df24b32 [Firefox:103 hits: 06-17 to 07-20] 8390780c27 [Firefox:20 hits: 06-18 to 07-17] e07c29c4ae [Firefox:107 hits: 06-19 to 07-19] |
4c3df24b32 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| 03:47:00 | WinXP | 123.220.46.249 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:03:48:00 | WinXP | 92.114.245.95 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox: 9 hits: 07-06 to 07-20] |
none[none] | none:none |
none|none | none | none |
| 03:52:00 | WinXP | 4.252.130.186 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1430 hits: 12-31 to 07-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:06:00 | WinXP | 58.92.152.231 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3052 hits: 12-31 to 07-20] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 04:22:00 | WinXP | 195.20.203.28 (-): SC TERON DIGITAL NETWORK SRL, ALBSTADT, BADEN-WURTTEMBERG, DE. |
n/a | DE:siliconfireware.ru :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:491 hits: 05-04 to 07-18] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:04:28:00 | Win2K-f | 122.2.97.217 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 320 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8354fa612f [Firefox: 5 hits: 06-30 to 07-20] |
none[none] | none:none |
none|none | none | none | |
| 04:56:00 | WinXP | 81.241.93.93 (ISP.BELGACOM.BE): BELGACOM-ADSL, MONS, HAINAUT, BE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:492 hits: 12-31 to 07-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:04:00 | WinXP | 118.12.240.52 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:723 hits: 07-11 to 07-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:10:00 | Win2K-f | 203.174.218.199 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:33:00 | WinXP | 210.117.45.199 (KRLINE.NET): KRNIC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:60 hits: 06-17 to 07-19] 61426996c3 [Firefox: 5 hits: 06-20 to 07-08] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:05:41:00 | WinXP | 83.223.30.139 (FASTBIT.SE): DHCP PRIVATE CUSTOMERS, SE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:723 hits: 07-11 to 07-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:00:00 | WinXP | 64.130.130.109 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:03:00 | WinXP | 24.44.234.137 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NORWALK, CONNECTICUT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:46:00 | Win2K-f | 122.53.208.51 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 301 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 39afe3d48a NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:26:00 | Win2K-f | 219.114.253.221 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info CA:italian.swiifatecihno.com CA:72.10.172.218:2938 |
135 | pcap | raw alerts ruleset |
irc 593 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 30 | 2aa59ba425 [Firefox:45 hits: 06-30 to 07-19] |
2aa59ba425 [1] | ASM:Graph |
ASPack| | lines=10 | trace |
| 07:44:00 | WinXP | 77.64.148.168 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 388ebbc343 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:50:00 | WinXP | 122.25.117.186 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | c85d715351 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:11:00 | WinXP | 218.171.171.64 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:14:00 | WinXP | 24.85.67.114 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 34 | ee70435c98 NEW |
none[none] | none:none |
none|none | none | none |
| 08:19:00 | WinXP | 119.228.185.51 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:35:00 | WinXP | 220.215.238.11 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:40:00 | WinXP | 92.40.3.57 (IKBCC.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | c7ca96a1e8 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:52:00 | WinXP | 117.99.45.74 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:12:00 | WinXP | 66.50.89.95 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:34:00 | WinXP | 84.140.213.50 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, AHRENSBURG, SCHLESWIG-HOLSTEIN, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:52 hits: 12-14 to 07-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:09:43:00 | Win2K-f | 210.79.183.59 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:54:00 | WinXP | 61.251.14.61 (-): DAEJEON TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
074325ecbc [Firefox: 3 hits: 07-02 to 07-20] 2a66fc87fa [Firefox: 3 hits: 07-02 to 07-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:58:00 | Win2K-f | 12.202.114.165 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, QUINCY, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:00:00 | Win2K-f | 4.164.210.11 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OMAHA, NEBRASKA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:10:29:00 | WinXP | 92.40.215.115 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 none |
7452c8448d [Firefox: 5 hits: 06-17 to 07-18] fd9b49840f [Firefox: 4 hits: 06-23 to 07-18] |
none[4] fd9b49840f[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:10:31:00 | Win2K-f | 68.74.115.169 (AMERITECH.NET): PPPOX POOL - RBACK1 EMHRIL, CHICAGO, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:34:00 | WinXP | 70.135.10.52 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:37:00 | WinXP | 24.39.18.204 (RR.COM): ROAD RUNNER HOLDCO LLC, PORTLAND, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:43:00 | WinXP | 86.143.67.60 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:31 hits: 06-12 to 07-16] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 10:46:00 | WinXP | 85.240.56.238 (DSL.TELEPAC.PT): TELEPAC - COMUNICACOES INTERACTIVAS SA, FARO, FARO, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:05:00 | Win2K-f | 70.78.32.19 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 33 | 645aff474e NEW |
none[none] | none:none |
none|none | none | none | |
| 11:26:00 | WinXP | 79.68.113.71 (AS9105.COM): TELINCO, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:307 hits: 05-03 to 07-20] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 11:32:00 | WinXP | 69.104.17.60 (PACBELL.NET): PPPOX POOL - RBACK3 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:205.128.79.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:43:00 | WinXP | 130.13.36.46 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:2938 | CA:dong.nagitiriheiwu.net CA:japan.youngpeyatech.info CA:72.10.169.26:2293 |
135 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:43:00 | Win2K-f | 130.13.36.46 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info CA:teek.ihshsd8.com CA:italian.swiifatecihno.com :preek.oihduhdd.net CA:72.10.172.218:2938 CA:72.10.172.218:7382 CA:72.10.172.218:9928 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:44:00 | Win2K-f | 130.13.41.188 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
124.162.53.148:18067 | CN:bniu.househot.com EU:www.filefrog.net |
445 | pcap | raw alerts ruleset |
http 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 9928a1e660 [Firefox:22 hits: 10-06 to 07-02] |
28c8dadabf [0] | ASM:Graph |
none|none | lines=104 embedded dns |
trace |
| T:11:52:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 57ce4acac2 [Firefox:65 hits: 06-17 to 07-20] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:00:00 | Win2K-f | 66.28.88.18 (ARTISANCOMMUNICATIONS.NET): COGENT COMMUNICATIONS, WASHINGTON, DISTRICT OF COLUMBIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:11:00 | WinXP | 166.82.198.128 (CTC.NET): CTC INTERNET SERVICES INC, GREENSBORO, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
47f551924a [Firefox: 2 hits: 07-12 to 07-12] 9eb51ec623 [Firefox: 2 hits: 07-12 to 07-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:21:00 | Win2K-f | 67.62.51.160 (CAVTEL.NET): CAVALIER, BALTIMORE, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:31:00 | Win2K-f | 63.17.159.233 (UU.NET): UUNET TECHNOLOGIES INC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] b5919931fe [Firefox:139 hits: 06-20 to 07-20] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:32:00 | WinXP | 69.109.153.52 (PACBELL.NET): AT&T INTERNET SERVICES, SAN DIEGO, CALIFORNIA, US. (100Mbps) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 0 of 33 |
b12e5dfed0 [Firefox: 3 hits: 06-21 to 07-06] dc92683d9a [Firefox: 5 hits: 06-19 to 07-06] e07c29c4ae [Firefox:107 hits: 06-19 to 07-19] |
none[4] dc92683d9a[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 12:43:00 | WinXP | 96.15.154.234 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.66.126:80 US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:16 hits: 06-25 to 07-19] 7f6e032fc0 [Firefox:16 hits: 06-25 to 07-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:47:00 | WinXP | 217.151.135.97 (GAZSVYAZ.RU): GAZSVYAZ-MSK, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1127 hits: 05-01 to 07-20] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:12:53:00 | Win2K-f | 24.44.234.137 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NORWALK, CONNECTICUT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:205.128.79.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:03:00 | WinXP | 87.196.167.105 (NET.NOVIS.PT): NOVIS TELECOM S.A, PT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 3472ccadd0 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:05:00 | Win2K-f | 24.87.46.107 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.126:80 US:199.93.46.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 34 |
405fa70966 NEW dc30cce6f7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:09:00 | WinXP | 76.243.197.250 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal RU:www.bbin.ru RU:www.binbank.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:30 hits: 05-17 to 05-08] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:11:00 | WinXP | 76.243.197.250 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:30 hits: 05-17 to 05-08] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:12:00 | WinXP | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.79.124:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 57ce4acac2 [Firefox:65 hits: 06-17 to 07-20] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:40:00 | WinXP | 68.145.39.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | d70e9267fe [Firefox: 4 hits: 06-24 to 07-11] |
none[4] | none:none |
PolyEnE| | none | trace |
| 13:41:00 | WinXP | 196.208.43.202 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 163 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 13:55:00 | Win2K-f | 75.51.233.192 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:59:00 | Win2K-f | 69.110.223.242 (PACBELL.NET): IRVNCA ADSL RBACK4 PPPOX, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:01:00 | WinXP | 157.157.109.224 (SIMNET.IS): ICENET, KEFLAVIK, KEFLAVIK, IS. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:14:08:00 | Win2K-f | 69.110.223.242 (PACBELL.NET): IRVNCA ADSL RBACK4 PPPOX, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:09:00 | Win2K-f | 69.201.128.29 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 24 of 33 |
00de373b4a NEW b234759ccf NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:13:00 | Win2K-f | 98.175.165.137 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:27:00 | WinXP | 69.135.177.210 (RR.COM): ROAD RUNNER HOLDCO LLC, BALDWIN PARK, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 23ecbe92ad [Firefox: 5 hits: 05-16 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:14:45:00 | WinXP | 86.134.88.162 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:07:00 | Win2K-f | 66.57.180.53 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] b5919931fe [Firefox:139 hits: 06-20 to 07-20] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:19:00 | Win2K-f | 67.150.4.240 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:28:00 | WinXP | 140.239.40.232 (XO.NET): XO COMMUNICATIONS, CHELMSFORD, MASSACHUSETTS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:31:00 | Win2K-f | 75.8.109.36 (SBCGLOBAL.NET): RBACK10.SCRMCA, AKRON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:51:00 | WinXP | 201.69.153.25 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | a37b9e0cf5 NEW |
none[none] | none:none |
none|none | none | none |
| 15:54:00 | Win2K-f | 71.113.134.206 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BLOOMINGTON, ILLINOIS, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 34 31 of 34 |
7b76c8788a NEW e0aeccbffb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:55:00 | Win2K-f | 207.5.207.93 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:00:00 | WinXP | 189.20.120.78 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:740 hits: 05-01 to 07-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:16:23:00 | Win2K-f | 61.34.136.61 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:65 hits: 06-17 to 07-20] 83f26f5044 [Firefox:10 hits: 06-20 to 07-20] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 16:24:00 | WinXP | 93.102.2.246 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | d01b5333e5 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:24:00 | WinXP | 93.102.2.246 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | d01b5333e5 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:27:00 | WinXP | 24.67.144.25 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:47:00 | WinXP | 218.169.179.64 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:49:00 | Win2K-f | 4.166.228.149 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:59:00 | WinXP | 4.155.249.74 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 33 | b402048f34 NEW |
none[none] | none:none |
none|none | none | none | |
| T:17:14:00 | WinXP | 98.30.37.216 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:23:00 | WinXP | 200.82.75.87 (-): TELECOM-CEB, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:30:00 | WinXP | 99.140.206.79 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:182 hits: 09-28 to 07-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:59:00 | Win2K-f | 24.80.182.43 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:205.128.66.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:06:00 | WinXP | 67.150.51.253 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:52 hits: 12-14 to 07-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 18:19:00 | Win2K-f | 130.13.145.222 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:46:00 | WinXP | 98.150.86.255 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:55:00 | WinXP | 76.241.142.9 (-): SE4.BCVLOH PPPOX, RICHARDSON, TEXAS, US. |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:30 hits: 05-17 to 05-08] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:09:00 | WinXP | 75.9.215.165 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, US. (DSL) |
n/a | EU:siliconfireware.ru GB:welcome3.smile.co.uk :wpad DE:ebookfinaltrash.ru GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1127 hits: 05-01 to 07-20] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:19:12:00 | Win2K-f | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:207.123.37.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:23:00 | Win2K-f | 70.254.10.155 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:205.128.79.124:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:24:00 | WinXP | 216.41.139.8 (SEMO.NET): POPLAR BLUFF INTERNET INC, DEXTER, MISSOURI, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:58:00 | Win2K-f | 172.129.229.107 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.79.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 8 hits: 07-03 to 07-19] c73f738c30 [Firefox: 8 hits: 07-03 to 07-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:23:00 | Win2K-f | 119.95.181.10 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 380 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 32 |
5601dcf617 [Firefox: 4 hits: 07-11 to 07-20] d0c1f3c8c7 [Firefox: 4 hits: 07-11 to 07-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:40:00 | Win2K-f | 68.148.126.169 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 32 of 34 |
2cbc7d5b01 NEW 6f6cb71d85 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:29:00 | Win2K-f | 203.91.167.161 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:199.93.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:38:00 | WinXP | 24.189.171.29 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), UNIONDALE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:43:00 | Win2K-f | 210.79.183.59 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox: 6 hits: 06-19 to 07-18] 79c01ec060 [Firefox:10 hits: 06-18 to 07-18] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 21:44:00 | WinXP | 200.234.15.187 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:58:00 | WinXP | 210.205.136.25 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
6f630e7aa2 NEW a08f3b74a4 [Firefox:254 hits: 06-18 to 07-20] |
none[none] a08f3b74a4[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
| T:22:17:00 | WinXP | 190.225.51.214 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:307 hits: 05-03 to 07-20] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 22:20:00 | WinXP | 75.37.72.182 (SBCGLOBAL.NET): BRAS2.FRS2CA, FRESNO, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:492 hits: 12-31 to 07-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:22:32:00 | Win2K-f | 24.66.49.239 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:13 hits: 06-18 to 07-14] e53a9ea82e [Firefox:13 hits: 06-18 to 07-14] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:22:37:00 | WinXP | 210.139.204.239 (SO-NET.NE.JP): SO-NET ENTERTAINMENT CORPORATION, NAHA, OKINAWA, JP. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1430 hits: 12-31 to 07-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:54:00 | WinXP | 12.73.152.4 (ATT.NET): AT&T WORLDNET SERVICES, KENOSHA, WISCONSIN, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:54:00 | WinXP | 12.73.152.4 (ATT.NET): AT&T WORLDNET SERVICES, KENOSHA, WISCONSIN, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3219 hits: 12-31 to 07-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:55:00 | Win2K-f | 172.129.229.107 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 29 of 33 |
3373948767 [Firefox: 8 hits: 07-03 to 07-19] b5919931fe [Firefox:139 hits: 06-20 to 07-20] c73f738c30 [Firefox: 8 hits: 07-03 to 07-19] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:23:09:00 | WinXP | 116.59.5.171 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1430 hits: 12-31 to 07-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:34:00 | Win2K-f | 122.146.82.122 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:785 hits: 06-17 to 07-20] 73f1082158 [Firefox:384 hits: 06-18 to 07-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:57:00 | WinXP | 193.250.68.243 (ABO.WANADOO.FR): WANADOO, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |