|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:05:00 | WinXP | 75.51.232.214 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.124:80 US:199.93.44.126:80 US:204.160.126.126:80 US:205.128.79.125:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:19:00 | WinXP | 222.234.97.226 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.126.126:80 US:205.128.79.125:80 HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 29 of 32 |
899035248c NEW 9d677c3f70 [Firefox: 2 hits: 06-20 to 07-12] |
899035248c [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 00:28:00 | Win2K-f | 24.79.65.222 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.79.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
3516e33174 NEW d093c44748 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:33:00 | WinXP | 66.61.16.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ALEXANDRIA, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:45:00 | Win2K-f | 4.225.120.206 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOUISVILLE, KENTUCKY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:09:00 | Win2K-f | 61.254.175.28 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, OSAN, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:09:00 | Win2K-f | 61.254.175.28 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, OSAN, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 HK:210.245.211.11:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox: 4 hits: 06-29 to 07-24] c7d6018f97 [Firefox: 4 hits: 06-29 to 07-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:27:00 | WinXP | 221.142.178.61 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 3 of 35 |
4b1e5a8e77 [Firefox: 2 hits: 07-05 to 07-25] 9a62aaacc0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:37:00 | Win2K-f | 70.71.252.72 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:7575 | CA:russia.blacktiehsbdcs.com CA:dirty.eiheihre3.com CA:72.10.169.26:2569 CA:72.10.172.218:7575 |
135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 [Firefox: 2 hits: 06-18 to 07-24] |
none[4] | none:none |
none|none | none | trace |
| T:01:43:00 | WinXP | 82.200.231.119 (-): JSC KAZAKHTELECOM URALSK AFFILIATE, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:46:00 | Win2K-f | 220.219.1.40 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 35 | 4ce93b70f2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:48:00 | Win2K-f | 220.219.1.40 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
206.59.139.195:5689 | US:petrosftp.boldlygoingnowhere.org | 445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4ce93b70f2 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:51:00 | WinXP | 116.80.69.218 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:51:00 | Win2K-f | 82.200.231.119 (-): JSC KAZAKHTELECOM URALSK AFFILIATE, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:54:00 | WinXP | 116.80.69.218 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:55:00 | WinXP | 4.225.120.206 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOUISVILLE, KENTUCKY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.46.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:05:00 | Win2K-f | 170.51.106.252 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 892144694d NEW |
none[none] | none:none |
none|none | none | none | |
| 02:15:00 | Win2K-f | 92.48.56.73 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:16:00 | WinXP | 92.48.56.73 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:19:00 | WinXP | 213.135.255.14 (LUXDSL.PT.LU): ENTREPRISE DES P&T, LU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:21:00 | Win2K-f | 220.176.105.137 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:23:00 | Win2K-f | 82.200.221.251 (-): JSC KAZAKHTELECOM TALDYKORGAN, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:26:00 | WinXP | 218.87.151.19 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:31:00 | WinXP | 213.135.255.14 (LUXDSL.PT.LU): ENTREPRISE DES P&T, LU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:32:00 | WinXP | 218.87.151.19 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:34:00 | Win2K-f | 84.23.118.109 (-): ETTIHADETISALAT, SA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:52:00 | Win2K-f | 98.140.43.243 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:10:00 | WinXP | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:205.128.79.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 57ce4acac2 [Firefox:79 hits: 06-17 to 07-25] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:13:00 | Win2K-f | 92.48.55.185 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:13:00 | Win2K-f | 92.48.55.185 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:14:00 | WinXP | 220.237.119.137 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:745 hits: 05-01 to 07-24] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 03:14:00 | WinXP | 220.237.119.137 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:745 hits: 05-01 to 07-24] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 03:14:00 | Win2K-f | 89.218.30.3 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:15:00 | Win2K-f | 89.218.30.3 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:20:00 | WinXP | 62.120.106.26 (-): EUNET, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:21:00 | Win2K-f | 84.36.82.116 (MENANET.NET): AFRINIC, CAIRO, AL QAHIRAH, EG. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:24:00 | Win2K-f | 92.48.51.70 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:26:00 | WinXP | 88.204.205.77 (-): ALMATYTELECOM, ALMATY, ALMATY, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:33:00 | Win2K-f | 84.36.82.116 (MENANET.NET): AFRINIC, CAIRO, AL QAHIRAH, EG. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:40:00 | Win2K-f | 89.218.218.74 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:41:00 | WinXP | 213.135.253.113 (LUXDSL.PT.LU): ENTREPRISE DES P&T, LU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:43:00 | Win2K-f | 84.23.121.249 (-): ETTIHADETISALAT, SA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:44:00 | WinXP | 89.218.218.74 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:46:00 | Win2K-f | 201.216.210.7 (IPLANNETWORKS.NET): NSS S.A, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:46:00 | Win2K-f | 118.174.65.103 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:47:00 | WinXP | 213.240.0.46 (ISTRA.CO.YU): YUNET INTERNATIONAL, CS. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:56:00 | Win2K-f | 119.94.60.134 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:22 hits: 06-18 to 07-22] 76ee340669 [Firefox:22 hits: 06-18 to 07-22] b5919931fe [Firefox:149 hits: 06-20 to 07-25] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| T:03:57:00 | WinXP | 89.218.107.77 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:59:00 | Win2K-f | 201.216.210.7 (IPLANNETWORKS.NET): NSS S.A, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:00:00 | WinXP | 89.218.107.77 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:04:00 | Win2K-f | 218.64.124.225 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:05:00 | WinXP | 89.218.221.177 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:09:00 | Win2K-f | 211.244.11.137 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 32 |
475d9a7753 NEW e9a7fa27d5 NEW |
none[4] e9a7fa27d5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 04:17:00 | Win2K-f | 92.46.30.15 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:29:00 | WinXP | 61.35.75.97 (-): WINWININTERNETPC4029432D, ULSAN, KYONGSANG-NAMDO, KR. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:79 hits: 06-17 to 07-25] 83f26f5044 [Firefox:15 hits: 06-20 to 07-23] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:04:35:00 | Win2K-f | 220.176.105.153 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:37:00 | WinXP | 65.166.185.162 (RURALTEL.NET): NEX-TECH, HAYS, KANSAS, US. |
210.245.211.11:65520 208.66.195.71:80 | HK:proxim.ircgalaxy.pl CA:done.blacktiehsbdcs.com CA:dong.nagitiriheiwu.net DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 897 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 31 of 34 |
8acd7e1937 [Firefox: 5 hits: 06-22 to 07-07] cc9d6491b2 NEW |
8acd7e1937 [1] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| T:04:40:00 | Win2K-f | 222.127.109.23 (SUMIFRU.COM): GLOBE TELECOM/INNOVE COMMUNICATION, PH. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:41:00 | WinXP | 218.63.139.63 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:44:00 | Win2K-f | 218.63.139.63 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:45:00 | WinXP | 89.218.216.7 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:45:00 | Win2K-f | 220.176.105.153 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:48:00 | Win2K-f | 222.127.109.23 (SUMIFRU.COM): GLOBE TELECOM/INNOVE COMMUNICATION, PH. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:49:00 | WinXP | 89.218.216.7 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:07:00 | WinXP | 125.233.104.237 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:09:00 | Win2K-f | 92.60.229.46 (IKBCC.COM): EU-ZZ, UK. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 05:30:00 | WinXP | 92.48.49.180 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:33:00 | WinXP | 206.82.88.196 (ALLTEL.NET): ALLTEL DIAL POOL LIVE OAK FL, LIVE OAK, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:34:00 | WinXP | 83.132.133.94 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:40:00 | Win2K-f | 83.132.133.94 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:42:00 | Win2K-f | 125.115.81.155 (163DATA.COM.CN): CHINANET-ZJ NINGBO NODE NETWORK, NINGBO, ZHEJIANG, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:44:00 | Win2K-f | 62.120.76.51 (-): EUNET, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:44:00 | Win2K-f | 84.23.118.59 (-): ETTIHADETISALAT, SA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:47:00 | WinXP | 218.168.71.47 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:48:00 | WinXP | 62.120.39.65 (-): EUNET, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:53:00 | WinXP | 212.154.221.122 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:54:00 | Win2K-f | 59.53.108.234 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:57:00 | WinXP | 212.154.221.122 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:02:00 | Win2K-f | 84.23.118.59 (-): ETTIHADETISALAT, SA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:10:00 | WinXP | 88.204.144.109 (DIALUP.ITTE.KZ): INTERNATIONAL AND TRUNK TELEPHONE EXCHANGE, ALMATY, ALMATY, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:12:00 | Win2K-f | 116.52.130.57 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:14:00 | Win2K-f | 88.204.144.109 (DIALUP.ITTE.KZ): INTERNATIONAL AND TRUNK TELEPHONE EXCHANGE, ALMATY, ALMATY, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:17:00 | WinXP | 76.189.108.19 (RR.COM): ROAD RUNNER HOLDCO LLC, EUCLID, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a73c16ccd0 [Firefox: 2 hits: 01-03 to 06-27] |
none[none] | none:none |
none|none | none | none | |
| T:06:20:00 | Win2K-f | 123.111.126.3 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:112 hits: 06-17 to 07-25] 53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:06:20:00 | WinXP | 88.186.216.80 (PROXAD.NET): PROXAD / FREE SAS, FR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 DE:85.114.143.2:80 |
139 | pcap | raw alerts ruleset |
irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | c50e0e1396 NEW |
none[none] | none:none |
none|none | none | none |
| 06:26:00 | Win2K-f | 61.251.14.61 (-): DAEJEON TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
074325ecbc [Firefox: 4 hits: 07-02 to 07-21] 2a66fc87fa [Firefox: 4 hits: 07-02 to 07-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:31:00 | Win2K-f | 116.204.172.206 (-): CNCGROUP GUANGDONG, GUANGZHOU, GUANGDONG, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:35:00 | WinXP | 220.176.101.147 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:37:00 | WinXP | 218.161.39.150 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:petrosftp.boldlygoingnowhere.org US:206.59.139.195:5689 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 34 | 7df4b2c746 NEW |
none[none] | none:none |
none|none | none | none |
| 06:39:00 | WinXP | 122.26.51.5 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:210 hits: 09-28 to 07-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:40:00 | WinXP | 218.161.39.150 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
206.59.139.195:5689 | US:petrosftp.boldlygoingnowhere.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 34 | 7df4b2c746 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:40:00 | Win2K-f | 92.47.249.177 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:41:00 | WinXP | 116.53.236.166 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:43:00 | WinXP | 217.44.201.160 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 30 | 2aa59ba425 [Firefox:46 hits: 06-30 to 07-21] |
2aa59ba425 [1] | ASM:Graph |
ASPack| | lines=10 | trace | |
| T:06:43:00 | Win2K-f | 116.204.172.206 (-): CNCGROUP GUANGDONG, GUANGZHOU, GUANGDONG, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:44:00 | Win2K-f | 116.54.3.224 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:45:00 | Win2K-f | 125.233.20.82 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:55:00 | Win2K-f | 85.60.76.110 (DYNAMIC.ORANGE.ES): ADDRESSES IP FOR HOME CLIENTS, TOLEDO, CASTILLA-LA MANCHA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:00:00 | WinXP | 92.47.249.177 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:00:00 | Win2K-f | 218.87.151.165 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:01:00 | WinXP | 170.51.220.157 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 07:03:00 | Win2K-f | 85.60.76.110 (DYNAMIC.ORANGE.ES): ADDRESSES IP FOR HOME CLIENTS, TOLEDO, CASTILLA-LA MANCHA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:06:00 | WinXP | 218.87.151.165 (163DATA.COM.CN): CHINANET JIANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:09:00 | WinXP | 220.210.228.214 (MEGAEGG.NE.JP): ENERGIA COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:210 hits: 09-28 to 07-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:10:00 | Win2K-f | 125.227.28.225 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:17:00 | Win2K-f | 125.227.28.225 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:21:00 | WinXP | 213.130.6.63 (FARLEP.NET): FARLEP-INTERNET ISP, ODESSA, ODES'KA OBLAST, UA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:33:00 | Win2K-f | 116.53.236.166 (CN.NET): CHINANET YUNNAN PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:49:00 | Win2K-f | 219.255.127.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.79.125:80 US:207.123.37.126:80 US:8.12.202.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 35 34 of 35 |
47d8d38194 NEW 4adfa905ec NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:53:00 | Win2K-f | 116.123.96.168 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.79.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 34 of 35 |
46fa1ba8ee NEW f76b83473a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:56:00 | WinXP | 211.205.53.61 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:112 hits: 06-17 to 07-25] 53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:08:13:00 | Win2K-f | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:16:00 | WinXP | 220.143.226.250 (GUTZWILLER.CH): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 55fe9d9ade [Firefox:52 hits: 05-03 to 07-18] |
4bce6c4887 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:18:00 | WinXP | 61.94.166.45 (-): TLKM_D4_DIALUP_SLO-G, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | a99f17e623 [Firefox:25 hits: 03-28 to 07-03] |
87dfec58db [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| T:08:25:00 | Win2K-f | 58.227.160.186 (HANANET.NET): HANARO TELECOM INC, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 176 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 35 0 of 32 34 of 35 |
33d3adcc81 NEW b5919931fe [Firefox:149 hits: 06-20 to 07-25] c67c18c2a1 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 08:54:00 | WinXP | 86.147.163.234 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:34 hits: 06-12 to 07-23] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:09:36:00 | Win2K-f | 58.227.31.208 (HANANET.NET): HANARO TELECOM INC, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.41.124:80 US:199.93.46.125:80 HK:210.245.211.11:65520 US:8.12.202.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 123 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
776985f561 NEW 8ec6129efe NEW |
776985f561 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 09:56:00 | WinXP | 124.100.70.156 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:210 hits: 09-28 to 07-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:02:00 | WinXP | 222.234.181.4 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:112 hits: 06-17 to 07-25] 53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 10:09:00 | Win2K-f | 125.181.214.20 (-): POWC-214, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
7bdeb65dd2 [Firefox: 2 hits: 07-04 to 07-11] e2b84629ac [Firefox: 2 hits: 07-04 to 07-11] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:26:00 | Win2K-f | 4.189.30.86 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VIDOR, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:41:00 | WinXP | 24.92.22.204 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:206.33.45.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:00:00 | WinXP | 83.251.19.246 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, SöDERTäLJE, STOCKHOLM, SE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | e321efdb3f [Firefox:11 hits: 05-07 to 07-22] |
none[none] | none:none |
none|none | none | none |
| 11:18:00 | WinXP | 122.30.228.175 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:210 hits: 09-28 to 07-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 11:34:00 | Win2K-f | 208.100.236.162 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 34 | 449f96770b NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:36:00 | Win2K-f | 68.148.113.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 285 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | 99b828dad0 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 11:37:00 | WinXP | 170.51.135.131 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | dac286fb33 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:41:00 | Win2K-f | 172.172.209.79 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:41:00 | WinXP | 68.146.102.191 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:205.128.79.126:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 134 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 30 of 33 |
9d9054829c [Firefox: 3 hits: 06-24 to 07-18] b69118be9f [Firefox: 3 hits: 06-24 to 07-18] |
none[4] b69118be9f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 11:44:00 | WinXP | 71.112.9.39 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SNOHOMISH, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:05:00 | WinXP | 72.174.169.138 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, CEDAR CITY, UTAH, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 403 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 6cadd3fa9b NEW |
none[none] | none:none |
none|none | none | none |
| T:12:07:00 | WinXP | 82.10.2.10 (NTL.COM): NTL INFRASTRUCTURE - RENFREW, NEWPORT, WALES, UK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1446 hits: 12-31 to 07-25] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:07:00 | WinXP | 85.108.179.179 (TTNET.NET.TR): TURK TELEKOM ADSL-ALCATEL, BURSA, BURSA, TR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | ce664ea1d1 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:08:00 | WinXP | 85.108.179.179 (TTNET.NET.TR): TURK TELEKOM ADSL-ALCATEL, BURSA, BURSA, TR. |
210.245.211.11:65520 194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | ce664ea1d1 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:16:00 | Win2K-f | 222.234.97.162 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:207.123.46.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 102 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 35 30 of 32 0 of 32 |
32fdc78338 NEW 8390780c27 [Firefox:24 hits: 06-18 to 07-24] b5919931fe [Firefox:149 hits: 06-20 to 07-25] |
none[none] none [4] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none tElock| ASProtect| |
none none lines=90 |
none trace trace |
| T:12:16:00 | Win2K-f | 98.132.188.126 (-): ALLTEL SIP CUSTOMERS - CHARLOTTE, MATTHEWS, NORTH CAROLINA, US. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.79.124:80 US:207.123.46.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 31 of 33 0 of 32 |
6d86a1ff5a [Firefox:21 hits: 06-25 to 07-25] 7f6e032fc0 [Firefox:21 hits: 06-25 to 07-25] b5919931fe [Firefox:149 hits: 06-20 to 07-25] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 12:27:00 | Win2K-f | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:28:00 | Win2K-f | 200.165.248.39 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 12:31:00 | WinXP | 122.107.71.85 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 504 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 00b7e57d8b NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:41:00 | WinXP | 210.205.206.91 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 108 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:68 hits: 06-17 to 07-25] 4c3df24b32 [Firefox:112 hits: 06-17 to 07-25] e07c29c4ae [Firefox:118 hits: 06-19 to 07-25] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:42:00 | Win2K-f | 91.115.151.191 (TELEKOM.AT): TELEKOM AUSTRIA AKTIENGESELLSCHAFT, AT. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
irc 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:43:00 | Win2K-f | 69.110.129.101 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:47:00 | WinXP | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] e07c29c4ae [Firefox:118 hits: 06-19 to 07-25] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 12:48:00 | Win2K-f | 70.184.119.120 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:51:00 | WinXP | 87.12.150.254 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 12:56:00 | Win2K-f | 69.110.129.101 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:58:00 | WinXP | 69.151.178.222 (SWBELL.NET): PPPOX POOL - RBACK3 BUMTTX-062004, BEAUMONT, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:04:00 | WinXP | 86.57.187.200 (PPPOE.MGTS.BY): REPUBLICAN UNITARY ENTERPRISE BELTELECOM, MINSK, MINSK, BY. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:05:00 | WinXP | 86.57.187.200 (PPPOE.MGTS.BY): REPUBLICAN UNITARY ENTERPRISE BELTELECOM, MINSK, MINSK, BY. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:05:00 | WinXP | 69.151.178.222 (SWBELL.NET): PPPOX POOL - RBACK3 BUMTTX-062004, BEAUMONT, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:22:00 | Win2K-f | 63.175.157.70 (TELEBARBADOS.COM): ANTILLES CROSSING INTERNATIONAL, SALT LAKE CITY, UTAH, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 138 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 13:22:00 | WinXP | 24.27.124.252 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
none[none] | none:none |
none|none | none | none |
| T:13:23:00 | WinXP | 24.27.124.252 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 9716d7995a NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:39:00 | WinXP | 88.164.219.112 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 0c803048e4 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:49:00 | WinXP | 4.155.33.196 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OWINGS MILLS, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 33 | b402048f34 [Firefox: 2 hits: 07-05 to 07-21] |
none[none] | none:none |
none|none | none | none | |
| T:13:50:00 | Win2K-f | 200.165.248.39 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 35 | 63bca2a296 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:59:00 | WinXP | 79.19.106.149 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:210 hits: 09-28 to 07-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 14:13:00 | WinXP | 195.174.12.47 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | cf2da9e119 NEW |
none[none] | none:none |
none|none | none | none |
| 14:28:00 | WinXP | 151.33.178.16 (14-151.IOL.IT): ITALIA ONLINE S.P.A, IT. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 14:43:00 | Win2K-f | 211.133.70.58 (INFOWEB.NE.JP): INFOWEB-CIDR-BLK, TOKYO, TOKYO, JP. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] b7082104e4 [Firefox:60 hits: 06-18 to 07-25] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:14:56:00 | WinXP | 200.100.115.128 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BRAZIL, INDIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 14:56:00 | WinXP | 219.249.122.21 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:68 hits: 06-17 to 07-25] 61426996c3 [Firefox: 6 hits: 06-20 to 07-21] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:15:00:00 | WinXP | 4.225.174.170 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:20:00 | WinXP | 208.79.97.209 (-): GLOBAL CARIBBEAN NETWORK, GP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.37.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] b7082104e4 [Firefox:60 hits: 06-18 to 07-25] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:15:27:00 | Win2K-f | 24.180.107.173 (CHARTER.COM): CHARTER COMMUNICATIONS, OSCODA, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.46.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 326 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
378a4bac36 [Firefox: 2 hits: 07-01 to 07-15] d11b4c2e19 [Firefox: 2 hits: 07-01 to 07-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:40:00 | Win2K-f | 192.203.2.145 (AF.MIL): ENGINEERING ANALYSIS AF, SAN ANTONIO, TEXAS, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 110 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 32 of 35 0 of 32 |
2d76ff4e53 NEW 7df1377ee3 NEW b5919931fe [Firefox:149 hits: 06-20 to 07-25] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:15:44:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] b5919931fe [Firefox:149 hits: 06-20 to 07-25] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:47:00 | WinXP | 65.5.50.159 (BELLSOUTH.NET): BELLSOUTH.NET INC, SALT LAKE CITY, UTAH, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | e89d2af9c4 NEW |
none[none] | none:none |
none|none | none | none |
| 15:48:00 | WinXP | 216.198.165.210 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:198.78.220.126:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:10 hits: 06-17 to 07-25] 41efedf70f [Firefox: 9 hits: 06-19 to 07-25] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:15:48:00 | Win2K-f | 210.205.164.5 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:05:00 | WinXP | 189.74.134.180 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:12:00 | WinXP | 76.247.105.33 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:58 hits: 12-14 to 07-25] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:15:00 | Win2K-f | 98.140.43.243 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:23:00 | WinXP | 206.248.108.242 (CHOICECABLE.NET): AGUADILLA SITE - CHOICE CABLE TV, LONDON, ONTARIO, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:24:00 | WinXP | 206.248.108.242 (CHOICECABLE.NET): AGUADILLA SITE - CHOICE CABLE TV, LONDON, ONTARIO, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:33:00 | WinXP | 190.18.27.72 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:45:00 | Win2K-f | 70.73.60.147 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.124:80 HK:210.245.211.11:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
765181de43 NEW aad35e5bc5 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:49:00 | WinXP | 70.92.16.33 (RR.COM): ROAD RUNNER HOLDCO LLC, WICHITA, KANSAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:321 hits: 05-01 to 07-23] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace | |
| T:16:50:00 | Win2K-f | 219.250.173.252 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:55:00 | WinXP | 84.75.60.169 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:56:00 | WinXP | 84.75.60.169 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:35:00 | WinXP | 172.162.50.227 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:50:00 | Win2K-f | 170.51.215.5 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | e96228a17e NEW |
none[none] | none:none |
none|none | none | none | |
| 17:58:00 | Win2K-f | 68.125.173.233 (PACBELL.NET): PPPOX POOL - RBACK4.FRSN, FRESNO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.126:80 US:207.123.37.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:29:00 | WinXP | 218.50.229.111 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:85.114.143.2:80 |
139 | pcap | raw alerts ruleset |
shell http irc ftp 9 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 | 6b908b4135 NEW |
none[none] | none:none |
none|none | none | none |
| 18:30:00 | Win2K-f | 218.50.229.111 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:ice.novi-pazar.biz HK:210.245.211.11:65520 US:69.64.51.132:6789 |
139 | pcap | raw alerts ruleset |
shell http ftp 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 6b908b4135 NEW |
none[none] | none:none |
none|none | none | none |
| 18:31:00 | WinXP | 58.124.179.136 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
139 | pcap | raw alerts ruleset |
shell http ftp 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 154d5f562a NEW |
none[none] | none:none |
none|none | none | none |
| T:18:32:00 | Win2K-f | 58.229.109.172 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 69.64.51.132:6789 | HK:proxim.ircgalaxy.pl US:ice.novi-pazar.biz DE:85.114.143.2:80 MD:89.41.127.0:5800 MD:89.41.127.10:5800 MD:89.41.127.11:5800 MD:89.41.127.12:5800 MD:89.41.127.13:5800 MD:89.41.127.14:5800 MD:89.41.127.15:5800 MD:89.41.127.16:5800 MD:89.41.127.17:5800 MD:89.41.127.18:5800 MD:89.41.127.1:5800 MD:89.41.127.2:5800 MD:89.41.127.3:5800 MD:89.41.127.4:5800 MD:89.41.127.5:5800 MD:89.41.127.6:5800 MD:89.41.127.7:5800 MD:89.41.127.8:5800 MD:89.41.127.9:5800 |
139 | pcap | raw alerts ruleset |
shell http irc ftp 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 | d1770194f5 NEW |
none[none] | none:none |
none|none | none | none |
| 18:33:00 | Win2K-f | 170.51.205.238 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:18:47:00 | WinXP | 65.240.138.181 (-): WS/HART TELEPHONE CO, HARTWELL, GEORGIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sprw.information.com :www.proxy-socks.net :wpad US:spi.domainsponsor.com :landdev1.lap.internal |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1136 hits: 05-01 to 07-25] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:49:00 | WinXP | 71.113.167.87 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BLOOMINGTON, ILLINOIS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:58:00 | WinXP | 98.105.211.5 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.126:80 US:8.12.202.125:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 32 29 of 33 |
5378ab9d2d [Firefox: 2 hits: 06-28 to 07-03] 60a6e7e23c [Firefox: 2 hits: 06-28 to 07-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:03:00 | Win2K-f | 24.80.100.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:08:00 | WinXP | 210.197.185.175 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), NAHA, OKINAWA, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:743 hits: 07-11 to 07-25] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:16:00 | WinXP | 60.236.74.90 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:743 hits: 07-11 to 07-25] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:34:00 | WinXP | 220.229.78.210 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:42:00 | Win2K-f | 71.14.37.233 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 317 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 29 of 33 |
378a4bac36 [Firefox: 2 hits: 07-01 to 07-15] b5919931fe [Firefox:149 hits: 06-20 to 07-25] d11b4c2e19 [Firefox: 2 hits: 07-01 to 07-15] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:19:43:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 0 of 33 |
3cd7958258 [Firefox:10 hits: 06-17 to 07-25] 41efedf70f [Firefox: 9 hits: 06-19 to 07-25] e07c29c4ae [Firefox:118 hits: 06-19 to 07-25] |
none[4] 41efedf70f[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 19:45:00 | Win2K-f | 24.80.174.52 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:01:00 | WinXP | 190.51.244.248 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 89c318e39d NEW |
none[none] | none:none |
none|none | none | none |
| 20:14:00 | WinXP | 4.225.213.50 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOVELAND, COLORADO, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:14:00 | Win2K-f | 122.108.171.47 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] a08f3b74a4 [Firefox:299 hits: 06-18 to 07-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:22:00 | WinXP | 85.85.37.204 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:33:00 | WinXP | 71.98.38.85 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CARROLLTON, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 | f2f692a719 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:39:00 | Win2K-f | 170.51.74.67 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 5246e634df NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:39:00 | Win2K-f | 123.214.205.57 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:bfb88.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http irc 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 19 of 35 0 of 33 17 of 35 |
168aab35a3 [Firefox:68 hits: 06-17 to 07-25] 37f41fd8ab [Firefox: 4 hits: 07-24 to 07-24] 4c3df24b32 [Firefox:112 hits: 06-17 to 07-25] 5ab0a45f63 [Firefox: 4 hits: 07-24 to 07-24] |
none[4] none [none] 4c3df24b32[1] none [none] |
none:none none:none ASM:Graph none:none |
tElock| none|none Armadillo| none|none |
none none lines=81 none |
trace none trace none |
| T:20:40:00 | WinXP | 118.236.57.118 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:15 hits: 06-22 to 07-24] |
none[4] | none:none |
none|none | none | trace | |
| 20:48:00 | Win2K-f | 58.227.160.186 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 151 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 34 of 35 |
33d3adcc81 NEW c67c18c2a1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:48:00 | WinXP | 203.109.172.187 (IHUG.CO.NZ): THE INTERNET GROUP LTD, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | a6b65f725a NEW |
none[none] | none:none |
none|none | none | none |
| 21:01:00 | WinXP | 217.164.242.149 (NET.AE): EMIRATES TELECOMMUNICATIONS CORP, DUBAI, DUBAI, AE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:07:00 | Win2K-f | 220.109.93.8 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com :b156.mcboo.ws IL:mtn6.com-com.ws US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
445 | pcap | raw alerts ruleset |
irc http 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab [Firefox: 4 hits: 07-24 to 07-24] 5ab0a45f63 [Firefox: 4 hits: 07-24 to 07-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:31:00 | Win2K-f | 65.68.19.187 (-): POPLAR PCS, JONESBORO, ARKANSAS, US. (100Mbps) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 US:207.123.46.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc http 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 17 of 35 28 of 32 |
3f0a5b2ebe [Firefox: 7 hits: 06-18 to 07-10] 5ab0a45f63 [Firefox: 4 hits: 07-24 to 07-24] c6bfb5f0f2 [Firefox: 7 hits: 06-18 to 07-10] |
none[4] none [none] c6bfb5f0f2[1] |
none:none none:none ASM:Graph |
PolyEnE| none|none Armadillo| |
none none lines=81 |
trace none trace |
| 21:34:00 | Win2K-f | 208.127.234.36 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 33 |
2ef2f78792 [Firefox: 8 hits: 06-21 to 07-15] b7a332eb7c [Firefox: 8 hits: 06-21 to 07-15] |
2ef2f78792 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 21:37:00 | WinXP | 75.137.152.32 (CHARTER.COM): CHARTER COMMUNICATIONS, CARROLLTON, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | a40ec6f7e3 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:37:00 | WinXP | 75.137.152.32 (CHARTER.COM): CHARTER COMMUNICATIONS, CARROLLTON, GEORGIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | a40ec6f7e3 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:06:00 | Win2K-f | 124.197.51.198 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, NZ. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:bfb88.a1001186.wrs.mcboo.com US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
445 | pcap | raw alerts ruleset |
irc http 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab [Firefox: 4 hits: 07-24 to 07-24] 5ab0a45f63 [Firefox: 4 hits: 07-24 to 07-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:27:00 | Win2K-f | 70.167.84.162 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.110.125:80 US:199.93.46.125:80 US:205.128.79.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a NEW b4fe4581c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:27:00 | Win2K-f | 116.120.235.5 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:31:00 | WinXP | 70.76.139.162 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.46.125:80 US:205.128.79.125:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 278 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
81264c16dd [Firefox: 3 hits: 07-03 to 07-14] 9a91743938 [Firefox: 3 hits: 07-03 to 07-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:39:00 | Win2K-f | 85.72.156.254 (OTENET.GR): MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS, AACHEN, NORDRHEIN-WESTFALEN, DE. (DSL) |
85.214.127.219:59999 | DE:skathari.oligarxia.com | 445 | pcap | raw alerts ruleset |
shell ftp irc 26 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 35 | 557c0e2562 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:52:00 | WinXP | 118.240.116.5 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:743 hits: 07-11 to 07-25] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:04:00 | Win2K-f | 122.43.52.78 (-): POWERCOMM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 33 |
2949152a24 [Firefox: 4 hits: 07-02 to 07-25] f1a10a0d85 [Firefox: 4 hits: 07-02 to 07-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:05:00 | WinXP | 89.137.58.116 (UPCNET.RO): ASTRAL-UPC ROMAN, RO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 8b3607bd00 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:05:00 | WinXP | 89.137.58.116 (UPCNET.RO): ASTRAL-UPC ROMAN, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 8b3607bd00 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:14:00 | Win2K-f | 216.199.165.252 (FDN.COM): FDN.COM, JACKSONVILLE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.46.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:10 hits: 06-17 to 07-25] 41efedf70f [Firefox: 9 hits: 06-19 to 07-25] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 23:15:00 | WinXP | 118.236.70.73 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:15 hits: 06-22 to 07-24] |
none[4] | none:none |
none|none | none | trace | |
| T:23:24:00 | WinXP | 97.94.97.27 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3256 hits: 12-31 to 07-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:30:00 | Win2K-f | 24.77.71.154 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 32 of 35 |
5c7c5189af NEW ec725de4e7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:31:00 | WinXP | 81.191.199.142 (BLUECOM.NO): CATCH COMMUNCIATIONS ASA, OSLO, OSLO, NO. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:745 hits: 05-01 to 07-24] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace | |
| 23:32:00 | WinXP | 81.191.199.142 (BLUECOM.NO): CATCH COMMUNCIATIONS ASA, OSLO, OSLO, NO. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:745 hits: 05-01 to 07-24] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 23:34:00 | WinXP | 170.51.222.43 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:20 hits: 05-22 to 07-25] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 23:48:00 | Win2K-f | 74.79.35.104 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:921 hits: 06-17 to 07-25] 73f1082158 [Firefox:458 hits: 06-18 to 07-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |