|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:07:00 | Win2K-f | 4.246.147.215 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SACRAMENTO, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 133 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 5ddf0762e4 NEW |
none[none] | none:none |
none|none | none | none | |
| 00:08:00 | WinXP | 92.96.32.2 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:62 hits: 12-14 to 07-28] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 00:09:00 | WinXP | 170.51.176.208 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 35 | 90a6e15b64 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:11:00 | WinXP | 217.249.174.7 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:62 hits: 12-14 to 07-28] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 00:24:00 | Win2K-f | 123.213.2.182 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.79.125:80 US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
1509c8d024 [Firefox:13 hits: 06-17 to 07-28] bd3f6e4ea3 [Firefox: 5 hits: 07-07 to 07-27] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 00:53:00 | Win2K-f | 151.80.2.249 (38-151.NET24.IT): IUNET-BNET, CAMPOBASSO, MOLISE, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:01:28:00 | Win2K-f | 130.228.96.66 (TELE2.NET): TELE GREENLAND INTERNATIONAL A/S, COPENHAGEN, COPENHAGEN, DK. (100Mbps) |
61.240.232.29:18067 | CN:bbjj.househot.com EU:www.filefrog.net |
445 | pcap | raw alerts ruleset |
http 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 996c9c3a01 [Firefox: 8 hits: 04-03 to 07-06] |
4b6453fcf3 [0] | ASM:Graph |
MEW| | lines=5 | trace |
| 01:43:00 | Win2K-f | 61.105.205.133 (KRLINE.NET): KRNIC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 29 of 32 |
4da237ece7 NEW 9d677c3f70 [Firefox: 4 hits: 06-20 to 07-27] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 01:46:00 | WinXP | 114.120.99.19 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3285 hits: 12-31 to 07-28] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:26:00 | Win2K-f | 70.52.209.193 (BELL.CA): SYMPATICO HSE, MONTREAL, QUEBEC, CA. (DSL) |
n/a | US:wr.mcboo.com IL:dl.mcboo.com :www.speed-runner.com |
135 | pcap | raw alerts ruleset |
http http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
8 of 33 21 of 33 0 of 33 27 of 33 |
1ac39aea6b [Firefox: 2 hits: 06-28 to 07-19] 7b1de9d82d [Firefox: 2 hits: 06-28 to 07-19] 820bef376c [Firefox: 2 hits: 06-28 to 07-19] d6fbe37100 [Firefox: 2 hits: 06-28 to 07-19] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 02:45:00 | WinXP | 83.26.246.151 (TPNET.PL): NEOSTRADA PLUS, BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) |
n/a | DE:siliconfireware.ru :wpad :www.proxy-socks.net DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 330eaa2da2 [Firefox:55 hits: 05-04 to 04-23] |
none[3] | none:none |
ASPack| | none | trace |
| T:03:02:00 | Win2K-f | 24.64.112.147 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:06:00 | Win2K-f | 122.55.214.214 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 141 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:23 hits: 06-18 to 07-26] 76ee340669 [Firefox:23 hits: 06-18 to 07-26] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:03:41:00 | WinXP | 210.192.201.41 (TTN.NET): TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 001b6f7107 NEW |
none[none] | none:none |
none|none | none | none |
| 04:42:00 | WinXP | 70.61.156.13 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:53:00 | Win2K-f | 221.43.62.12 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, NAGOYA, AICHI, JP. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info US:130.107.128.85:31505 |
135 | pcap | raw alerts ruleset |
irc http 648 lines |
Yeah : 1.8 profile |
none | summary tarball |
16 of 35 24 of 32 8 of 35 13 of 35 |
474312616d [Firefox: 3 hits: 07-23 to 07-27] 4f51b7cd6f [Firefox: 2 hits: 06-25 to 07-02] 62376cb971 [Firefox: 3 hits: 07-23 to 07-27] f82e1a0066 [Firefox: 3 hits: 07-23 to 07-27] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:05:16:00 | WinXP | 170.51.201.57 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 05:20:00 | WinXP | 69.183.217.205 (SNET.NET): BRAS11A.MRDNCT, PLANO, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:756 hits: 07-11 to 07-28] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:42:00 | Win2K-f | 24.79.207.124 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:10 hits: 06-20 to 07-28] e5c7bce70e [Firefox:10 hits: 06-20 to 07-28] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:44:00 | Win2K-f | 124.241.172.168 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 57ce4acac2 [Firefox:83 hits: 06-17 to 07-28] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:50:00 | Win2K-f | 130.13.134.21 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 NEW |
none[none] | none:none |
none|none | none | none | |
| 05:51:00 | Win2K-f | 130.13.134.21 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:00:00 | WinXP | 117.99.29.145 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3285 hits: 12-31 to 07-28] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 06:01:00 | WinXP | 213.45.147.56 (POOL21345.INTERBUSINESS.IT): TELECOM ITALIA S.P.A, FLORENCE, TOSCANA, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:62 hits: 12-14 to 07-28] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 06:02:00 | WinXP | 71.98.39.247 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CARROLLTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:204.160.126.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 35 |
63bb8d0ddf NEW f2f692a719 [Firefox: 2 hits: 07-23 to 07-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:34:00 | Win2K-f | 24.92.189.150 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:40:00 | WinXP | 200.165.210.139 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | be5d4b567e NEW |
none[none] | none:none |
none|none | none | none |
| 06:50:00 | WinXP | 62.11.200.144 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, CAGLIARI, SARDEGNA, IT. (DIAL) |
n/a | DE:siliconfireware.ru :wpad EU:ebookfinaltrash.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:500 hits: 05-04 to 07-28] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:06:50:00 | WinXP | 4.255.206.133 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, YUKON, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:205.128.79.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:57:00 | WinXP | 99.164.23.178 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:205.128.66.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:57:00 | Win2K-f | 207.5.166.118 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:00:00 | WinXP | 12.218.183.253 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, COLUMBUS, GEORGIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d175bad0e6 [Firefox:16 hits: 06-08 to 07-12] |
dfb15f5463 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| T:07:12:00 | WinXP | 118.7.68.207 (-): . |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 55d0af189c NEW |
none[none] | none:none |
none|none | none | none |
| 07:17:00 | Win2K-f | 170.51.117.35 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 07:36:00 | Win2K-f | 218.211.81.180 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:01:00 | WinXP | 213.242.238.103 (-): PPTP CONNECTIONS, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:152 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:08:01:00 | Win2K-f | 213.149.122.74 (-): ICG KOTOR DIALUP, CS. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:01:00 | Win2K-f | 170.51.162.203 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 08:02:00 | WinXP | 117.55.68.55 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:03:00 | Win2K-f | 118.9.133.245 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 33 | 034d808c86 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:06:00 | WinXP | 122.132.105.208 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 35 20 of 35 |
08106a1056 NEW cd7366f252 [Firefox: 5 hits: 07-28 to 07-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:07:00 | WinXP | 217.248.255.89 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BONN, NORDRHEIN-WESTFALEN, DE. (DIAL) |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:152 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:08:13:00 | Win2K-f | 125.215.99.213 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:16:00 | Win2K-f | 75.50.54.88 (SBCGLOBAL.NET): PPPOX POOL - RBACK4.SPFDMO, SPRINGFIELD, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:21:00 | Win2K-f | 221.185.52.37 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
75.66.100.3:12351 75.66.100.3:13001 | US:chat-shqip.org US:w3bs.chat-shqip.org US:www.hasi.us US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 35 10 of 33 |
cd7366f252 [Firefox: 5 hits: 07-28 to 07-28] d2c26e07fd [Firefox:152 hits: 06-27 to 07-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:21:00 | WinXP | 76.241.149.222 (-): SE4.BCVLOH PPPOX, RICHARDSON, TEXAS, US. |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com US:sprw.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:35 hits: 05-17 to 07-22] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 08:22:00 | Win2K-f | 123.254.3.60 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 35 | 9e497b5264 NEW |
none[none] | none:none |
none|none | none | none |
| 08:27:00 | WinXP | 201.250.122.225 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | ba4da2e65e NEW |
none[none] | none:none |
none|none | none | none |
| 08:33:00 | Win2K-f | 221.127.193.67 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | ec3d13cabe NEW |
none[none] | none:none |
none|none | none | none | |
| 08:35:00 | WinXP | 122.25.129.16 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:221 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 08:41:00 | WinXP | 76.250.116.243 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:68 hits: 05-01 to 07-28] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 08:42:00 | WinXP | 122.132.105.208 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 35 | 08106a1056 NEW |
none[none] | none:none |
none|none | none | none |
| 08:43:00 | Win2K-f | 125.194.215.78 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | HK:proxima.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
16 of 35 | 3783c700a9 NEW |
none[none] | none:none |
none|none | none | none |
| 08:48:00 | WinXP | 125.173.2.28 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:221 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:09:01:00 | Win2K-f | 4.158.240.14 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MILWAUKEE, WISCONSIN, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 09:08:00 | Win2K-f | 58.157.121.189 (UCOM.NE.JP): IML, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:221 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none | |
| 09:15:00 | Win2K-f | 189.73.240.107 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:09:17:00 | WinXP | 118.9.123.232 (-): . |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 35 20 of 35 |
b13b669243 NEW cd7366f252 [Firefox: 5 hits: 07-28 to 07-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:21:00 | Win2K-f | 222.150.16.210 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 33 | 4a64249404 [Firefox: 2 hits: 06-29 to 06-30] |
none[none] | none:none |
none|none | none | none |
| 09:23:00 | Win2K-f | 118.160.88.121 (-): . |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | cbeac58546 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:24:00 | WinXP | 89.137.166.233 (-): ASTRAL FOCSANI DOCSIS NETWORK, RO. |
69.42.216.90:9890 69.42.216.90:2010 149.9.1.16:6667 | :f.unicat.org US:v1rg1n.100free.com FR:www.members.lycos.co.uk :adware.rxmods.net US:irc.dal.net |
445 | pcap | raw alerts ruleset |
ftp irc http 1937 lines |
Yeah : 1.3 profile |
none | summary tarball |
4 of 35 5 of 32 18 of 35 13 of 31 |
9d0029f6d8 NEW c7fd48a934 NEW cd75030ece NEW e8d4d8cde1 [Firefox:343 hits: 03-31 to 07-19] |
none[none] none [none] none [none] fda109a6fd[0] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=583 embedded dns |
none none none trace |
| T:09:25:00 | WinXP | 91.66.47.121 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.90:9890 69.42.216.90:2010 194.68.45.50:6667 | :f.unicat.org US:v1rg1n.100free.com FR:www.members.lycos.co.uk :adware.rxmods.net US:irc.dal.net |
445 | pcap | raw alerts ruleset |
ftp irc http 2214 lines |
Yeah : 1.3 profile |
none | summary tarball |
4 of 35 5 of 32 18 of 35 13 of 31 |
9d0029f6d8 NEW c7fd48a934 NEW cd75030ece NEW e8d4d8cde1 [Firefox:343 hits: 03-31 to 07-19] |
none[none] none [none] none [none] fda109a6fd[0] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=583 embedded dns |
none none none trace |
| T:09:26:00 | WinXP | 77.20.214.110 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:26:00 | Win2K-f | 89.43.114.120 (3S.PL): SC SMAF DINU COM SRL, RO. |
69.42.216.90:9890 208.99.193.130:6667 69.42.216.90:2010 | :f.unicat.org US:v1rg1n.100free.com FR:www.members.lycos.co.uk :adware.rxmods.net SE:irc.dal.net |
445 | pcap | raw alerts ruleset |
ftp irc http 1905 lines |
Yeah : 1.3 profile |
none | summary tarball |
4 of 35 5 of 32 18 of 35 13 of 31 |
60234ab5eb NEW c7fd48a934 NEW cd75030ece NEW e8d4d8cde1 [Firefox:343 hits: 03-31 to 07-19] |
none[none] none [none] none [none] fda109a6fd[0] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=583 embedded dns |
none none none trace |
| 09:28:00 | WinXP | 78.96.84.245 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:343 hits: 03-31 to 07-19] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:09:31:00 | Win2K-f | 78.139.136.57 (-): CAUCASUS NETWORK LTD, GE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:35:00 | WinXP | 190.7.138.219 (-): EMTELSA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:35:00 | WinXP | 89.43.114.120 (3S.PL): SC SMAF DINU COM SRL, RO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:36:00 | Win2K-f | 91.67.169.162 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.90:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc http 842 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 18 of 35 |
046a656119 NEW cd75030ece NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:40:00 | Win2K-f | 24.105.229.174 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:45:00 | WinXP | 78.96.84.245 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 208.99.193.130:6667 69.42.216.90:2010 | :f.unicat.org US:v1rg1n.100free.com SE:irc.dal.net FR:www.members.lycos.co.uk :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 2240 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 32 18 of 35 13 of 31 10 of 35 |
c7fd48a934 NEW cd75030ece NEW e8d4d8cde1 [Firefox:343 hits: 03-31 to 07-19] f0c9f4382d NEW |
none[none] none [none] fda109a6fd[0] none [none] |
none:none none:none ASM:Graph none:none |
none|none none|none ASProtect| none|none |
none none lines=583 embedded dns none |
none none trace none |
| 09:55:00 | WinXP | 118.9.123.232 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | f9a0fc79b3 NEW |
none[none] | none:none |
none|none | none | none |
| 10:04:00 | WinXP | 122.30.132.179 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:221 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 10:05:00 | WinXP | 62.40.54.233 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:756 hits: 07-11 to 07-28] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:05:00 | Win2K-f | 78.52.99.48 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:05:00 | WinXP | 80.96.151.206 (NEXTRA.RO): SC-NEXTRA TELECOM SRL, TIMISOARA, TIMIS, RO. |
75.66.100.3:13001 | US:chat-shqip.org US:www.hasi.us |
445 | pcap | raw alerts ruleset |
ftp irc http 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 20 of 35 |
ca15c09536 [Firefox:186 hits: 06-27 to 07-28] cd7366f252 [Firefox: 5 hits: 07-28 to 07-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:10:00 | Win2K-f | 123.254.3.60 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:24:00 | WinXP | 170.51.162.203 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 10:31:00 | WinXP | 24.160.203.107 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:227 hits: 09-28 to 07-28] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:34:00 | WinXP | 62.11.117.249 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:500 hits: 05-04 to 07-28] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 10:50:00 | WinXP | 68.189.146.121 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:12 hits: 07-25 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:10:50:00 | WinXP | 170.51.208.127 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 3f536a670f NEW |
none[none] | none:none |
none|none | none | none |
| 11:06:00 | WinXP | 80.121.68.16 (TELEKOM.AT): HIGHWAY CUSTOMERS, ZELL AM SEE, SALZBURG, AT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:62 hits: 12-14 to 07-28] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:11:11:00 | WinXP | 114.120.104.164 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 8b3607bd00 [Firefox: 3 hits: 07-26 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:11:24:00 | WinXP | 96.15.229.253 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:199.93.46.125:80 US:205.128.66.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:23 hits: 06-25 to 07-27] 7f6e032fc0 [Firefox:23 hits: 06-25 to 07-27] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:30:00 | Win2K-f | 130.13.158.100 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 64.32.14.92:6915 |
445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 8fba02579a NEW |
none[4] | none:none |
StarForce| | none | trace |
| T:11:31:00 | WinXP | 74.67.99.241 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:457 hits: 05-02 to 07-24] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:42:00 | WinXP | 72.235.45.97 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HANA, HAWAII, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] e07c29c4ae [Firefox:123 hits: 06-19 to 07-28] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:11:46:00 | Win2K-f | 130.13.158.100 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
64.32.14.92:6915 | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 40 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 | 8fba02579a NEW |
none[4] | none:none |
StarForce| | none | trace |
| 11:50:00 | WinXP | 98.140.79.215 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:58:00 | Win2K-f | 216.198.161.181 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 0 of 32 |
3cd7958258 [Firefox:14 hits: 06-17 to 07-28] 41efedf70f [Firefox:13 hits: 06-19 to 07-28] b5919931fe [Firefox:159 hits: 06-20 to 07-27] |
none[4] 41efedf70f[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| 12:01:00 | WinXP | 220.108.105.59 (PLALA.OR.JP): PLALA NETWORKS INC, HADANO, KANAGAWA, JP. |
n/a | HK:proxim.ircgalaxy.pl US:chat-shqip.org US:w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 35 | 0237de298e NEW |
none[none] | none:none |
none|none | none | none |
| T:12:18:00 | WinXP | 89.37.212.90 (JUMP.RO): SC AZURE SOFTWARE SRL, RO. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:227 hits: 09-28 to 07-28] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 12:37:00 | WinXP | 92.114.175.222 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | dae77d66f3 [Firefox: 5 hits: 07-08 to 07-12] |
none[none] | none:none |
none|none | none | none |
| T:12:39:00 | WinXP | 81.20.249.16 (CABOTVA.NET): CABO TV ACOREANA, PONTA DELGADA, AZORES, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1452 hits: 12-31 to 07-28] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:43:00 | WinXP | 88.164.81.208 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 0c803048e4 NEW |
none[none] | none:none |
none|none | none | none |
| 13:10:00 | WinXP | 81.131.14.175 (BTOPENWORLD.COM): BT-WEBPORT, LONDON, ENGLAND, UK. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:227 hits: 09-28 to 07-28] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:13:14:00 | WinXP | 88.210.75.55 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | d01b5333e5 [Firefox: 3 hits: 07-16 to 07-21] |
none[none] | none:none |
none|none | none | none |
| T:13:25:00 | WinXP | 41.214.160.121 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3285 hits: 12-31 to 07-28] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:07:00 | WinXP | 81.84.57.59 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | dae77d66f3 [Firefox: 5 hits: 07-08 to 07-12] |
none[none] | none:none |
none|none | none | none |
| T:14:08:00 | WinXP | 81.84.57.59 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | dae77d66f3 [Firefox: 5 hits: 07-08 to 07-12] |
none[none] | none:none |
none|none | none | none |
| 14:23:00 | WinXP | 87.12.150.245 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:43 hits: 05-22 to 07-28] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 14:25:00 | WinXP | 121.103.228.33 (-): . |
n/a | US:chat-shqip.org US:w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:186 hits: 06-27 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 14:33:00 | WinXP | 65.189.216.100 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | NL:0x80.online-software.org NL:0x80.martiansong.com :0xff.memzero.info :0x80.my-secure.name NL:0x80.goingformars.com NL:0x80.my1x1.com NL:194.109.11.65:1023 NL:194.109.11.65:6556 |
135 | pcap | raw alerts ruleset |
other 202 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 7660f93420 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:45:00 | WinXP | 118.243.130.42 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 8ae058b2d0 [Firefox: 7 hits: 05-01 to 07-25] |
e6a9383b75 [0] | ASM:Graph |
none|none | lines=59 | trace | |
| 14:47:00 | WinXP | 87.103.89.16 (REV.VODAFONE.PT): VODAFONE PORTUGAL, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | e7a94e9156 [Firefox:13 hits: 02-26 to 04-12] |
c49065e906 [0] | ASM:Graph |
PolyEnE| | lines=72 embedded dns |
trace |
| 14:57:00 | Win2K-f | 71.254.196.168 (VERIZON.NET): VERIZON INTERNET SERVICES INC, YORK, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:00:00 | WinXP | 70.125.73.99 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:20:00 | Win2K-f | 66.103.127.36 (CTSIOK.NET): CHICKASAW TELECOMMUNICATIONS SERVICES INC, STILLWATER, OKLAHOMA, US. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:85.114.143.2:80 |
139 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 41df05b29e NEW |
none[none] | none:none |
none|none | none | none |
| 15:26:00 | WinXP | 69.232.237.217 (PACBELL.NET): PPPOX POOL - BRAS12 PLTN, OAKLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:43:00 | WinXP | 70.135.203.40 (SBCGLOBAL.NET): PPPOX POOL - BRAS11.MRDNCT, PLANO, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:756 hits: 07-11 to 07-28] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:50:00 | Win2K-f | 211.59.72.105 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc 107 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:120 hits: 06-17 to 07-28] 8390780c27 [Firefox:28 hits: 06-18 to 07-28] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 16:05:00 | WinXP | 4.253.129.88 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:500 hits: 05-04 to 07-28] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:16:13:00 | WinXP | 170.51.195.170 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 | 08c1ee9daf NEW |
none[none] | none:none |
none|none | none | none |
| T:16:17:00 | WinXP | 89.204.197.157 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3285 hits: 12-31 to 07-28] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:17:00 | WinXP | 89.204.197.157 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3285 hits: 12-31 to 07-28] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:17:00 | WinXP | 76.200.174.114 (SBCGLOBAL.NET): BRAS45.PLTNCA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:750 hits: 05-01 to 07-28] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 17:24:00 | Win2K-f | 4.168.180.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.153.215:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 28 of 35 |
70c31be294 NEW fead05e431 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:35:00 | WinXP | 12.215.69.162 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, OTTUMWA, IOWA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:35:00 | WinXP | 12.215.69.162 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, OTTUMWA, IOWA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:41:00 | Win2K-f | 130.13.159.105 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 64.32.14.92:6915 |
445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | 8fba02579a NEW |
none[4] | none:none |
StarForce| | none | trace |
| 17:41:00 | WinXP | 70.54.16.235 (BELL.CA): SYMPATICO HSE, TORONTO, ONTARIO, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | de46b3fcc2 [Firefox: 2 hits: 07-24 to 07-24] |
none[none] | none:none |
none|none | none | none |
| T:17:44:00 | Win2K-f | 170.51.94.86 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 81ba2b47bd NEW |
none[none] | none:none |
none|none | none | none |
| T:17:46:00 | WinXP | 130.13.159.105 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
64.32.14.92:6915 | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 | 8fba02579a NEW |
none[4] | none:none |
StarForce| | none | trace |
| 18:05:00 | WinXP | 68.146.123.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | 917f99560a [Firefox: 5 hits: 07-22 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 18:08:00 | Win2K-f | 64.24.249.57 (POPSITE.NET): USLEC CORP, SEATTLE, WASHINGTON, US. (DIAL) |
n/a | :ircn3t.cjb.net HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 64.32.14.92:6915 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:26:00 | WinXP | 24.80.186.91 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.66.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:52:00 | WinXP | 4.244.153.7 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | :www.symantec.com US:j0r.biz |
445 | pcap | raw alerts ruleset |
shell ftp http 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | dd04166637 [Firefox: 4 hits: 12-20 to 04-07] |
53e80eceeb [0] | ASM:Graph |
MEW| | lines=296 embedded dns |
trace |
| 19:10:00 | WinXP | 4.89.135.130 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WOLCOTTVILLE, INDIANA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:457 hits: 05-02 to 07-24] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:16:00 | Win2K-f | 122.146.80.174 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:17:00 | WinXP | 122.18.183.252 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 3b2958417b [Firefox: 4 hits: 07-09 to 07-24] |
none[none] | none:none |
none|none | none | none | |
| T:19:20:00 | Win2K-f | 125.224.130.52 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:21:00 | WinXP | 218.54.110.98 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:21:00 | WinXP | 211.10.223.74 (GDFCY.DCNS.JP): SEIKA CORPORATION, JP. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b NEW |
none[none] | none:none |
none|none | none | none | |
| 19:23:00 | Win2K-f | 221.143.76.73 (GUTZWILLER.CH): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox: 2 hits: 07-27 to 07-27] |
none[none] | none:none |
none|none | none | none | |
| T:19:27:00 | WinXP | 211.244.197.189 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox: 2 hits: 07-27 to 07-27] |
none[none] | none:none |
none|none | none | none | |
| T:19:28:00 | Win2K-f | 218.51.17.189 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:14 hits: 07-13 to 07-15] |
none[none] | none:none |
none|none | none | none |
| 19:29:00 | WinXP | 211.244.197.189 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox: 2 hits: 07-27 to 07-27] |
none[none] | none:none |
none|none | none | none |
| T:19:32:00 | Win2K-f | 124.62.222.96 (-): POWERCOM, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 35 | f3b91cf07b NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:33:00 | WinXP | 61.98.241.253 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:14 hits: 07-13 to 07-15] |
none[none] | none:none |
none|none | none | none |
| 19:34:00 | Win2K-f | 125.224.130.52 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:39:00 | Win2K-f | 58.122.108.9 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none |
| 19:42:00 | Win2K-f | 61.98.11.115 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox: 2 hits: 07-27 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 19:42:00 | WinXP | 219.255.111.241 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:43:00 | Win2K-f | 211.20.28.152 (CARSTAR.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b NEW |
none[none] | none:none |
none|none | none | none |
| 19:44:00 | WinXP | 125.188.65.103 (-): POW-HFC-KANGNAM01, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:54:00 | WinXP | 66.61.147.80 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:55:00 | Win2K-f | 218.55.52.33 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
17 of 35 | 92d303a819 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:55:00 | WinXP | 77.86.119.53 (KCOM.COM): TORCH COMMUNICATIONS LTD, UK. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 47 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:14 hits: 07-13 to 07-15] |
none[none] | none:none |
none|none | none | none | |
| 19:59:00 | Win2K-f | 61.250.147.214 (KRLINE.NET): KRNIC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:01:00 | Win2K-f | 68.150.170.5 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SPRUCE GROVE, ALBERTA, CA. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:05:00 | Win2K-f | 218.190.166.33 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:08:00 | Win2K-f | 71.111.245.126 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.126.126:80 US:205.128.79.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:09:00 | Win2K-f | 206.172.89.51 (BELL.CA): SYMPATICO, COLLINGWOOD, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 139 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:20:20:00 | WinXP | 4.253.135.59 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:500 hits: 05-04 to 07-28] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:20:27:00 | Win2K-f | 122.52.31.122 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:192.221.99.124:80 US:199.93.41.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:23 hits: 06-18 to 07-26] 76ee340669 [Firefox:23 hits: 06-18 to 07-26] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 20:32:00 | WinXP | 218.218.169.2 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:756 hits: 07-11 to 07-28] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:20:41:00 | Win2K-f | 59.115.84.50 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:41:00 | WinXP | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:4.23.60.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:41:00 | Win2K-f | 218.211.207.204 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:50:00 | WinXP | 121.82.209.236 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:62 hits: 12-14 to 07-28] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 20:52:00 | WinXP | 68.118.183.3 (CHARTER.COM): CHARTER COMMUNICATIONS, CONNECTICUT, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 35 | b612788fb5 NEW |
none[none] | none:none |
none|none | none | none | |
| 20:59:00 | Win2K-f | 210.175.200.230 (ICN-NET.NE.JP): ICHINOSEKI CABLE NETWORK CO..LTD, TOKYO, TOKYO, JP. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:20:00 | WinXP | 82.228.138.82 (PROXAD.NET): PROXAD / FREE SAS, LEVALLOIS-PERRET, ILE-DE-FRANCE, FR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | a016783b32 NEW |
none[none] | none:none |
none|none | none | none |
| 21:24:00 | WinXP | 218.37.201.38 (-): HANVITINB-INFRA, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 NEW |
none[none] | none:none |
none|none | none | none |
| 21:30:00 | Win2K-f | 77.253.37.209 (COM.PL): NETIA, PL. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:99 hits: 07-13 to 07-16] |
none[none] | none:none |
none|none | none | none |
| T:21:31:00 | WinXP | 58.231.13.178 (-): THRUNET-INFRA-SEOUL05, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:34:00 | Win2K-f | 221.124.92.172 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:14 hits: 07-13 to 07-15] |
none[none] | none:none |
none|none | none | none | |
| 21:34:00 | WinXP | 209.173.173.176 (RTECEXPRESS.NET): RIDGEVILLE TELEPHONE COMPANY, MANSFIELD, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:40:00 | WinXP | 59.115.84.50 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:99 hits: 07-13 to 07-16] |
none[none] | none:none |
none|none | none | none |
| T:21:44:00 | WinXP | 123.204.110.234 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b NEW |
none[none] | none:none |
none|none | none | none |
| T:21:49:00 | WinXP | 4.157.104.138 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOSTON, MASSACHUSETTS, US. (DIAL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | a12b896387 NEW |
none[none] | none:none |
none|none | none | none |
| 21:53:00 | Win2K-f | 75.63.207.56 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] a08f3b74a4 [Firefox:320 hits: 06-18 to 07-28] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:32:00 | Win2K-f | 221.139.30.196 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 US:208.111.173.52:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
45e0b2544f [Firefox: 3 hits: 07-19 to 07-28] 633a67eac3 [Firefox: 3 hits: 07-19 to 07-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:42:00 | WinXP | 195.174.17.22 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 883ebad119 [Firefox: 3 hits: 03-26 to 05-15] |
11cb10abde [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:55:00 | Win2K-f | 24.189.171.29 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), UNIONDALE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:207.123.46.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:14:00 | WinXP | 208.68.97.150 (HTCPLUS.COM): HOME TOWN TELEPHONE LLC, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.53.125:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] 73f1082158 [Firefox:505 hits: 06-18 to 07-28] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:15:00 | WinXP | 119.72.39.102 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1452 hits: 12-31 to 07-28] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:28:00 | WinXP | 61.124.250.10 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b NEW |
none[none] | none:none |
none|none | none | none |
| T:23:39:00 | Win2K-f | 211.59.165.144 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, BUCHEON CITY, SOUL-T'UKPYOLSI, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.126:80 US:205.128.79.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b [Firefox: 7 hits: 06-18 to 07-25] 857b781ca9 [Firefox: 6 hits: 06-18 to 07-25] |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:23:41:00 | Win2K-f | 75.179.35.8 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:994 hits: 06-17 to 07-28] b7082104e4 [Firefox:62 hits: 06-18 to 07-26] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |