|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:11:00 | Win2K-f | 118.172.242.135 (-): . |
n/a | DE:skathari.oligarxia.com DE:85.214.127.219:59999 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 557c0e2562 [Firefox: 2 hits: 07-24 to 07-26] |
none[none] | none:none |
none|none | none | none |
| T:00:42:00 | WinXP | 87.205.165.247 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | ef641cacaa NEW |
none[none] | none:none |
none|none | none | none |
| 00:48:00 | Win2K-f | 77.86.119.53 (KCOM.COM): TORCH COMMUNICATIONS LTD, UK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:18 hits: 07-13 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:00:51:00 | Win2K-f | 89.117.25.89 (ERDVES.LT): SC LITHUANIAN RADIO AND TV CENTER, VILNIUS, VILNIAUS APSKRITIS, LT. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.126:80 US:205.128.66.126:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 133 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 32 of 35 |
4113025530 NEW e3ca792d99 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:55:00 | Win2K-f | 58.231.13.178 (-): THRUNET-INFRA-SEOUL05, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox: 9 hits: 07-29 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 01:10:00 | WinXP | 118.12.206.227 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:760 hits: 07-11 to 07-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:36:00 | Win2K-f | 75.16.226.12 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:15:00 | WinXP | 193.250.67.126 (ABO.WANADOO.FR): WANADOO, ROTTERDAM, ZUID-HOLLAND, NL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:67 hits: 12-14 to 07-29] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 02:47:00 | WinXP | 59.116.162.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 55f1288a7a [Firefox: 2 hits: 07-25 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 02:50:00 | Win2K-f | 151.23.133.150 (-): INFOSTRADA (IUNET), IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:50 hits: 05-22 to 07-29] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 03:20:00 | Win2K-f | 211.186.128.254 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.44.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:12 hits: 06-20 to 07-27] 9276c8b36b [Firefox:12 hits: 06-20 to 07-27] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:22:00 | WinXP | 212.183.67.145 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
n/a | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:50 hits: 05-22 to 07-29] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:03:22:00 | WinXP | 218.168.79.52 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox:10 hits: 07-13 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 03:24:00 | Win2K-f | 70.44.239.185 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.79.124:80 US:207.123.44.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:27:00 | WinXP | 222.159.0.90 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:230 hits: 09-28 to 07-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:57:00 | WinXP | 83.26.241.231 (TPNET.PL): NEOSTRADA PLUS, BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) |
n/a | DE:siliconfireware.ru :wpad :www.proxy-socks.net DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 330eaa2da2 [Firefox:56 hits: 05-04 to 07-29] |
none[3] | none:none |
ASPack| | none | trace |
| T:03:59:00 | WinXP | 130.13.36.46 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info | 135 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:04:19:00 | WinXP | 86.155.22.227 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:760 hits: 07-11 to 07-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:34:00 | WinXP | 124.195.154.67 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:205.128.79.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:35:00 | Win2K-f | 4.240.27.164 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHOENIX, ARIZONA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:205.128.79.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:02:00 | WinXP | 219.109.124.93 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 35 | ac6ad5d9b9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:08:00 | Win2K-f | 66.50.158.14 (PRTC.NET): PRTC ADSL, SAN JUAN, PUERTO RICO, PR. |
n/a | US:dl.targetsaver.com :speed-runner.com :www.speed-runner.com US:b103.mcboo.com US:206.71.190.187:80 US:216.133.246.155:80 |
135 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:34:00 | WinXP | 218.237.248.201 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 33 of 35 0 of 33 |
09d6505627 NEW 7b1709ae4c NEW e07c29c4ae [Firefox:124 hits: 06-19 to 07-29] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:05:35:00 | Win2K-f | 70.241.115.107 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.124:80 US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:46:00 | WinXP | 221.191.225.76 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 48 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:05:47:00 | Win2K-f | 221.127.103.49 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 202a01088b [Firefox: 2 hits: 06-28 to 06-28] |
none[none] | none:none |
none|none | none | none | |
| 05:48:00 | Win2K-f | 123.254.23.174 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 05:51:00 | WinXP | 70.73.35.220 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 731 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | a58ccb5cc8 NEW |
none[none] | none:none |
none|none | none | none |
| 05:54:00 | Win2K-f | 88.111.143.245 (AS9105.COM): TISCALI UK LTD, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4f2b4b1b01 NEW |
none[none] | none:none |
none|none | none | none |
| 06:05:00 | WinXP | 221.127.34.177 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 35 | a02e7d5927 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:05:00 | Win2K-f | 125.194.219.223 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 06:09:00 | Win2K-f | 78.150.152.112 (OPALTELECOM.NET): OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER, UK. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4f2b4b1b01 NEW |
none[none] | none:none |
none|none | none | none |
| 06:11:00 | WinXP | 220.109.27.63 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:06:14:00 | Win2K-f | 78.146.149.72 (-): OPAL TELECOM DSL, UK. |
n/a | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4f2b4b1b01 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:15:00 | WinXP | 190.84.27.114 (CABLE.NET.CO): TV CABLE S.A, SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 4de42f8aea NEW |
none[none] | none:none |
none|none | none | none |
| 06:15:00 | Win2K-f | 118.240.193.217 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:06:23:00 | Win2K-f | 172.167.166.155 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:26:00 | Win2K-f | 71.112.116.216 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SNOHOMISH, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:30:00 | Win2K-f | 123.224.159.225 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c [Firefox: 9 hits: 07-04 to 07-04] |
none[none] | none:none |
none|none | none | none | |
| 06:32:00 | Win2K-f | 203.148.97.124 (ENJOY.NE.JP): DEODEO CORPORATION, HIROSHIMA, HIROSHIMA, JP. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 6bf9acfa77 [Firefox: 2 hits: 07-01 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 06:34:00 | WinXP | 118.218.21.105 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
45e0b2544f [Firefox: 4 hits: 07-19 to 07-29] 633a67eac3 [Firefox: 4 hits: 07-19 to 07-29] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:38:00 | WinXP | 210.79.160.110 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:230 hits: 09-28 to 07-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:48:00 | Win2K-f | 123.217.99.148 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:06:50:00 | Win2K-f | 123.222.119.15 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c [Firefox: 9 hits: 07-04 to 07-04] |
none[none] | none:none |
none|none | none | none | |
| T:06:51:00 | WinXP | 119.72.89.74 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:52:00 | WinXP | 221.126.131.130 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 06:58:00 | WinXP | 123.222.119.15 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | 605fe84c5c [Firefox: 9 hits: 07-04 to 07-04] |
none[none] | none:none |
none|none | none | none |
| T:07:04:00 | WinXP | 123.254.19.175 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 50 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 07:05:00 | Win2K-f | 78.52.80.142 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 6ad917f76d NEW |
none[none] | none:none |
none|none | none | none |
| T:07:06:00 | WinXP | 123.254.19.197 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 48 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | 6f970e729e NEW |
none[none] | none:none |
none|none | none | none |
| T:07:09:00 | WinXP | 123.254.35.119 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 973d8e4ee5 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:15:00 | Win2K-f | 219.114.97.250 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:07:16:00 | Win2K-f | 91.85.168.246 (ECLIPSE.NET.UK): ECLIPSE NETWORKING LIMITED, UK. |
n/a | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 47 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 07:18:00 | Win2K-f | 118.6.89.198 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 07:22:00 | WinXP | 92.16.206.86 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | HK:proxim.ircgalaxy.pl :chat-shqip.org :w3bs.chat-shqip.org HK:210.245.211.11:80 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 1b8cd29d5d NEW |
none[none] | none:none |
none|none | none | none |
| 07:23:00 | Win2K-f | 125.102.153.179 (UCOM.NE.JP): G-FO0020N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 921683af46 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:29:00 | WinXP | 220.156.86.171 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:760 hits: 07-11 to 07-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:30:00 | Win2K-f | 219.114.97.250 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:07:32:00 | Win2K-f | 81.137.216.248 (BTOPENWORLD.COM): SINGLE STATIC IP ADDRESSES, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:07:38:00 | WinXP | 58.95.230.171 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | 2ebdc0b4c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:39:00 | Win2K-f | 122.134.142.141 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:07:40:00 | WinXP | 189.91.127.172 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:47:00 | WinXP | 80.135.196.21 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, COLOGNE, NORDRHEIN-WESTFALEN, DE. |
n/a | HK:proxim.ircgalaxy.pl :chat-shqip.org :w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 865f8e272f NEW |
none[none] | none:none |
none|none | none | none |
| 08:12:00 | Win2K-f | 118.236.137.102 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 08:14:00 | Win2K-f | 91.65.112.210 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:155 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 08:19:00 | Win2K-f | 122.29.119.175 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 41c5cb7a3f NEW |
none[none] | none:none |
none|none | none | none |
| T:08:21:00 | Win2K-f | 118.240.193.217 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:188 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 08:22:00 | WinXP | 79.132.209.183 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:siliconfireware.ru UA:vit.ln.ua :www.proxy-socks.net :wpad UA:195.189.16.10:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7dd1fe2970 [Firefox:21 hits: 09-07 to 07-22] |
dcc673c815 [0] | ASM:Graph |
ASPack| | lines=374 embedded dns |
trace |
| 08:30:00 | WinXP | 204.193.213.53 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 4c171459ff NEW |
none[none] | none:none |
none|none | none | none |
| 08:42:00 | WinXP | 209.214.200.70 (BELLSOUTH.NET): BELLSOUTH.NET INC, GREENVILLE, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3290 hits: 12-31 to 07-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:43:00 | WinXP | 85.179.72.235 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl :chat-shqip.org :w3bs.chat-shqip.org HK:210.245.211.11:65520 US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | fe166d0103 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:48:00 | Win2K-f | 78.151.125.224 (OPALTELECOM.NET): OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 778acb5418 NEW |
none[none] | none:none |
none|none | none | none | |
| T:08:51:00 | Win2K-f | 68.145.35.23 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:55:00 | WinXP | 67.10.216.235 (RR.COM): ROAD RUNNER HOLDCO LLC, SUGAR LAND, TEXAS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1454 hits: 12-31 to 07-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:56:00 | WinXP | 67.10.216.235 (RR.COM): ROAD RUNNER HOLDCO LLC, SUGAR LAND, TEXAS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1454 hits: 12-31 to 07-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:04:00 | WinXP | 41.214.176.173 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | a12b896387 NEW |
none[none] | none:none |
none|none | none | none |
| 09:11:00 | WinXP | 78.151.125.224 (OPALTELECOM.NET): OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER, UK. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | e40e9380f6 NEW |
none[none] | none:none |
none|none | none | none |
| 09:15:00 | WinXP | 85.180.170.132 (ALICEDSL.DE): HANSENET-ADSL, FRANKFURT, HESSEN, DE. (DSL) |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4f2b4b1b01 NEW |
none[none] | none:none |
none|none | none | none |
| 09:24:00 | WinXP | 4.225.136.202 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:36:00 | WinXP | 122.16.70.103 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 35 | c45aab91d2 NEW |
none[none] | none:none |
none|none | none | none |
| 09:40:00 | WinXP | 82.209.222.204 (BELPAK.BREST.BY): REPUBLICAN UNITARY ENTERPRISE BELTELECOM, BY. |
n/a | DE:siliconfireware.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:504 hits: 05-04 to 07-29] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:10:18:00 | WinXP | 67.150.169.63 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad EU:ebookfinaltrash.ru US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:504 hits: 05-04 to 07-29] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 10:33:00 | Win2K-f | 98.174.80.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] 73f1082158 [Firefox:514 hits: 06-18 to 07-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:42:00 | Win2K-f | 4.172.165.42 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROOKLYN, NEW YORK, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:45:00 | Win2K-f | 4.191.220.169 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SODDY DAISY, TENNESSEE, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 35 | 2ed62aa467 NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:48:00 | WinXP | 64.171.161.4 (PACBELL.NET): TERRA LINDA FNCL INC, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:01:00 | Win2K-f | 208.126.40.48 (-): WESTERN IOWA NETWORKS, BREDA, IOWA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:07:00 | WinXP | 92.227.198.64 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 4f2b4b1b01 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:24:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:38:00 | Win2K-f | 69.228.105.112 (PACBELL.NET): PPPOX POOL - RBACK11 SCRM01 062104-11949, SACRAMENTO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.66.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:43:00 | Win2K-f | 24.80.100.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:49:00 | WinXP | 92.41.195.28 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 971f716c7f [Firefox: 3 hits: 04-10 to 07-09] |
4373aeb95c [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| T:11:50:00 | Win2K-f | 199.224.94.249 (EPIX.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, MOUNTAIN TOP, PENNSYLVANIA, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.126:80 US:207.123.37.125:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
ba4637f8f0 [Firefox: 2 hits: 07-01 to 07-23] d02ae67164 [Firefox: 2 hits: 07-01 to 07-23] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:56:00 | WinXP | 83.91.162.124 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, SVENDBORG, FYN, DK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f5a40500f2 [Firefox:24 hits: 05-08 to 06-27] |
none[none] | none:none |
none|none | none | none |
| 12:03:00 | Win2K-f | 70.78.212.223 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 33 of 35 |
03f242275e NEW 31d5e9cb41 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:06:00 | WinXP | 60.32.29.34 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org US:75.66.100.3:12351 US:75.66.100.3:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:225 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:12:13:00 | Win2K-f | 124.241.151.57 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
72.10.172.211:8080 | HK:proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-01.mx.aol.com BE:ftp.scarlet.be US:yutunrz.1dumb.com CA:xx.ka3ek.com CA:alwayssam.com CA:zonetech.info US:130.107.134.181:2085 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http irc 761 lines |
Yeah : 1.8 profile |
none | summary tarball |
16 of 35 30 of 33 8 of 35 16 of 35 |
474312616d [Firefox: 4 hits: 07-23 to 07-29] 48a8b58d74 NEW 62376cb971 [Firefox: 4 hits: 07-23 to 07-29] d717616974 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 12:14:00 | WinXP | 87.205.236.231 (-): INTERNETIA, VIENNA, WIEN, AT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox:14 hits: 04-21 to 07-14] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 12:18:00 | Win2K-f | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:35:00 | WinXP | 208.68.97.150 (HTCPLUS.COM): HOME TOWN TELEPHONE LLC, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] 73f1082158 [Firefox:514 hits: 06-18 to 07-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:52:00 | Win2K-f | 172.166.69.98 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.124:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:59:00 | WinXP | 122.147.99.13 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:06:00 | WinXP | 64.149.156.253 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.RENOCS, RENO, NEVADA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:323 hits: 05-01 to 07-28] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 13:14:00 | WinXP | 76.215.111.250 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 308 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
2a4ec56dfe [Firefox: 3 hits: 07-10 to 07-24] 37de553249 [Firefox: 3 hits: 07-10 to 07-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:38:00 | WinXP | 172.135.39.197 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.79.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:11 hits: 07-03 to 07-27] c73f738c30 [Firefox:11 hits: 07-03 to 07-27] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:44:00 | WinXP | 116.126.249.246 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.126:80 US:199.93.44.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox: 8 hits: 06-18 to 07-29] bcf66a38c8 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:13:45:00 | WinXP | 12.74.21.225 (ATT.NET): AT&T WORLDNET SERVICES, SAN ANGELO, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:509 hits: 12-31 to 07-28] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:05:00 | WinXP | 218.237.248.201 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 33 of 35 |
09d6505627 NEW 7b1709ae4c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:08:00 | Win2K-f | 70.44.239.185 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1013 hits: 06-17 to 07-29] a08f3b74a4 [Firefox:330 hits: 06-18 to 07-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |