|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:29:00 | WinXP | 138.89.83.80 (VERIZON.NET): VERIZON INTERNET SERVICES, JERSEY CITY, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:54 hits: 12-14 to 07-21] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 00:31:00 | WinXP | 71.101.124.4 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PALMETTO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:205.128.79.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 35 |
63bb8d0ddf NEW f2f692a719 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:00:00 | WinXP | 122.146.242.4 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 382 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 35 |
3db2c812c0 NEW 797fdec34a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:11:00 | WinXP | 66.211.125.153 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 01:25:00 | WinXP | 218.228.167.233 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:54 hits: 12-14 to 07-21] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:01:30:00 | WinXP | 71.111.2.137 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GRESHAM, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] a08f3b74a4 [Firefox:278 hits: 06-18 to 07-22] e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:02:02:00 | Win2K-f | 116.123.1.68 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:08:00 | WinXP | 82.238.121.95 (PROXAD.NET): PROXAD / FREE SAS, BELFORT, FRANCHE-COMTE, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:454 hits: 05-02 to 07-21] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:08:00 | WinXP | 222.234.97.162 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:205.128.66.124:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 30 of 32 |
32fdc78338 NEW 8390780c27 [Firefox:21 hits: 06-18 to 07-21] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:02:08:00 | WinXP | 118.3.252.45 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:197 hits: 09-28 to 07-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:08:00 | WinXP | 92.40.95.150 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:498 hits: 12-31 to 07-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:16:00 | WinXP | 211.179.96.254 (HANANET.NET): HANARO TELECOM INC, BUCHEON CITY, SOUL-T'UKPYOLSI, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:205.128.66.124:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:63 hits: 06-17 to 07-22] 4c3df24b32 [Firefox:106 hits: 06-17 to 07-22] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:31:00 | WinXP | 4.171.84.29 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TALLAHASSEE, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.126:80 US:204.160.126.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 153 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:16:00 | WinXP | 207.5.161.86 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:30:00 | WinXP | 216.114.161.242 (SOVER.NET): SOVERNET INC, RANDOLPH, VERMONT, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | a41d9d371e [Firefox: 4 hits: 04-21 to 06-02] |
c2640d398b [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:04:17:00 | Win2K-f | 122.146.225.188 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:21:00 | WinXP | 122.146.225.188 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:22:00 | WinXP | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:51:00 | Win2K-f | 116.127.159.252 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 2 of 33 |
0d379c44c0 NEW cf46b15c58 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:52:00 | WinXP | 58.230.146.155 (-): THRUNET-INFRA-SEOUL02, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 32 30 of 32 |
3dffacd270 [Firefox: 4 hits: 06-20 to 07-20] d5bf17f14e [Firefox: 4 hits: 06-20 to 07-20] |
3dffacd270 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 05:03:00 | WinXP | 79.132.193.109 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
11 of 35 | 89cff2075d NEW |
none[none] | none:none |
none|none | none | none |
| 05:11:00 | WinXP | 86.150.98.141 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SALISBURY, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:33 hits: 06-12 to 07-22] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:05:47:00 | Win2K-f | 196.208.75.130 (TELKOM-IPNET.CO.ZA): AFRINIC, JOHANNESBURG, GAUTENG, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.125:80 |
135 | pcap | raw alerts ruleset |
http 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] b5919931fe [Firefox:144 hits: 06-20 to 07-22] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:18:00 | WinXP | 118.1.65.189 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:22:00 | Win2K-f | 209.74.2.72 (EPIX.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, MOUNTAIN TOP, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.110.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
ba4637f8f0 NEW d02ae67164 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:25:00 | WinXP | 118.1.65.189 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:28:00 | Win2K-f | 99.164.111.165 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:205.128.66.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] a08f3b74a4 [Firefox:278 hits: 06-18 to 07-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:52:00 | Win2K-f | 66.211.125.153 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:199.93.46.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:56:00 | WinXP | 118.165.15.207 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 [Firefox:10 hits: 07-09 to 07-22] |
none[none] | none:none |
none|none | none | none |
| T:07:16:00 | WinXP | 118.236.136.195 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:13 hits: 06-22 to 07-22] |
none[4] | none:none |
none|none | none | trace | |
| 07:23:00 | WinXP | 64.109.228.136 (AMERITECH.NET): DIAL POOL - TNT, DOLTON, ILLINOIS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:498 hits: 12-31 to 07-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:39:00 | WinXP | 61.37.212.58 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:73 hits: 06-17 to 07-22] 83f26f5044 [Firefox:13 hits: 06-20 to 07-22] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 07:39:00 | Win2K-f | 221.139.30.245 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.220.126:80 US:207.123.46.125:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:63 hits: 06-17 to 07-22] 667f0c59f3 [Firefox: 4 hits: 07-04 to 07-16] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:07:46:00 | WinXP | 190.3.85.88 (TECHTELNET.NET): TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:54:00 | Win2K-f | 196.208.47.191 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 138 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:08:01:00 | WinXP | 118.236.195.158 (-): . |
n/a | US:mx1.hotmail.com US:mailin-03.mx.aol.com US:ftp.newaol.com US:mailin-01.mx.aol.com US:yutunrz.1dumb.com US:mailin-02.mx.aol.com :wpad |
445 | pcap | raw alerts ruleset |
shell ftp http http 172 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 35 33 of 35 1 of 35 |
7b7b595678 NEW aca9884a43 NEW ffb4e72760 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:08:18:00 | Win2K-f | 66.54.122.187 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:205.128.79.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 32 of 35 |
4afb021245 NEW c7b0b9b33f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:45:00 | WinXP | 82.224.208.211 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | f17cd31eda NEW |
none[none] | none:none |
none|none | none | none |
| T:08:56:00 | WinXP | 117.99.58.240 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1439 hits: 12-31 to 07-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:10:00 | WinXP | 24.177.232.18 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 181 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 29 of 32 |
ae4bed1aa9 [Firefox: 5 hits: 06-21 to 07-09] bc51bd8226 [Firefox: 5 hits: 06-21 to 07-09] |
ae4bed1aa9 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| T:09:13:00 | WinXP | 24.177.232.18 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 181 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 29 of 32 0 of 33 |
ae4bed1aa9 [Firefox: 5 hits: 06-21 to 07-09] bc51bd8226 [Firefox: 5 hits: 06-21 to 07-09] e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] |
ae4bed1aa9 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| FSG| |
lines=81 none lines=92 |
trace trace trace |
| T:09:17:00 | WinXP | 24.109.95.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 376 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | a16ffae822 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:30:00 | WinXP | 61.94.124.94 (TELKOM.NET.ID): PT TELKOM INDONESIA, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3236 hits: 12-31 to 07-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:34:00 | WinXP | 114.120.78.116 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:320 hits: 05-01 to 07-19] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:09:43:00 | WinXP | 62.11.30.121 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, NAPOLI, CAMPANIA, IT. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:454 hits: 05-02 to 07-21] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:57:00 | WinXP | 211.74.113.67 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox: 9 hits: 07-12 to 07-22] |
none[none] | none:none |
none|none | none | none | |
| 09:58:00 | WinXP | 211.74.113.67 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox: 9 hits: 07-12 to 07-22] |
none[none] | none:none |
none|none | none | none |
| T:10:01:00 | WinXP | 24.77.205.226 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.211:8080 | CA:xx.ka3ek.com CA:alwayssam.com CA:nadsam.info US:130.107.129.193:8116 |
135 | pcap | raw alerts ruleset |
irc http 313 lines |
Yeah : 1.8 profile |
none | summary tarball |
13 of 33 16 of 35 8 of 35 31 of 33 13 of 35 |
390c9c834a NEW 474312616d NEW 62376cb971 NEW 954a98c971 [Firefox: 4 hits: 06-09 to 07-07] f82e1a0066 NEW |
none[none] none [none] none [none] none [4] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none FSG| none|none |
none none none none none |
none none none trace none |
| T:10:11:00 | Win2K-f | 66.169.83.72 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:15:00 | WinXP | 66.69.78.123 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. (100Mbps) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1439 hits: 12-31 to 07-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:20:00 | WinXP | 218.43.180.2 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:22:00 | WinXP | 87.61.169.33 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:493 hits: 05-04 to 07-22] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 10:34:00 | Win2K-f | 64.21.101.153 (NAC.NET): NET ACCESS CORPORATION, NEWTON, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.79.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:38:00 | WinXP | 61.57.93.212 (LSC.NET.TW): TBCOM-NET, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | f17cd31eda NEW |
none[none] | none:none |
none|none | none | none |
| 11:06:00 | WinXP | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] a08f3b74a4 [Firefox:278 hits: 06-18 to 07-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:09:00 | Win2K-f | 82.226.178.251 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | :hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1544 hits: 04-27 to 06-28] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 11:32:00 | WinXP | 24.211.47.26 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3236 hits: 12-31 to 07-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:42:00 | Win2K-f | 67.150.8.28 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:24:00 | WinXP | 41.214.152.24 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:31 hits: 03-24 to 07-19] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:12:51:00 | WinXP | 24.39.9.223 (RR.COM): ROAD RUNNER HOLDCO LLC, SACO, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:55:00 | Win2K-f | 172.129.136.27 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:16:00 | WinXP | 60.236.240.140 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:20:00 | Win2K-f | 203.235.104.215 (-): ENTERPRISE-CATV-KUMGANG, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.247:80 HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 130 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 35 0 of 32 34 of 35 |
7993524bb8 NEW b5919931fe [Firefox:144 hits: 06-20 to 07-22] ed3c1c5e49 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:13:42:00 | WinXP | 213.130.141.43 (AS15444.NET): NETSERVICESDIALPOOL, MANCHESTER, ENGLAND, UK. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:741 hits: 05-01 to 07-21] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:13:46:00 | WinXP | 92.41.19.139 (IKBCC.COM): EU-ZZ, UK. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 176 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 none |
b9184fc7f3 NEW e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] fd9b49840f [Firefox: 5 hits: 06-23 to 07-21] |
none[none] e07c29c4ae[1] fd9b49840f[1] |
none:none ASM:Graph ASM:Graph |
none|none FSG| Armadillo| |
none lines=92 lines=81 |
none trace trace |
| T:13:50:00 | WinXP | 218.43.180.2 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:00:00 | Win2K-f | 71.100.6.235 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALRICO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] a08f3b74a4 [Firefox:278 hits: 06-18 to 07-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:15:00 | Win2K-f | 65.183.149.120 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox: 7 hits: 06-19 to 07-21] 79c01ec060 [Firefox:11 hits: 06-18 to 07-21] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:14:40:00 | Win2K-f | 76.76.68.5 (LPBROADBAND.COM): LP BROADBAND INC, LOVELAND, COLORADO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
dabbc1ee56 NEW f4f090debc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:44:00 | WinXP | 172.193.130.162 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:21:00 | Win2K-f | 66.53.139.131 (FIRE2WIRE.COM): FIRE 2 WIRE, MARYSVILLE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:23:00 | WinXP | 12.74.140.145 (ATT.NET): AT&T WORLDNET SERVICES, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 3874ef05b8 NEW |
none[none] | none:none |
none|none | none | none |
| 15:47:00 | WinXP | 97.100.213.149 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1131 hits: 05-01 to 07-22] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 16:01:00 | Win2K-f | 24.76.182.152 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.220.124:80 US:199.93.46.125:80 US:205.128.79.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 34 of 35 |
152b723195 NEW 2c3d295f63 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:11:00 | Win2K-f | 4.159.101.61 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:13:00 | Win2K-f | 206.248.99.177 (CHOICECABLE.NET): PONCE SITE - CHOICE CABLE TV, PONCE, PUERTO RICO, PR. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:13:00 | WinXP | 217.202.22.194 (-): TELECOM ITALIA MOBILE, IT. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | b81b9e9be1 NEW |
none[none] | none:none |
none|none | none | none |
| 16:15:00 | WinXP | 116.59.22.15 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1439 hits: 12-31 to 07-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:16:00 | WinXP | 217.202.22.194 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | b81b9e9be1 NEW |
none[none] | none:none |
none|none | none | none |
| 16:23:00 | Win2K-f | 172.164.196.92 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:26:00 | WinXP | 75.17.29.181 (SBCGLOBAL.NET): PPPOX POOL - RBACK34.IRVNCA, HOUSTON, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] b7082104e4 [Firefox:57 hits: 06-18 to 07-22] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 16:30:00 | WinXP | 200.175.192.85 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1439 hits: 12-31 to 07-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:30:00 | WinXP | 200.175.192.85 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1439 hits: 12-31 to 07-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:33:00 | Win2K-f | 201.52.250.171 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:271 hits: 05-05 to 06-27] |
none[4] | none:none |
none|none | none | trace |
| T:16:52:00 | WinXP | 92.41.33.23 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 6f1691e3b3 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 17:03:00 | WinXP | 76.226.96.162 (SBCGLOBAL.NET): PPPOX SE3.SFLDMI, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:206.33.45.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:15:00 | WinXP | 76.226.96.162 (SBCGLOBAL.NET): PPPOX SE3.SFLDMI, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:28:00 | WinXP | 121.114.124.210 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:33:00 | Win2K-f | 71.98.154.202 (VERIZON.NET): VERIZON INTERNET SERVICES INC, NEW PORT RICHEY, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] a08f3b74a4 [Firefox:278 hits: 06-18 to 07-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:35:00 | WinXP | 61.34.136.45 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 0 of 33 |
57ce4acac2 [Firefox:73 hits: 06-17 to 07-22] 83f26f5044 [Firefox:13 hits: 06-20 to 07-22] e07c29c4ae [Firefox:109 hits: 06-19 to 07-21] |
57ce4acac2 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| 17:54:00 | WinXP | 208.234.50.163 (ARIN.NET): CENTENNIAL DE PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3236 hits: 12-31 to 07-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:32:00 | Win2K-f | 4.180.186.192 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, UNION, MISSOURI, US. (DIAL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.173.16:80 US:208.111.173.42:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 117 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 | 7db5d5aa97 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:52:00 | WinXP | 97.94.108.113 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3236 hits: 12-31 to 07-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:08:00 | WinXP | 98.134.237.24 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.126:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:18 hits: 06-25 to 07-22] 7f6e032fc0 [Firefox:18 hits: 06-25 to 07-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:18:00 | WinXP | 76.83.26.2 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:99 hits: 05-03 to 07-22] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 19:45:00 | WinXP | 218.211.83.7 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:04:00 | WinXP | 24.30.169.210 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:10:00 | WinXP | 12.217.137.155 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MOLINE, ILLINOIS, US. (100Mbps) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3236 hits: 12-31 to 07-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:17:00 | WinXP | 58.157.86.73 (UCOM.NE.JP): USEN-CIDR-BLK, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:197 hits: 09-28 to 07-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 20:48:00 | WinXP | 71.110.248.96 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:29:00 | Win2K-f | 4.245.68.8 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SKIATOOK, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:21:00 | WinXP | 219.114.22.247 (OCN.NE.JP): OPEN COMPUTER NETWORK, YOKOHAMA, KANAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:22:26:00 | WinXP | 211.127.186.179 (YONAGEYA.COM): ICOMMJAPAN CO. LTD, TOKYO, TOKYO, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | d2ff2be779 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:31:00 | Win2K-f | 222.239.165.168 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:199.93.44.126:80 US:207.123.46.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 28 of 33 0 of 32 |
533d15b5ce [Firefox: 8 hits: 06-21 to 07-22] 58c343a8d8 [Firefox: 9 hits: 06-21 to 07-22] b5919931fe [Firefox:144 hits: 06-20 to 07-22] |
none[4] 58c343a8d8[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| T:22:34:00 | WinXP | 60.236.240.140 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:731 hits: 07-11 to 07-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:22:41:00 | WinXP | 218.160.57.128 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:309 hits: 05-03 to 07-21] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace | |
| T:22:43:00 | WinXP | 208.79.98.108 (-): GLOBAL CARIBBEAN NETWORK, GP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.219:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 116 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 32 of 35 |
2d76ff4e53 NEW 7df1377ee3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:44:00 | WinXP | 58.48.189.220 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:55:00 | Win2K-f | 75.51.233.181 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:10:00 | WinXP | 70.67.40.104 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.66.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:850 hits: 06-17 to 07-22] 73f1082158 [Firefox:417 hits: 06-18 to 07-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:12:00 | Win2K-f | 24.81.138.19 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:15:00 | WinXP | 190.225.118.145 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:309 hits: 05-03 to 07-21] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:23:15:00 | WinXP | 190.225.118.145 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:309 hits: 05-03 to 07-21] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 23:40:00 | Win2K-f | 221.139.152.16 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
168aab35a3 [Firefox:63 hits: 06-17 to 07-22] 86a0085851 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |