|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:27:00 | WinXP | 87.61.171.103 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:21 hits: 06-24 to 07-10] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:55:00 | WinXP | 61.155.20.168 (-): SUZHOU-DATONG-TECHNOLOGY-CORP, SUZHOU, JIANGSU, CN. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 69 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:76 hits: 06-17 to 07-24] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:00:58:00 | Win2K-f | 124.241.185.95 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:04:00 | Win2K-f | 89.137.125.245 (-): ASTRAL CLUJ-NAPOCA DOCSIS NETWORK, CLUJ-NAPOCA, CLUJ, RO. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:85.114.143.2:80 |
139 | pcap | raw alerts ruleset |
irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 8b77aef38c NEW |
none[none] | none:none |
none|none | none | none |
| T:01:57:00 | Win2K-f | 122.43.60.51 (-): POWERCOMM, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.99.124:80 HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 32 30 of 33 |
2949152a24 [Firefox: 3 hits: 07-02 to 07-13] f1a10a0d85 [Firefox: 3 hits: 07-02 to 07-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:02:00 | WinXP | 170.51.130.26 (-): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, WAUKEGAN, ILLINOIS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1445 hits: 12-31 to 07-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:02:15:00 | Win2K-f | 218.219.16.3 (AYU.NE.JP): ATSUGI ISEHARA CABLE NETWORK CO. LTD, ATSUGI, KANAGAWA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:18:00 | WinXP | 219.249.4.124 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 33 of 35 |
168aab35a3 [Firefox:67 hits: 06-17 to 07-24] f7738e7352 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:03:05:00 | WinXP | 82.237.5.64 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 830d47a690 NEW |
none[none] | none:none |
none|none | none | none |
| 03:05:00 | WinXP | 82.237.5.64 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 830d47a690 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:06:00 | Win2K-f | 151.33.183.218 (14-151.IOL.IT): ITALIA ONLINE S.P.A, TORINO, PIEMONTE, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:03:18:00 | Win2K-f | 61.35.75.97 (-): WINWININTERNETPC4029432D, ULSAN, KYONGSANG-NAMDO, KR. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:42:00 | WinXP | 62.11.79.147 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:45:00 | WinXP | 41.214.187.64 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:36:00 | WinXP | 87.246.28.164 (-): TRIPLE PLAY CLIENT OF CABLETEL PLC IN SHUMEN, BG. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 556e761226 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:36:00 | WinXP | 87.246.28.164 (-): TRIPLE PLAY CLIENT OF CABLETEL PLC IN SHUMEN, BG. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 556e761226 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:03:00 | Win2K-f | 77.102.0.196 (BLUEYONDER.CO.UK): CABLEINET, UK. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.126:80 US:207.123.47.126:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 145 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 |
0a44ba387c [Firefox: 2 hits: 06-25 to 07-09] 6f88847c49 [Firefox: 2 hits: 06-25 to 07-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:16:00 | Win2K-f | 75.63.207.56 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:17:00 | WinXP | 72.234.249.4 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 32 of 33 |
6428ed7419 NEW 810cfece01 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:27:00 | Win2K-f | 220.210.247.67 (MEGAEGG.NE.JP): ENERGIA COMMUNICATIONS INC, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:47:00 | Win2K-f | 24.32.95.52 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, CABOT, ARKANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:49:00 | WinXP | 116.120.98.88 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.124:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b [Firefox: 6 hits: 06-18 to 07-12] 857b781ca9 [Firefox: 5 hits: 06-18 to 07-12] |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:05:57:00 | WinXP | 151.33.176.92 (33-151.IOL.IT): ITALIA ONLINE S.P.A, TORINO, PIEMONTE, IT. (DIAL) |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 06:05:00 | WinXP | 170.51.188.239 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 06:18:00 | WinXP | 210.250.98.75 (SO-NET.NE.JP): SO-NET ENTERTAINMENT CORPORATION, FUKUOKA, FUKUOKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:741 hits: 07-11 to 07-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:37:00 | WinXP | 219.97.168.47 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:205 hits: 09-28 to 07-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:42:00 | Win2K-f | 116.123.65.132 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxima.ircgalaxy.pl US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 |
5364c612fa [Firefox: 2 hits: 07-06 to 07-11] 53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 06:51:00 | WinXP | 218.228.129.54 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | HK:proxim.ircgalaxy.pl RU:mxs.mail.ru US:mail.earthlink.net US:yutunrz.1dumb.com US:mx1.hotmail.com US:mailin-01.mx.aol.com US:mailin-02.mx.aol.com US:mcduii.3-a.net :jdjsloy.dynserv.com **:wyqggvow.afraid.org **:nttstziinpa.hn.org US:fcnhysydw.yi.org US:dlivmg.1dumb.com US:neytteybbo.3-a.net :fzzdik.dynserv.com :pkvgzaecagx.afraid.org **:yraqztt.hn.org US:kpxvrvdefs.yi.org US:qeqfsvxousx.1dumb.com US:143.215.15.145:80 US:143.215.15.60:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | e8558d5eae NEW |
none[none] | none:none |
none|none | none | none |
| 06:57:00 | WinXP | 220.108.5.154 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:205 hits: 09-28 to 07-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:04:00 | WinXP | 172.162.3.10 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:199.93.46.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 137 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] b7082104e4 [Firefox:59 hits: 06-18 to 07-24] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:07:23:00 | WinXP | 79.138.170.174 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:25:00 | WinXP | 60.47.43.12 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:205 hits: 09-28 to 07-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:31:00 | WinXP | 60.47.43.12 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:205 hits: 09-28 to 07-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:40:00 | WinXP | 212.156.115.36 (TTNET.NET.TR): TURK TELEKOM TTNET NATIONAL BACKBONE, ISTANBUL, ISTANBUL, TR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:00:00 | WinXP | 211.215.75.195 (HANANET.NET): HANARO TELECOM INC, PUSAN, PUSAN-GWANGYOKSI, KR. |
n/a | US:dlivmg.1dumb.com US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com :wpad US:neytteybbo.3-a.net US:yutunrz.1dumb.com US:mcduii.3-a.net :jdjsloy.dynserv.com **:wyqggvow.afraid.org US:143.215.15.145:80 US:208.111.148.137:80 US:208.111.148.149:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 137 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 33 of 35 |
09d6505627 NEW 7b1709ae4c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:02:00 | WinXP | 201.52.173.175 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:272 hits: 05-05 to 07-23] |
none[4] | none:none |
none|none | none | trace |
| 08:06:00 | Win2K-f | 116.127.144.100 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 32 |
f10855e3e1 NEW f7f799f818 [Firefox: 2 hits: 06-19 to 07-05] |
f10855e3e1 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:08:20:00 | WinXP | 87.205.92.231 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 NEW |
none[none] | none:none |
none|none | none | none |
| 08:22:00 | WinXP | 87.205.92.231 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 NEW |
none[none] | none:none |
none|none | none | none |
| 08:23:00 | WinXP | 170.51.179.76 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | ce1cf76342 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:29:00 | WinXP | 122.43.63.32 (-): POWERCOMM, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 [Firefox: 8 hits: 07-06 to 07-17] bc94f66052 [Firefox: 8 hits: 07-06 to 07-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:30:00 | Win2K-f | 82.64.181.55 (PROXAD.NET): PROXAD / FREE SAS, FR. (DSL) |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com 98.126.0.90:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1546 hits: 04-27 to 07-24] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 08:48:00 | WinXP | 117.96.4.213 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | ed67210b9b NEW |
none[none] | none:none |
none|none | none | none |
| T:08:49:00 | WinXP | 170.51.188.239 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:09:00:00 | WinXP | 92.114.217.29 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
210.245.211.11:65520 194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox:14 hits: 07-06 to 07-24] |
none[none] | none:none |
none|none | none | none |
| 09:04:00 | WinXP | 218.168.71.28 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:07:00 | WinXP | 172.163.86.243 (AOL.COM): AMERICA ONLINE, US. |
n/a | HK:proxim.ircgalaxy.pl US:yutunrz.1dumb.com US:mcduii.3-a.net US:microsoft.com :jdjsloy.dynserv.com **:wyqggvow.afraid.org **:nttstziinpa.hn.org US:fcnhysydw.yi.org US:dlivmg.1dumb.com US:neytteybbo.3-a.net :fzzdik.dynserv.com :pkvgzaecagx.afraid.org RU:mxs.mail.ru US:mail.earthlink.net US:mx1.hotmail.com US:mailin-02.mx.aol.com US:mailin-04.mx.aol.com US:download.microsoft.com US:143.215.15.145:80 US:143.215.15.60:80 US:192.221.110.126:80 RU:194.67.23.20:25 US:198.78.220.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:19:00 | Win2K-f | 90.151.104.199 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:09:20:00 | Win2K-f | 82.194.35.6 (BATELCO.COM.BH): BAHRAIN TELECOMMUNICATIONS COMPANY, MANAMA, AL MANAMAH, BH. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com 98.126.0.90:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1546 hits: 04-27 to 07-24] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 09:20:00 | Win2K-f | 170.51.192.245 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 35 | 1c4e5d84b6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:23:00 | WinXP | 70.20.195.69 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | US:scorti1.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
9 of 32 | 9345b57563 [Firefox:16 hits: 12-27 to 06-10] |
none[4] | none:none |
none|none | none | trace |
| 09:24:00 | WinXP | 116.126.181.86 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.53.126:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:10 hits: 06-20 to 07-24] 9276c8b36b [Firefox:10 hits: 06-20 to 07-24] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:49:00 | Win2K-f | 85.139.96.250 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com 98.126.0.90:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 35 | b2bdf3de7c NEW |
none[none] | none:none |
none|none | none | none |
| T:09:57:00 | WinXP | 170.51.174.127 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:09:57:00 | Win2K-f | 97.89.21.243 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 386 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 145317f5ce NEW |
none[none] | none:none |
none|none | none | none | |
| 10:35:00 | WinXP | 170.51.196.251 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | HK:proxim.ircgalaxy.pl DE:cookie.roltf.ws HK:210.245.211.11:65520 DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 673464b1f5 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:41:00 | WinXP | 212.27.20.63 (-): MLIFENET, RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 13045e38b8 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:01:00 | WinXP | 80.83.57.104 (NET2000.CH): VIDEO2000-MAIN-NET, NEUCHATEL, NEUCHATEL, CH. |
n/a | US:scorti1.dns2go.com 98.126.0.90:7000 |
445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 32 | 53123fadcc [Firefox:61 hits: 01-26 to 06-25] |
none[4] | none:none |
none|none | none | trace |
| T:11:27:00 | Win2K-f | 4.166.66.20 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:28:00 | Win2K-f | 116.127.218.251 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:199.93.53.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 108 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox: 9 hits: 06-17 to 07-22] f23b040440 [Firefox: 4 hits: 06-22 to 07-03] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 11:29:00 | WinXP | 90.151.19.85 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:11:44:00 | Win2K-f | 88.111.212.183 (AS9105.COM): TISCALI UK LTD, STOKE ON TRENT, ENGLAND, UK. (DSL) |
210.245.211.11:65520 | DE:85.114.143.2:80 |
139 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | b4d9dd3a19 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:50:00 | WinXP | 85.174.8.177 (RUNEXT.COM): PROVIDER LOCAL REGISTRY, RU. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com 98.126.0.90:7000 |
445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1546 hits: 04-27 to 07-24] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:12:01:00 | Win2K-f | 71.171.139.215 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
irc 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:03:00 | WinXP | 12.78.8.36 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 07-24] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:05:00 | WinXP | 41.214.179.149 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:09:00 | WinXP | 116.59.52.197 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 5c868e2742 NEW |
none[none] | none:none |
none|none | none | none |
| 12:15:00 | WinXP | 69.221.37.164 (SBCGLOBAL.NET): SFLDMI ADSL RBACK8 PPPOX, ALLEN PARK, MICHIGAN, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:17:00 | WinXP | 70.251.187.24 (SWBELL.NET): PPPOX POOL - RBACK7 AUSTTX, AUSTIN, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 07-24] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:21:00 | Win2K-f | 216.199.165.252 (FDN.COM): FDN.COM, JACKSONVILLE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox: 9 hits: 06-17 to 07-20] 41efedf70f [Firefox: 8 hits: 06-19 to 07-20] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 12:41:00 | Win2K-f | 170.51.158.15 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:12:54:00 | WinXP | 118.243.128.4 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8ae058b2d0 [Firefox: 6 hits: 05-01 to 07-16] |
e6a9383b75 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| T:13:07:00 | WinXP | 68.178.18.115 (INTEGRAONLINE.COM): INTEGRA TELECOM INC, PORTLAND, OREGON, US. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 55f1288a7a NEW |
none[none] | none:none |
none|none | none | none |
| 13:29:00 | Win2K-f | 116.127.229.48 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 3 of 35 |
4b1e5a8e77 NEW 9a62aaacc0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:31:00 | WinXP | 4.225.210.196 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOVELAND, COLORADO, US. (DIAL) |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1134 hits: 05-01 to 07-24] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:52:00 | WinXP | 89.144.177.59 (ASKIRAN.COM): ANDISHE SABZ KHAZAR CO. P.J.S, IR. |
n/a | DE:siliconfireware.ru :wpad :www.proxy-socks.net DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:497 hits: 05-04 to 07-24] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:14:42:00 | Win2K-f | 4.130.199.91 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CORPUS CHRISTI, TEXAS, US. (DIAL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.53:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 191 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 32 of 33 0 of 32 |
3c6781570e NEW 537e4f8dce NEW b5919931fe [Firefox:148 hits: 06-20 to 07-24] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 14:53:00 | Win2K-f | 71.7.193.102 (EASTLINK.CA): EASTLINK, DARTMOUTH, NOVA SCOTIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:54:00 | Win2K-f | 4.131.129.14 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, UPLAND, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:05:00 | WinXP | 71.99.28.113 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:205.128.79.125:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:23:00 | Win2K-f | 189.48.235.115 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 15:41:00 | WinXP | 24.77.255.220 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:199.93.53.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 32 of 35 |
5c7c5189af NEW ec725de4e7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:54:00 | Win2K-f | 66.61.158.150 (RR.COM): ROAD RUNNER HOLDCO LLC, MELBOURNE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a86bdb31d3 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 15:57:00 | WinXP | 122.24.169.213 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:205 hits: 09-28 to 07-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:20:00 | WinXP | 170.51.141.151 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 16:52:00 | WinXP | 121.84.176.175 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:57 hits: 12-14 to 07-24] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:59:00 | Win2K-f | 99.250.196.52 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:11:00 | Win2K-f | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.41.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:13:00 | Win2K-f | 170.51.98.194 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:49:00 | WinXP | 98.141.178.91 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:58:00 | WinXP | 170.51.234.153 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, ROSARIO, SANTA FE, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:11:00 | Win2K-f | 98.174.204.104 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:32:00 | WinXP | 4.91.111.237 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HILLIARD, FLORIDA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:51:00 | Win2K-f | 66.54.122.187 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 | 4afb021245 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:51:00 | WinXP | 92.41.79.141 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:07:00 | WinXP | 83.255.64.114 (COMHEM.SE): COMHEM, ÖSTERSUND, JAMTLANDS, SE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 66562ca213 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:14:00 | Win2K-f | 69.231.68.80 (PACBELL.NET): RBACK22C.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:15:00 | WinXP | 124.87.183.210 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:741 hits: 07-11 to 07-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:19:00 | WinXP | 203.91.164.207 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 57ce4acac2 [Firefox:76 hits: 06-17 to 07-24] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:20:00 | Win2K-f | 24.44.234.137 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NORWALK, CONNECTICUT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:31:00 | Win2K-f | 170.51.55.54 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 19:45:00 | Win2K-f | 123.214.98.119 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
05ea62612c [Firefox: 3 hits: 06-18 to 06-21] 3a0107380f [Firefox: 3 hits: 06-18 to 06-21] |
none[4] 3a0107380f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:19:49:00 | WinXP | 96.15.162.122 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:19 hits: 06-25 to 07-23] 7f6e032fc0 [Firefox:19 hits: 06-25 to 07-23] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:57:00 | Win2K-f | 122.146.224.96 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:00:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:12:00 | Win2K-f | 170.51.125.158 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 20:24:00 | Win2K-f | 200.191.189.167 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:63.149.6.91:7000 US:65.117.119.162:7000 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1546 hits: 04-27 to 07-24] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| T:20:30:00 | Win2K-f | 24.30.170.76 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:32:00 | WinXP | 98.141.178.75 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3249 hits: 12-31 to 07-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:33:00 | WinXP | 98.141.102.218 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 1dd10fdc90 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:50:00 | WinXP | 64.203.190.47 (NTELOS.NET): NTELOS - DOOMS ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] e07c29c4ae [Firefox:117 hits: 06-19 to 07-24] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:15:00 | WinXP | 125.58.75.43 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:111 hits: 06-17 to 07-24] dbce870f48 [Firefox: 4 hits: 07-03 to 07-24] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:21:17:00 | Win2K-f | 124.111.123.105 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
1509c8d024 [Firefox: 9 hits: 06-17 to 07-22] bd3f6e4ea3 [Firefox: 3 hits: 07-07 to 07-22] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:18:00 | Win2K-f | 66.54.123.228 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 31 of 35 |
67f55457b1 NEW 9dd1d118ac NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:19:00 | WinXP | 210.205.136.29 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
6f630e7aa2 [Firefox: 2 hits: 06-30 to 07-21] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[none] a08f3b74a4[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
| 21:27:00 | WinXP | 190.177.144.178 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | f17cd31eda [Firefox: 2 hits: 07-23 to 07-23] |
none[none] | none:none |
none|none | none | none |
| T:21:36:00 | Win2K-f | 98.134.184.126 (-): . |
210.245.211.11:65520 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:199.93.41.124:80 US:199.93.46.124:80 US:204.160.126.126:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 155 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox: 2 hits: 07-22 to 07-22] 8dfb3b619f [Firefox: 2 hits: 07-22 to 07-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:46:00 | WinXP | 69.110.129.101 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:55:00 | WinXP | 71.12.16.217 (CHARTER.COM): CHARTER COMMUNICATIONS, NORTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 043592e432 NEW |
none[none] | none:none |
none|none | none | none |
| 22:01:00 | WinXP | 97.101.122.95 (-): . |
n/a | DE:siliconfireware.ru :www.proxy-socks.net :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1134 hits: 05-01 to 07-24] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 22:47:00 | Win2K-f | 151.82.1.149 (38-151.NET24.IT): IUNET-BNET, TRENTO, TRENTINO-ALTO ADIGE, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox: 7 hits: 05-22 to 06-01] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 23:07:00 | WinXP | 218.168.71.182 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox: 6 hits: 07-13 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:23:10:00 | Win2K-f | 4.238.30.55 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. CLOUD, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:23:00 | WinXP | 65.255.54.128 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:199.93.53.125:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 73f1082158 [Firefox:451 hits: 06-18 to 07-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:39:00 | Win2K-f | 124.241.179.83 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] a08f3b74a4 [Firefox:291 hits: 06-18 to 07-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:42:00 | WinXP | 118.231.76.141 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 2b6229dbc5 NEW |
none[none] | none:none |
none|none | none | none |
| 23:43:00 | Win2K-f | 203.91.164.207 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:902 hits: 06-17 to 07-24] 57ce4acac2 [Firefox:76 hits: 06-17 to 07-24] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:46:00 | WinXP | 58.88.71.78 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:56:00 | Win2K-f | 96.15.156.112 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.126:80 US:207.123.46.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 134 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:19 hits: 06-25 to 07-23] 7f6e032fc0 [Firefox:19 hits: 06-25 to 07-23] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |