|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:31:00 | WinXP | 218.169.191.164 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 01:08:00 | Win2K-f | 75.138.59.196 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:18:00 | WinXP | 220.209.195.33 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:739 hits: 07-11 to 07-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:35:00 | Win2K-f | 66.208.65.44 (WCTC.NET): SOLARUS, WISCONSIN RAPIDS, WISCONSIN, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 NEW 76f2c59ef8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:09:00 | WinXP | 66.75.210.75 (RR.COM): ROAD RUNNER HOLDCO LLC, BAKERSFIELD, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:500 hits: 12-31 to 07-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:10:00 | WinXP | 24.68.159.6 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:4.23.60.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:14 hits: 06-18 to 07-21] e53a9ea82e [Firefox:14 hits: 06-18 to 07-21] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 02:45:00 | WinXP | 116.120.143.164 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd NEW e5e0dbde57 NEW |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:02:52:00 | WinXP | 83.132.0.125 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | faa2725b80 NEW |
none[none] | none:none |
none|none | none | none |
| 03:01:00 | WinXP | 85.179.107.144 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox:12 hits: 07-06 to 07-22] |
none[none] | none:none |
none|none | none | none |
| T:03:01:00 | WinXP | 85.179.107.144 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox:12 hits: 07-06 to 07-22] |
none[none] | none:none |
none|none | none | none |
| T:03:13:00 | WinXP | 82.240.249.57 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 78e595756a NEW |
none[none] | none:none |
none|none | none | none |
| 03:13:00 | WinXP | 82.240.249.57 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 78e595756a NEW |
none[none] | none:none |
none|none | none | none |
| 03:18:00 | WinXP | 83.97.232.100 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:56 hits: 12-14 to 07-23] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:03:45:00 | WinXP | 70.183.165.142 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] e07c29c4ae [Firefox:115 hits: 06-19 to 07-23] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:57:00 | Win2K-f | 70.62.130.27 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:20:00 | WinXP | 119.228.162.47 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:35:00 | WinXP | 123.220.181.108 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 263f679b96 NEW |
none[none] | none:none |
none|none | none | none |
| 04:39:00 | Win2K-f | 4.174.183.183 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:00:00 | Win2K-f | 75.62.72.220 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 306 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
2a4ec56dfe [Firefox: 2 hits: 07-10 to 07-18] 37de553249 [Firefox: 2 hits: 07-10 to 07-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:12:00 | WinXP | 12.219.242.45 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] b7082104e4 [Firefox:58 hits: 06-18 to 07-23] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 05:54:00 | WinXP | 123.225.132.239 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:11:00 | WinXP | 118.12.231.65 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:739 hits: 07-11 to 07-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:36:00 | WinXP | 67.150.172.233 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:494 hits: 05-04 to 07-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 06:44:00 | Win2K-f | 211.245.231.248 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox: 3 hits: 06-29 to 07-22] c7d6018f97 [Firefox: 3 hits: 06-29 to 07-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:01:00 | Win2K-f | 122.43.68.5 (-): POWERCOMM, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:02:00 | WinXP | 190.17.139.109 (COM.AR): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:04:00 | WinXP | 92.114.246.145 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | fd486d7c16 NEW |
none[none] | none:none |
none|none | none | none |
| 07:06:00 | WinXP | 71.106.164.35 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:32:00 | WinXP | 4.240.198.147 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FARMINGTON, NEW MEXICO, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
shell shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:45:00 | Win2K-f | 71.85.120.144 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
24acffe86e [Firefox: 2 hits: 06-18 to 07-08] a0d83e7d41 [Firefox: 2 hits: 06-18 to 07-08] |
24acffe86e [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 07:46:00 | WinXP | 122.2.116.55 (PLDT.NET): IPG, PH. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:56:00 | WinXP | 118.236.123.175 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:14 hits: 06-22 to 07-23] |
none[4] | none:none |
none|none | none | trace | |
| 07:56:00 | WinXP | 218.239.127.61 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.41.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:107 hits: 06-17 to 07-23] 53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 08:14:00 | WinXP | 4.248.66.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BELLEVILLE, NEW JERSEY, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:26:00 | Win2K-f | 69.114.60.43 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.66.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:42:00 | WinXP | 75.43.78.149 (SBCGLOBAL.NET): PPPOX POOL - RBACK9.SNANTX, SAN ANTONIO, TEXAS, US. |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.145.225.22:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1132 hits: 05-01 to 07-23] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:08:43:00 | Win2K-f | 66.28.88.9 (ARTISANCOMMUNICATIONS.NET): COGENT COMMUNICATIONS, WASHINGTON, DISTRICT OF COLUMBIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:43:00 | WinXP | 12.208.71.66 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, STREAMWOOD, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:04:00 | Win2K-f | 121.254.78.116 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 57ce4acac2 [Firefox:75 hits: 06-17 to 07-23] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:07:00 | WinXP | 117.99.47.230 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | a41d9d371e [Firefox: 5 hits: 04-21 to 07-23] |
c2640d398b [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| 09:12:00 | WinXP | 76.71.77.44 (-): . |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | de46b3fcc2 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:15:00 | WinXP | 60.35.238.42 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:199 hits: 09-28 to 07-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:28:00 | WinXP | 81.35.171.102 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:312 hits: 05-03 to 07-23] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 10:04:00 | Win2K-f | 99.243.142.34 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, PICKERING, ONTARIO, CA. |
72.10.172.218:8492 | CA:jiets.soidudrf.com CA:bti.jeiahsdod.net CA:munirah.nagitiriheiwu.net CA:72.10.169.26:3029 CA:72.10.172.218:3240 CA:72.10.172.218:8492 |
135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 NEW |
none[4] | none:none |
none|none | none | trace |
| 10:40:00 | WinXP | 218.249.149.203 (IAPCM.AC.CN): BEIJING TELETRON TELECOM ENGINEERING CO. LTD, BEIJING, BEIJING, CN. |
67.43.236.66:8080 72.10.172.211:8080 | CA:xx.sqlteam.info :xx.nadnadzz.info CA:xx.ka3ek.com CA:xx.enterhere.biz CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:67.43.236.98:1863 CA:67.43.236.98:5190 CA:67.43.236.99:1863 CA:67.43.236.99:5190 CA:72.10.172.211:8080 |
135 | pcap | raw alerts ruleset |
other 318 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 35 | d81fee6185 NEW |
none[none] | none:none |
none|none | none | none |
| 10:44:00 | Win2K-f | 219.254.243.200 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.126:80 US:205.128.79.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 31 of 35 |
334c2c5d86 NEW fe5fa07d4f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:47:00 | WinXP | 66.188.75.0 (CHARTER.COM): CHARTER COMMUNICATIONS, ATHENS, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | c7ca96a1e8 NEW |
none[none] | none:none |
none|none | none | none |
| 11:05:00 | Win2K-f | 96.254.99.35 (-): . |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:43:00 | Win2K-f | 70.61.108.121 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:14:00 | WinXP | 89.201.124.56 (-): BALTKOM, LV. |
n/a | :hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1545 hits: 04-27 to 07-23] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 12:16:00 | WinXP | 186.9.22.9 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:54:00 | WinXP | 218.237.185.45 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 32 31 of 33 |
8390780c27 [Firefox:22 hits: 06-18 to 07-23] af88ae89f8 [Firefox: 3 hits: 06-18 to 07-10] |
none[4] af88ae89f8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:13:09:00 | WinXP | 78.225.160.21 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f20d2c0b8e [Firefox: 2 hits: 05-05 to 06-19] |
none[none] | none:none |
none|none | none | none |
| 13:10:00 | WinXP | 78.225.160.21 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f20d2c0b8e [Firefox: 2 hits: 05-05 to 06-19] |
none[none] | none:none |
none|none | none | none |
| T:13:15:00 | WinXP | 24.139.101.24 (-): . |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:494 hits: 05-04 to 07-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:13:32:00 | WinXP | 79.76.53.74 (AS9105.COM): TELINCO, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:312 hits: 05-03 to 07-23] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:13:41:00 | WinXP | 211.186.128.254 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:bfb88.a1001186.wrs.mcboo.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
irc http 142 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 29 of 32 28 of 32 |
37f41fd8ab NEW 5ab0a45f63 NEW 8a75955033 [Firefox: 9 hits: 06-20 to 07-20] 9276c8b36b [Firefox: 9 hits: 06-20 to 07-20] |
none[none] none [none] none [4] 9276c8b36b[1] |
none:none none:none none:none ASM:Graph |
none|none none|none tElock| Armadillo| |
none none none lines=81 |
none none trace trace |
| T:13:46:00 | WinXP | 69.135.177.210 (RR.COM): ROAD RUNNER HOLDCO LLC, BALDWIN PARK, CALIFORNIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 23ecbe92ad [Firefox: 6 hits: 05-16 to 07-21] |
none[none] | none:none |
none|none | none | none |
| 13:54:00 | WinXP | 24.68.142.202 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:205.128.66.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:14 hits: 06-18 to 07-21] e53a9ea82e [Firefox:14 hits: 06-18 to 07-21] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:13:54:00 | Win2K-f | 217.34.42.213 (BTOPENWORLD.COM): SINGLE STATIC IP ADDRESSES, FARNHAM, ENGLAND, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:bfb88.a1001186.wrs.mcboo.com US:199.93.46.125:80 US:205.128.66.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
irc http 202 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 31 of 34 17 of 35 30 of 32 |
37f41fd8ab NEW 4864a03a4b NEW 5ab0a45f63 NEW 7452c8448d [Firefox: 6 hits: 06-17 to 07-21] |
none[none] none [none] none [none] none [4] |
none:none none:none none:none none:none |
none|none none|none none|none PolyEnE| |
none none none none |
none none none trace |
| T:14:07:00 | WinXP | 24.39.18.204 (RR.COM): ROAD RUNNER HOLDCO LLC, PORTLAND, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:11:00 | WinXP | 208.32.149.21 (BUGGS.NET): BUGGS NET TELEPHONE, LA CROSSE, VIRGINIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:100 hits: 05-03 to 07-23] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:14:21:00 | Win2K-f | 96.251.126.132 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com US:b148.mcboo.com |
445 | pcap | raw alerts ruleset |
irc http 368 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab NEW 5ab0a45f63 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:29:00 | WinXP | 88.0.50.45 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:312 hits: 05-03 to 07-23] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 14:33:00 | Win2K-f | 77.102.76.42 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:35:00 | Win2K-f | 211.207.9.34 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:107 hits: 06-17 to 07-23] 8390780c27 [Firefox:22 hits: 06-18 to 07-23] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:14:48:00 | Win2K-f | 78.106.193.181 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
n/a | HK:proxim.ircgalaxy.pl US:ksn.a1001186.wrs.mcboo.com |
445 | pcap | raw alerts ruleset |
irc http 44 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab NEW 5ab0a45f63 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:57:00 | WinXP | 66.50.89.107 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:00:00 | WinXP | 209.216.178.99 (GORGE.NET): GORGE NETWORKS INC, HOOD RIVER, OREGON, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:12:00 | Win2K-f | 69.216.99.129 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:01:00 | WinXP | 87.196.176.37 (NET.NOVIS.PT): NOVIS TELECOM S.A, PT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 3472ccadd0 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:05:00 | Win2K-f | 12.198.30.48 (-): JOYCE MEDIA INC, ACTON, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] b5919931fe [Firefox:147 hits: 06-20 to 07-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:16:15:00 | WinXP | 189.57.126.80 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:742 hits: 05-01 to 07-23] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:16:21:00 | WinXP | 76.71.77.44 (-): . |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | de46b3fcc2 NEW |
none[none] | none:none |
none|none | none | none |
| 16:41:00 | WinXP | 77.241.128.157 (-): 3 CUSTOMER DYNAMIC ADDRESS POOL, SE. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:48:00 | WinXP | 98.141.178.91 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:04:00 | WinXP | 97.100.213.113 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad :www.proxy-socks.net GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1132 hits: 05-01 to 07-23] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:17:37:00 | WinXP | 70.245.248.112 (SWBELL.NET): PPPOX POOL - BRAS4 STLSMO, CAPE GIRARDEAU, MISSOURI, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad :www.proxy-socks.net US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:494 hits: 05-04 to 07-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 18:00:00 | Win2K-f | 216.203.250.17 (ALGX.NET): XO COMMUNICATIONS, SCOTTSDALE, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
other 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:02:00 | Win2K-f | 68.74.71.135 (-): PPPOX POOL - EMHRIL RBACK, CHICAGO, ILLINOIS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.220.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:25:00 | WinXP | 211.212.47.127 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 152 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 35 31 of 35 |
3791fd8fbc NEW 739d080108 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:31:00 | WinXP | 96.13.209.22 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:742 hits: 05-01 to 07-23] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:18:32:00 | WinXP | 96.13.209.22 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:742 hits: 05-01 to 07-23] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 18:32:00 | WinXP | 61.199.11.180 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 3b2958417b [Firefox: 3 hits: 07-09 to 07-10] |
none[none] | none:none |
none|none | none | none | |
| 18:34:00 | Win2K-f | 24.92.22.204 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:42:00 | WinXP | 4.235.6.177 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ORLANDO, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:500 hits: 12-31 to 07-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:49:00 | Win2K-f | 24.32.104.106 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, CABOT, ARKANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:05:00 | WinXP | 24.85.97.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 641a2c0d36 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:06:00 | WinXP | 24.85.97.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 641a2c0d36 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:15:00 | WinXP | 122.146.225.123 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] e07c29c4ae [Firefox:115 hits: 06-19 to 07-23] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:19:27:00 | Win2K-f | 24.222.103.168 (EASTLINK.CA): EASTLINK, HALIFAX, NOVA SCOTIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:34:00 | WinXP | 66.19.119.167 (USLEC.NET): USLEC CORP, SUMNER, WASHINGTON, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1444 hits: 12-31 to 07-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:35:00 | WinXP | 118.172.246.230 (-): . |
85.214.127.219:59999 | DE:skathari.oligarxia.com | 445 | pcap | raw alerts ruleset |
shell ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 35 | 557c0e2562 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:38:00 | WinXP | 65.6.226.123 (BELLSOUTH.NET): BELLSOUTH.NET INC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:456 hits: 05-02 to 07-23] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:38:00 | WinXP | 66.217.138.122 (USLEC.NET): USLEC CORP, MARYLAND, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3241 hits: 12-31 to 07-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:43:00 | Win2K-f | 91.195.99.145 (IPAPER.COM): BLOCK FOR PI ASSIGNMENTS, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.79.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:21:00 | WinXP | 125.58.75.43 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 111 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:107 hits: 06-17 to 07-23] dbce870f48 [Firefox: 3 hits: 07-03 to 07-19] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:21:00:00 | Win2K-f | 116.126.197.205 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 HK:210.245.211.11:65520 US:69.28.178.10:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:66 hits: 06-17 to 07-23] 667f0c59f3 [Firefox: 5 hits: 07-04 to 07-23] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:01:00 | Win2K-f | 4.249.198.8 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 836 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | d209b321f9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:21:04:00 | WinXP | 65.84.20.233 (-): TRAVEL HOUSE INC, BARRINGTON, ILLINOIS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 33 of 33 |
421ecabb8c NEW 53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:21:11:00 | Win2K-f | 76.244.158.184 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] a08f3b74a4 [Firefox:283 hits: 06-18 to 07-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:43:00 | Win2K-f | 211.186.128.155 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:107 hits: 06-17 to 07-23] 53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 21:43:00 | WinXP | 75.136.139.219 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 33 of 35 |
365daed0df NEW 3b664b9043 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:57:00 | Win2K-f | 71.99.93.44 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.46.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:07:00 | WinXP | 12.78.7.197 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:500 hits: 12-31 to 07-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:22:44:00 | Win2K-f | 4.254.167.82 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:15:00 | WinXP | 209.226.123.20 (BELL.CA): BELL CANADA, OTTAWA, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.46.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:30:00 | Win2K-f | 67.1.3.220 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, EAGLE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:878 hits: 06-17 to 07-23] 73f1082158 [Firefox:440 hits: 06-18 to 07-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:32:00 | Win2K-f | 24.222.243.232 (EASTLINK.CA): EASTLINK, BEDFORD, NOVA SCOTIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |