|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:13:00 | WinXP | 70.71.252.72 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:3240 75.125.207.50:80 | CA:bti.jeiahsdod.net | 135 | pcap | raw alerts ruleset |
irc http 246 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 31 of 33 |
8acd7e1937 [Firefox: 6 hits: 06-22 to 07-26] b9cdf4ca69 [Firefox: 3 hits: 06-18 to 07-26] |
8acd7e1937 [1] none [4] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace trace |
| 00:17:00 | Win2K-f | 211.244.26.201 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 HK:210.245.211.11:65520 US:4.23.60.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox: 5 hits: 06-29 to 07-26] c7d6018f97 [Firefox: 5 hits: 06-29 to 07-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:24:00 | WinXP | 70.71.2.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.44.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 26 of 35 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] d198a6ea5a NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 00:44:00 | WinXP | 71.85.135.8 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
24acffe86e [Firefox: 3 hits: 06-18 to 07-24] a0d83e7d41 [Firefox: 3 hits: 06-18 to 07-24] |
24acffe86e [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 01:18:00 | WinXP | 118.231.64.209 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
dc20b6fe59 [Firefox: 9 hits: 06-23 to 07-27] f97070ef2b [Firefox: 9 hits: 06-23 to 07-27] |
dc20b6fe59 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| T:01:31:00 | WinXP | 85.85.162.222 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BASAURI, PAIS VASCO, ES. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 2d6002ac1c NEW |
none[none] | none:none |
none|none | none | none |
| 02:09:00 | WinXP | 85.86.202.26 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, SAN SEBASTIAN, PAIS VASCO, ES. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 8b3607bd00 [Firefox: 2 hits: 07-26 to 07-26] |
none[none] | none:none |
none|none | none | none |
| 02:10:00 | WinXP | 99.253.112.7 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
67.43.236.66:8080 72.10.172.211:8080 | CA:xx.sqlteam.info CA:xx.enterhere.biz :xx.nadnadzz.info CA:xx.ka3ek.com CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:67.43.236.98:1863 CA:67.43.236.98:5190 CA:67.43.236.99:1863 CA:67.43.236.99:5190 CA:72.10.172.211:8080 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | 706e697ed5 [Firefox: 2 hits: 06-21 to 06-29] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:02:55:00 | WinXP | 117.99.16.53 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:29:00 | WinXP | 92.99.6.137 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:61 hits: 12-14 to 07-27] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:03:44:00 | WinXP | 118.231.16.185 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox: 8 hits: 07-13 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:04:38:00 | Win2K-f | 118.3.94.47 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | cfaeeb74d4 NEW |
none[none] | none:none |
none|none | none | none | |
| 04:45:00 | Win2K-f | 121.114.145.72 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:181 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| T:04:48:00 | WinXP | 118.109.90.21 (-): . |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 20 of 35 |
a9c8d121f2 [Firefox: 9 hits: 06-28 to 07-02] cd7366f252 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:48:00 | WinXP | 118.237.26.173 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 0d0fa96607 [Firefox: 3 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:04:49:00 | Win2K-f | 81.132.242.5 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
210.245.211.11:65520 75.66.100.3:13001 | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:www.hasi.us DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 35 22 of 35 |
cd7366f252 NEW de9c878632 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:51:00 | WinXP | 118.12.242.154 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:59:00 | Win2K-f | 61.31.36.15 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 309 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 269df8493a NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:01:00 | WinXP | 123.222.108.111 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 20 of 35 |
ca15c09536 [Firefox:181 hits: 06-27 to 07-02] cd7366f252 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:06:00 | Win2K-f | 118.105.180.31 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 4c718f0d24 [Firefox: 2 hits: 06-29 to 06-30] |
none[none] | none:none |
none|none | none | none | |
| 05:09:00 | WinXP | 118.3.94.47 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | cfaeeb74d4 NEW |
none[none] | none:none |
none|none | none | none |
| 05:09:00 | WinXP | 121.115.219.188 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:218 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none |
| 05:15:00 | Win2K-f | 123.218.175.130 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:181 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| 05:25:00 | WinXP | 170.51.123.164 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:05:27:00 | WinXP | 122.18.135.189 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 20 of 35 |
ca15c09536 [Firefox:181 hits: 06-27 to 07-02] cd7366f252 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:35:00 | WinXP | 86.155.81.119 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:46:00 | WinXP | 125.215.124.191 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:181 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none |
| T:05:51:00 | Win2K-f | 118.236.151.160 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:218 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| T:05:56:00 | WinXP | 218.210.197.40 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:223 hits: 09-28 to 07-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:58:00 | Win2K-f | 122.43.63.32 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.46.125:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 [Firefox: 9 hits: 07-06 to 07-25] bc94f66052 [Firefox: 9 hits: 07-06 to 07-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:04:00 | WinXP | 87.205.92.98 (INETIA.PL): INTERNETIA, PL. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 06:05:00 | Win2K-f | 118.109.90.21 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | a9c8d121f2 [Firefox: 9 hits: 06-28 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| 06:07:00 | WinXP | 213.226.177.49 (TVK.LT): UAB TELEVIZIJOS KOMUNIKACIJOS, VILNIUS, VILNIAUS APSKRITIS, LT. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 33 | 0b0c6a7b64 NEW |
none[none] | none:none |
none|none | none | none |
| 06:13:00 | Win2K-f | 92.13.94.122 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 33 | 9a32965bc8 [Firefox:11 hits: 06-28 to 07-02] |
none[none] | none:none |
none|none | none | none |
| T:06:40:00 | Win2K-f | 125.175.48.142 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 156 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 35 10 of 33 |
cd7366f252 NEW d2c26e07fd [Firefox:150 hits: 06-27 to 07-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:51:00 | WinXP | 201.46.248.253 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | EU:siliconfireware.ru DE:ebookfinaltrash.ru :wpad GB:welcome3.smile.co.uk GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1140 hits: 05-01 to 07-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:51:00 | WinXP | 202.224.74.142 (ENJOY.NE.JP): DEODEO INTERNET SERVICE(DEODEO CORPORATION), TOKYO, TOKYO, JP. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 6bf9acfa77 NEW |
none[none] | none:none |
none|none | none | none |
| 06:56:00 | Win2K-f | 118.237.94.57 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:218 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| 07:22:00 | Win2K-f | 170.51.91.50 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 07:22:00 | Win2K-f | 80.191.120.174 (-): CALLWITHME CORP(TANA), TEHRAN, TEHRAN, IR. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:07:24:00 | WinXP | 82.207.32.151 (UKRTEL.NET): UKRTELNET, UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | a92e3f8fc8 [Firefox:120 hits: 05-03 to 07-18] |
dfe02a1e52 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:25:00 | WinXP | 82.207.32.151 (UKRTEL.NET): UKRTELNET, UA. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | a92e3f8fc8 [Firefox:120 hits: 05-03 to 07-18] |
dfe02a1e52 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 07:31:00 | WinXP | 125.192.82.166 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:150 hits: 06-27 to 07-02] |
none[none] | none:none |
none|none | none | none |
| T:07:37:00 | Win2K-f | 130.13.40.246 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
64.32.14.92:6915 | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 | 355281ab68 NEW |
none[4] | none:none |
StarForce| | none | trace |
| 07:40:00 | Win2K-f | 130.13.40.246 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 64.32.14.92:6915 |
445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 355281ab68 NEW |
none[4] | none:none |
StarForce| | none | trace |
| 07:54:00 | WinXP | 122.146.225.25 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.66.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:08:00 | Win2K-f | 218.86.236.21 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, GUIZHOU, GUIZHOU, CN. |
n/a | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 33 |
12c513d41d NEW 1509c8d024 [Firefox:12 hits: 06-17 to 07-27] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 08:12:00 | WinXP | 86.155.10.50 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:25:00 | WinXP | 86.155.10.50 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:31:00 | WinXP | 65.191.190.235 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:223 hits: 09-28 to 07-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:39:00 | Win2K-f | 4.224.36.197 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CINCINNATI, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:47:00 | Win2K-f | 170.51.234.159 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, ROSARIO, SANTA FE, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 08:49:00 | WinXP | 211.213.56.232 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:73 hits: 06-17 to 07-27] 4c3df24b32 [Firefox:119 hits: 06-17 to 07-27] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:00:00 | WinXP | 12.78.10.109 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:506 hits: 12-31 to 07-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:09:00 | Win2K-f | 170.51.130.150 (-): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, WAUKEGAN, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 09:17:00 | WinXP | 87.205.79.34 (INETIA.PL): INTERNETIA, BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:09:18:00 | WinXP | 87.205.79.34 (INETIA.PL): INTERNETIA, BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 09:20:00 | WinXP | 118.218.129.240 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
45e0b2544f NEW 633a67eac3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:24:00 | Win2K-f | 24.249.96.111 (COX.NET): COX COMMUNICATIONS, EDMOND, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:09:00 | WinXP | 125.215.126.140 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:21:00 | WinXP | 69.176.15.82 (MIS.NET): MIKROTEC INTERNET SERVICES INC, LEXINGTON, KENTUCKY, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:23:00 | WinXP | 219.254.243.79 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
45e0b2544f NEW 633a67eac3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:24:00 | Win2K-f | 116.125.161.168 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 35 |
8390780c27 [Firefox:27 hits: 06-18 to 07-27] 940475f291 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 10:42:00 | WinXP | 65.191.190.235 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:322 hits: 05-01 to 07-26] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:10:50:00 | WinXP | 87.205.89.43 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:11:14:00 | WinXP | 89.204.199.221 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:20:00 | Win2K-f | 130.13.32.228 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 35085295a6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:21:00 | WinXP | 130.13.32.228 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp shell 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 35085295a6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:27:00 | Win2K-f | 119.95.53.129 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:52:00 | Win2K-f | 208.79.98.108 (-): GLOBAL CARIBBEAN NETWORK, GP. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 32 of 35 |
2d76ff4e53 [Firefox: 2 hits: 07-23 to 07-26] 7df1377ee3 [Firefox: 2 hits: 07-23 to 07-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:18:00 | WinXP | 170.51.158.22 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:12:29:00 | WinXP | 74.79.35.104 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 35 | 3199efa07d NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:30:00 | WinXP | 12.73.150.182 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:35:00 | WinXP | 89.204.199.221 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:749 hits: 07-11 to 07-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:45:00 | Win2K-f | 75.51.87.146 (SBCGLOBAL.NET): PPPOX POOL - BRAS16 LSANCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:57:00 | WinXP | 58.157.118.10 (UCOM.NE.JP): N-KG0003U, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:223 hits: 09-28 to 07-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:13:22:00 | Win2K-f | 211.138.111.254 (-): CHINA MOBILE COMMUNICATIONS CORPORATION - SHANGXI, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:33:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
72.10.172.218:9928 | CA:tai.ihshsd8.com | 135 | pcap | raw alerts ruleset |
irc http 347 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 29 19 of 35 |
0a0261b96a [Firefox: 9 hits: 07-16 to 07-19] 2f02f5eb03 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:45:00 | Win2K-f | 65.148.60.191 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, DALLAS, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 35 0 of 32 |
4138726683 NEW 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[none] 73f1082158[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
|
| T:13:51:00 | WinXP | 212.183.70.115 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:14:07:00 | WinXP | 193.250.27.242 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:506 hits: 12-31 to 07-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:12:00 | WinXP | 98.30.37.216 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:14:00 | WinXP | 66.252.113.26 (NEBNET.NET): CONSOLIDATED TELEPHONE COMPANY, LINCOLN, NEBRASKA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:37:00 | WinXP | 219.107.214.218 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | US:hail.dns2go.com | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 91e43fc14a [Firefox: 6 hits: 05-01 to 05-21] |
none[4] | none:none |
Obsidium| | none | trace |
| T:14:56:00 | WinXP | 200.175.94.59 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1140 hits: 05-01 to 07-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:14:57:00 | WinXP | 24.80.170.73 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox: 9 hits: 06-20 to 07-19] e5c7bce70e [Firefox: 9 hits: 06-20 to 07-19] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:58:00 | WinXP | 12.76.131.141 (ATT.NET): AT&T WORLDNET SERVICES, LAFAYETTE, INDIANA, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sprw.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1140 hits: 05-01 to 07-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 15:13:00 | WinXP | 93.81.57.0 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:hail.dns2go.com US:scorti1.dns2go.com US:63.149.6.91:7000 US:65.117.119.162:7000 98.126.0.92:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 32 | a2a036466a [Firefox:273 hits: 05-05 to 07-25] |
none[4] | none:none |
none|none | none | trace |
| 15:19:00 | Win2K-f | 24.92.189.150 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.53.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:26:00 | WinXP | 117.99.0.35 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:31:00 | WinXP | 207.189.221.21 (PEAKPEAK.COM): NET INFRASTRUCTURE, FT. COLLINS, COLORADO, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:40:00 | WinXP | 99.137.90.113 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:749 hits: 05-01 to 07-26] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 15:48:00 | WinXP | 77.253.57.59 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:15:48:00 | WinXP | 77.253.57.59 (COM.PL): NETIA, PL. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 16:06:00 | Win2K-f | 67.150.123.52 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:55:00 | WinXP | 24.109.77.54 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:57:00 | WinXP | 4.155.33.240 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OWINGS MILLS, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:223 hits: 09-28 to 07-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:17:00:00 | WinXP | 68.148.79.116 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 0 of 33 |
9d9054829c [Firefox: 4 hits: 06-24 to 07-26] b69118be9f [Firefox: 4 hits: 06-24 to 07-26] e07c29c4ae [Firefox:121 hits: 06-19 to 07-26] |
none[4] b69118be9f[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:17:10:00 | Win2K-f | 77.102.76.42 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:15:00 | WinXP | 68.146.123.27 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | 917f99560a [Firefox: 4 hits: 07-22 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:17:21:00 | WinXP | 68.178.18.115 (INTEGRAONLINE.COM): INTEGRA TELECOM INC, PORTLAND, OREGON, US. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 55f1288a7a NEW |
none[none] | none:none |
none|none | none | none |
| T:17:22:00 | WinXP | 71.42.39.151 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3278 hits: 12-31 to 07-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:40:00 | WinXP | 211.18.115.120 (DION.NE.JP): DION (KDDI CORPORATION), SENDAI, MIYAGI, JP. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1451 hits: 12-31 to 07-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:44:00 | WinXP | 76.90.202.36 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 55fe9d9ade [Firefox:53 hits: 05-03 to 07-26] |
4bce6c4887 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:49:00 | Win2K-f | 68.121.247.247 (PACBELL.NET): PPPOX POOL - BRAS1IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:50:00 | Win2K-f | 70.73.107.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:58:00 | WinXP | 4.241.18.8 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN DIEGO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:01:00 | WinXP | 216.198.161.181 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:204.160.126.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:13 hits: 06-17 to 07-26] 41efedf70f [Firefox:12 hits: 06-19 to 07-26] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 18:05:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
72.10.172.218:3838 | CA:haiys.eiheihre3.com CA:tai.ihshsd8.com :sisxteen.oihduhdd.net CA:72.10.172.218:3838 CA:72.10.172.218:9928 |
135 | pcap | raw alerts ruleset |
other 338 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 29 | 0a0261b96a [Firefox: 9 hits: 07-16 to 07-19] |
none[none] | none:none |
none|none | none | none |
| T:18:28:00 | Win2K-f | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:34:00 | Win2K-f | 69.221.133.183 (AMERITECH.NET): RBACK7B.AKRNOH, AKRON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:52:00 | WinXP | 99.162.123.6 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:67 hits: 05-01 to 07-19] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 18:55:00 | WinXP | 58.121.81.186 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.79.126:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
168aab35a3 [Firefox:73 hits: 06-17 to 07-27] f62373a83b [Firefox: 2 hits: 07-03 to 07-06] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:19:17:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:20:00 | Win2K-f | 4.159.181.46 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MARSHFIELD, WISCONSIN, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:24:00 | Win2K-f | 4.159.181.46 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MARSHFIELD, WISCONSIN, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:26:00 | WinXP | 206.74.149.63 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, COLUMBIA, SOUTH CAROLINA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 19:26:00 | WinXP | 218.168.69.205 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox: 8 hits: 07-13 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 19:37:00 | WinXP | 4.225.184.70 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, IRVING, TEXAS, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 55fe9d9ade [Firefox:53 hits: 05-03 to 07-26] |
4bce6c4887 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:37:00 | WinXP | 12.210.173.69 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, SALT LAKE CITY, UTAH, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] e07c29c4ae [Firefox:121 hits: 06-19 to 07-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 19:38:00 | WinXP | 12.73.210.39 (ATT.NET): AT&T WORLDNET SERVICES, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | EU:siliconfireware.ru :wpad DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1140 hits: 05-01 to 07-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:19:41:00 | Win2K-f | 74.78.51.236 (RR.COM): ROAD RUNNER HOLDCO LLC, MIDDLETOWN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:44:00 | Win2K-f | 130.13.8.110 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 64.32.14.92:6915 |
445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | c5d407807f NEW |
none[4] | none:none |
StarForce| | none | trace |
| 19:59:00 | Win2K-f | 70.64.24.103 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.124:80 US:207.123.37.126:80 HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 200 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 32 of 35 |
0c6268b411 NEW 524cd7fe92 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:01:00 | WinXP | 170.51.176.208 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:35 hits: 05-22 to 07-27] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:20:07:00 | Win2K-f | 209.226.123.61 (BELL.CA): BELL CANADA, OTTAWA, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:10:00 | WinXP | 130.13.58.14 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 35085295a6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:14:00 | Win2K-f | 130.13.58.14 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 35085295a6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:17:00 | WinXP | 208.127.214.69 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.66.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 29 of 33 |
0d3fafbf29 NEW d401773a07 NEW |
0d3fafbf29 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:20:21:00 | WinXP | 4.224.12.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CINCINNATI, OHIO, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :landdev1.lap.internal :wpad US:sprw.information.com |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:499 hits: 05-04 to 07-27] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 20:43:00 | WinXP | 74.138.55.17 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, LOUISVILLE, KENTUCKY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:506 hits: 12-31 to 07-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:43:00 | Win2K-f | 4.237.14.210 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:55:00 | Win2K-f | 4.137.14.134 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WEDOWEE, ALABAMA, US. (DIAL) |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:59:00 | WinXP | 98.134.202.152 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:08:00 | Win2K-f | 219.147.194.242 (163DATA.COM.CN): CHINANET HEILONGJIANG PROVINCE NETWORK, HEILONGJIANG, HEILONGJIANG, CN. |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl US:microsoft.com HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 21:09:00 | WinXP | 206.74.149.211 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:21:09:00 | WinXP | 206.74.149.211 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox: 3 hits: 07-25 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:21:11:00 | WinXP | 61.31.36.15 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:12:00 | Win2K-f | 24.30.174.247 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:18:00 | WinXP | 24.188.12.106 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:31:00 | Win2K-f | 24.87.46.107 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:7382 | CA:italian.swiifatecihno.com | 135 | pcap | raw alerts ruleset |
irc 631 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | e3d90a3753 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:35:00 | Win2K-f | 99.164.23.178 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:40:00 | Win2K-f | 201.213.239.139 (NET.AR): PRIMA S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 35 | aaf4077b09 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:43:00 | Win2K-f | 209.226.123.61 (BELL.CA): BELL CANADA, OTTAWA, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:09:00 | Win2K-f | 61.34.136.40 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:82 hits: 06-17 to 07-27] 83f26f5044 [Firefox:17 hits: 06-20 to 07-27] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:23:00:00 | WinXP | 70.184.119.120 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] 73f1082158 [Firefox:492 hits: 06-18 to 07-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:01:00 | Win2K-f | 67.48.115.214 (RR.COM): ROAD RUNNER HOLDCO LLC, LEES SUMMIT, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:975 hits: 06-17 to 07-27] a08f3b74a4 [Firefox:314 hits: 06-18 to 07-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:02:00 | WinXP | 122.127.100.76 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
23 of 35 | 2ef6cd596a NEW |
none[none] | none:none |
none|none | none | none |
| 23:41:00 | WinXP | 211.138.111.254 (-): CHINA MOBILE COMMUNICATIONS CORPORATION - SHANGXI, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |