|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:11:58:00 | WinXP | 87.61.177.7 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 25d78144c5 NEW |
none[none] | none:none |
none|none | none | none |
| 11:58:00 | WinXP | 221.171.208.60 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 33 | b1bcfb40a8 NEW |
none[none] | none:none |
none|none | none | none |
| 12:01:00 | WinXP | 125.175.28.254 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 12:02:00 | Win2K-f | 123.222.122.78 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 12:14:00 | WinXP | 76.241.156.92 (-): SE4.BCVLOH PPPOX, RICHARDSON, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 0 of 36 |
0ada72d805 [Firefox:36 hits: 05-17 to 07-29] 5a417b0ef6 NEW |
239ec78f15 [0] none [none] |
ASM:Graph none:none |
ASPack| none|none |
lines=281 embedded dns none |
trace none |
| 12:23:00 | Win2K-f | 202.70.251.211 (ONINET.NE.JP): OKAYAMA NETWORK INC, OKAYAMA, OKAYAMA, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 12:34:00 | WinXP | 88.111.173.48 (AS9105.COM): TISCALI UK LTD, MANCHESTER, ENGLAND, UK. (DSL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 12:35:00 | WinXP | 189.109.34.102 (-): . |
210.245.211.11:65520 194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 13136bfffc NEW |
none[none] | none:none |
none|none | none | none |
| 12:37:00 | Win2K-f | 78.146.67.195 (-): OPAL TELECOM DSL, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 3f8d1c3246 [Firefox: 4 hits: 06-28 to 06-30] |
none[none] | none:none |
none|none | none | none | |
| T:12:37:00 | Win2K-f | 4.174.230.170 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BERWICK, PENNSYLVANIA, US. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com |
135 | pcap | raw alerts ruleset |
http irc 967 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 34 of 36 20 of 36 32 of 36 0 of 32 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 7858181cae NEW 8d7113c2ce NEW ada2e3617c NEW b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[none] none [none] none [none] none [none] none [none] b5919931fe[1] |
none:none none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none none|none ASProtect| |
none none none none none lines=90 |
none none none none none trace |
| 12:45:00 | Win2K-f | 130.13.128.193 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 188 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 [Firefox: 2 hits: 07-29 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| T:12:46:00 | Win2K-f | 130.13.128.193 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 185 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 [Firefox: 2 hits: 07-29 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 12:48:00 | WinXP | 66.19.119.159 (USLEC.NET): USLEC CORP, SUMNER, WASHINGTON, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1456 hits: 12-31 to 07-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:54:00 | WinXP | 89.243.80.212 (-): OPAL TELECOM DSL, LONDON, ENGLAND, UK. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 34 | 943b7b35f9 NEW |
none[none] | none:none |
none|none | none | none |
| 12:56:00 | Win2K-f | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:59:00 | WinXP | 204.193.217.0 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru DE:dl2.teenpassage.com SE:ozbytes.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | 4c171459ff [Firefox: 2 hits: 07-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 13:00:00 | WinXP | 204.193.217.0 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | 4c171459ff [Firefox: 2 hits: 07-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 13:02:00 | Win2K-f | 89.245.248.19 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 179 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8703de6ee1 NEW 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:13:03:00 | Win2K-f | 170.51.250.73 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:05:00 | WinXP | 88.134.107.174 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 64 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 36 | 82c155322b NEW |
none[none] | none:none |
none|none | none | none |
| 13:07:00 | Win2K-f | 91.66.95.13 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 48 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 33 | d91d29e04d NEW |
none[none] | none:none |
none|none | none | none |
| 13:09:00 | WinXP | 41.241.134.247 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
194.54.90.246:80 | UA:citi-bank.ru US:adult-empire.com |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3291 hits: 12-31 to 07-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:26:00 | Win2K-f | 70.165.19.46 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:27:00 | Win2K-f | 118.6.181.70 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 13:36:00 | Win2K-f | 205.168.223.27 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, GRAND JUNCTION, COLORADO, US. |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 13:42:00 | WinXP | 200.38.21.89 (TELNOR.NET): TELEFONOS DEL NOROESTE S.A. DE C.V, TIJUANA, MEXICO, MX. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1144 hits: 05-01 to 07-28] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:47:00 | WinXP | 84.9.148.128 (BULLDOGDSL.COM): BKL-BAS-002 DYNAMIC IP POOL, READING, ENGLAND, UK. (DSL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:13:47:00 | Win2K-f | 123.225.135.127 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 216 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 34 of 36 17 of 35 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 4a7b14e413 NEW 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:13:53:00 | WinXP | 82.10.2.10 (NTL.COM): NTL INFRASTRUCTURE - RENFREW, NEWPORT, WALES, UK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1456 hits: 12-31 to 07-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:59:00 | Win2K-f | 85.243.126.174 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, LAGOS, FARO, PT. (DSL) |
190.174.67.119:13001 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 149 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 36 19 of 35 17 of 35 |
2a94c1b242 NEW 37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 13:59:00 | WinXP | 66.245.91.175 (MINDSPRING.COM): EARTHLINK INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 5dd30b63fe NEW |
none[none] | none:none |
none|none | none | none | |
| 14:09:00 | Win2K-f | 89.240.71.241 (84.IN-ADDR.ARPA): OPAL TELECOM DSL NETWORK, LONDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 14:13:00 | Win2K-f | 118.21.25.229 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:14:13:00 | Win2K-f | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:14:00 | WinXP | 65.5.50.159 (BELLSOUTH.NET): BELLSOUTH.NET INC, SALT LAKE CITY, UTAH, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:20:00 | WinXP | 81.157.196.57 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 45 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:14:22:00 | Win2K-f | 75.10.103.25 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
irc 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:28:00 | Win2K-f | 70.182.92.124 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:28:00 | Win2K-f | 116.127.214.246 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:29:00 | WinXP | 76.233.36.30 (SWBELL.NET): PPPOX POOL - RBACK1.AUSTTX, DALLAS, TEXAS, US. |
n/a | RU:moscow-advokat.ru BE:london.uk.eu.undernet.org :caen.fr.eu.undernet.org :washington.dc.us.undernet.org :irc.kar.net AT:graz.at.eu.undernet.org :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org :flanders.be.eu.undernet.org RU:irc.tsk.ru :brussels.be.eu.undernet.org US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:69 hits: 05-01 to 07-29] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 14:32:00 | WinXP | 58.188.28.228 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com :chat-shqip.org |
445 | pcap | raw alerts ruleset |
ftp irc http 162 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 17 of 33 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 64477225c9 [Firefox: 4 hits: 06-28 to 06-30] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:14:36:00 | WinXP | 118.0.5.125 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 91 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 33 | a793802e3c [Firefox: 2 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 14:39:00 | WinXP | 58.157.121.189 (UCOM.NE.JP): IML, JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:14:42:00 | WinXP | 130.13.119.77 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc http 371 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 34 19 of 35 17 of 35 20 of 36 |
07ad6afc45 [Firefox: 2 hits: 07-27 to 07-27] 37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 14:43:00 | WinXP | 121.73.84.83 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 357 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 31 of 33 0 of 33 |
0f55e617b4 [Firefox: 2 hits: 06-25 to 07-10] 4c764cd519 [Firefox: 2 hits: 06-25 to 07-10] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 14:45:00 | Win2K-f | 172.162.31.138 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 14:45:00 | WinXP | 130.13.119.77 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc http 366 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 34 19 of 35 17 of 35 20 of 36 |
07ad6afc45 [Firefox: 2 hits: 07-27 to 07-27] 37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 14:46:00 | WinXP | 63.109.247.248 (NEWSKIES.NET): BT LIMITED, BEIRUT, BEYROUTH, LB. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 68 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] b7082104e4 [Firefox:63 hits: 06-18 to 07-29] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:14:47:00 | Win2K-f | 170.51.214.98 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:14:48:00 | WinXP | 205.168.223.27 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, GRAND JUNCTION, COLORADO, US. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:14:52:00 | Win2K-f | 58.157.106.34 (UCOM.NE.JP): KG, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:57:00 | WinXP | 122.221.197.184 (UCOM.NE.JP): UCOM CORP, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 | 5ae6ba0e57 NEW |
none[none] | none:none |
none|none | none | none |
| 15:10:00 | Win2K-f | 122.16.92.4 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | c77830a49b NEW |
none[none] | none:none |
none|none | none | none | |
| 15:14:00 | WinXP | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 1445 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 19 of 35 17 of 35 20 of 36 29 of 33 0 of 33 |
1f59c01aef NEW 37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW dc92683d9a [Firefox: 6 hits: 06-19 to 07-21] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[none] none [none] none [none] none [none] dc92683d9a[1] e07c29c4ae[1] |
none:none none:none none:none none:none ASM:Graph ASM:Graph |
none|none none|none none|none none|none Armadillo| FSG| |
none none none none lines=82 lines=92 |
none none none none trace trace |
| 15:15:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 57ce4acac2 [Firefox:84 hits: 06-17 to 07-29] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:19:00 | Win2K-f | 151.33.179.23 (33-151.IOL.IT): ITALIA ONLINE S.P.A, TORINO, PIEMONTE, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:15:21:00 | WinXP | 83.91.9.59 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http http 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1144 hits: 05-01 to 07-28] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 15:32:00 | WinXP | 77.57.90.11 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com GB:www.chechenpress.co.uk :www.google.com FI:static.kavkazchat.com US:www.counterdata.com DE:m1.webstats.motigo.com :www.google-analytics.com US:video.google.com RU:video.rutube.ru :www.islamicfinder.org US:www.youtube.com US:www.vimeo.com :wpad |
445 | pcap | raw alerts ruleset |
http http 535 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
25dc6a276f NEW ab5e47bf8d [Firefox:58 hits: 05-10 to 07-22] |
none[none] none [3] |
none:none none:none |
none|none ASPack| |
none none |
none trace |
| 15:32:00 | WinXP | 82.66.177.239 (PROXAD.NET): PROXAD / FREE SAS, MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxima.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 183 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 34 of 36 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 5fb145e8da NEW 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:15:35:00 | WinXP | 97.104.17.146 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com EU:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http http 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1144 hits: 05-01 to 07-28] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 15:35:00 | Win2K-f | 170.51.186.234 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1c96574ad7 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:37:00 | Win2K-f | 58.88.235.187 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 15:38:00 | Win2K-f | 122.132.165.243 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:15:54:00 | WinXP | 122.29.112.216 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:763 hits: 07-11 to 07-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:55:00 | WinXP | 122.22.246.98 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org |
445 | pcap | raw alerts ruleset |
ftp irc 70 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 16:04:00 | WinXP | 144.134.163.25 (TMNS.NET.AU): TELSTRAINTERNET27, MELBOURNE, VICTORIA, AU. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 198 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 16:15:00 | WinXP | 219.109.155.114 (ICN-NET.NE.JP): ICHINOSEKI CABLE NETWORK CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:763 hits: 07-11 to 07-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:16:18:00 | WinXP | 84.187.211.206 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, AACHEN, NORDRHEIN-WESTFALEN, DE. (DIAL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 16:19:00 | WinXP | 66.19.113.39 (USLEC.NET): USLEC CORP, BELLEVUE, WASHINGTON, US. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net :washington.dc.us.undernet.org NL:diemen.nl.eu.undernet.org SE:vancouver.dal.net :gaspode.zanet.org.za :lulea.se.eu.undernet.org :caen.fr.eu.undernet.org NL:london.uk.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1456 hits: 12-31 to 07-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:22:00 | Win2K-f | 88.110.90.188 (AS9105.COM): TISCALI UK LTD, UK. (DSL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 16:27:00 | WinXP | 71.65.24.157 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:232 hits: 09-28 to 07-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:29:00 | Win2K-f | 98.121.74.236 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:35:00 | WinXP | 79.76.191.42 (AS9105.COM): TELINCO, UK. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 191 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 34 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW b89d93b3b7 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 16:36:00 | WinXP | 58.157.106.34 (UCOM.NE.JP): KG, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:46:00 | WinXP | 220.215.130.56 (CATV01.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:232 hits: 09-28 to 07-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:49:00 | Win2K-f | 170.51.73.38 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:16:50:00 | Win2K-f | 221.126.95.231 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 16:52:00 | Win2K-f | 12.219.244.12 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:00:00 | WinXP | 70.165.19.46 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:05:00 | WinXP | 24.109.77.54 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 NEW |
none[none] | none:none |
none|none | none | none |
| 17:06:00 | Win2K-f | 170.51.215.228 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 17:11:00 | Win2K-f | 219.160.23.207 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 17:17:00 | WinXP | 123.216.50.15 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 36 | 632ff4f5ed NEW |
none[none] | none:none |
none|none | none | none |
| T:17:18:00 | WinXP | 125.195.68.169 (MESH.AD.JP): NEC CORPORATION, JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 17:21:00 | WinXP | 125.215.110.4 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 59 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 36 | 40d00d56dc NEW |
none[none] | none:none |
none|none | none | none |
| 17:30:00 | WinXP | 119.11.79.59 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7ce2f4c7ac NEW |
none[none] | none:none |
none|none | none | none | |
| 17:33:00 | Win2K-f | 120.75.113.176 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 91a39be2d1 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:38:00 | Win2K-f | 217.34.42.213 (BTOPENWORLD.COM): SINGLE STATIC IP ADDRESSES, FARNHAM, ENGLAND, UK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 925 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 31 of 34 17 of 35 30 of 32 20 of 36 0 of 32 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 4864a03a4b NEW 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 7452c8448d [Firefox: 7 hits: 06-17 to 07-24] 8d7113c2ce NEW b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[none] none [none] none [none] none [4] none [none] b5919931fe[1] |
none:none none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none PolyEnE| none|none ASProtect| |
none none none none none lines=90 |
none none none trace none trace |
| 17:39:00 | Win2K-f | 219.111.184.254 (SO-NET.NE.JP): SO-NET ENTERTAINMENT CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 17:39:00 | WinXP | 97.104.17.146 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru US:spi.domainsponsor.com :wpad GB:new.egg.com RU:www.vtb.ru |
445 | pcap | raw alerts ruleset |
http http http http 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 0 of 36 |
7df90a96ba NEW a12cab51ef [Firefox:1144 hits: 05-01 to 07-28] a4c7eaf6c0 NEW |
none[none] 40f7f463c4[0] none [none] |
none:none ASM:Graph none:none |
none|none ASPack| none|none |
none lines=281 embedded dns none |
none trace none |
| 17:46:00 | Win2K-f | 98.134.200.87 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com US:206.251.244.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 877 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 28 of 33 31 of 33 20 of 36 0 of 32 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 6d86a1ff5a [Firefox:24 hits: 06-25 to 07-29] 7f6e032fc0 [Firefox:24 hits: 06-25 to 07-29] 8d7113c2ce NEW b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[none] none [none] none [none] none [none] none [none] b5919931fe[1] |
none:none none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none none|none ASProtect| |
none none none none none lines=90 |
none none none none none trace |
| 17:47:00 | WinXP | 118.109.105.73 (-): . |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 36 | da7e62b29d NEW |
none[none] | none:none |
none|none | none | none |
| 17:53:00 | WinXP | 122.29.79.134 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org DE:dl2.teenpassage.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 47 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 | 10439d86a5 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:08:00 | WinXP | 60.34.69.50 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 181 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 17 of 32 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW b169ddd225 [Firefox: 2 hits: 06-29 to 06-30] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:18:08:00 | WinXP | 98.25.97.90 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1456 hits: 12-31 to 07-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:12:00 | Win2K-f | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 18:15:00 | Win2K-f | 119.11.102.96 (-): . |
n/a | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 36 | f5e257ce96 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:20:00 | WinXP | 4.229.186.118 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DETROIT, MICHIGAN, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:232 hits: 09-28 to 07-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:25:00 | Win2K-f | 118.236.168.214 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 18:25:00 | WinXP | 130.13.101.194 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
92.114.4.2:6667 | :irc.qifort.rr.nu | 445 | pcap | raw alerts ruleset |
ftp irc 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | d5a7eb7c3b NEW |
none[none] | none:none |
none|none | none | none |
| T:18:26:00 | WinXP | 130.13.101.194 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 410 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 34 19 of 35 17 of 35 20 of 36 |
07ad6afc45 [Firefox: 2 hits: 07-27 to 07-27] 37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 18:26:00 | Win2K-f | 124.85.167.117 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 18:28:00 | Win2K-f | 116.81.83.249 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 88d0c0c4f6 NEW |
none[none] | none:none |
none|none | none | none |
| 18:30:00 | Win2K-f | 81.93.69.213 (TEOL.NET): TELEKOMUNIKACIJE REPUBLIKE SRPSKE AKCIONARSKO DRUSTVO, GRADISKA, REPUBLIKA SRPSKA, BA. (DIAL) |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | 8c6b98ffe4 [Firefox: 4 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:18:32:00 | Win2K-f | 122.18.152.102 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 184 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 27 of 36 17 of 35 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 3f3ec5daad NEW 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 18:33:00 | WinXP | 76.200.150.45 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:68 hits: 12-14 to 07-30] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:18:41:00 | Win2K-f | 222.149.55.210 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 18:43:00 | Win2K-f | 119.72.44.226 (-): . |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 172 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 22 of 33 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 869081411d [Firefox: 3 hits: 06-27 to 07-01] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 18:43:00 | Win2K-f | 170.51.102.114 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:52 hits: 05-22 to 07-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 18:44:00 | WinXP | 220.220.220.107 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 44 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 18:59:00 | Win2K-f | 123.254.41.109 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:18:59:00 | Win2K-f | 122.221.199.209 (UCOM.NE.JP): UCOM CORP, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
25 of 35 | 9148a88cfd NEW |
none[none] | none:none |
none|none | none | none |
| T:19:14:00 | Win2K-f | 61.34.136.99 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 9 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:15:00 | WinXP | 70.119.55.212 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:15:00 | Win2K-f | 89.240.233.229 (84.IN-ADDR.ARPA): OPAL TELECOM DSL NETWORK, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:19:18:00 | WinXP | 122.26.145.27 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com :chat-shqip.org |
445 | pcap | raw alerts ruleset |
ftp irc http 163 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 34 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW faec09a934 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:19:23:00 | WinXP | 66.103.229.149 (MIPOPS.COM): GLISNET INC, ALGONAC, MICHIGAN, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 9373130c42 [Firefox:31 hits: 01-24 to 05-07] |
0945dbe41c [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:25:00 | Win2K-f | 122.133.2.212 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:19:26:00 | WinXP | 118.8.178.218 (-): . |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com :chat-shqip.org US:wr.mcboo.com |
445 | pcap | raw alerts ruleset |
ftp irc http 214 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 34 of 36 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 7710220cac NEW 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:19:28:00 | Win2K-f | 70.73.107.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:30:00 | Win2K-f | 124.86.155.233 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 19:30:00 | Win2K-f | 118.236.168.214 (-): . |
n/a | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 19:31:00 | WinXP | 89.244.233.184 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 51 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 37cd59759e NEW |
none[none] | none:none |
none|none | none | none |
| 19:31:00 | Win2K-f | 118.236.120.99 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 465 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 34 of 36 17 of 35 20 of 36 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5a00a305d9 NEW 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 19:31:00 | WinXP | 221.127.193.78 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
190.174.67.119:13001 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 75 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 8f63f0d2a2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:32:00 | WinXP | 80.96.13.120 (RNC.RO): RNC, CONSTANTA, CONSTANTA, RO. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 76 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 19:45:00 | Win2K-f | 69.232.233.96 (PACBELL.NET): PPPOX POOL - BRAS12 PLTN, OAKLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:19:45:00 | Win2K-f | 118.241.154.152 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:19:46:00 | WinXP | 202.70.249.50 (ONINET.NE.JP): OKAYAMA NETWORK INC, TOKYO, TOKYO, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 68 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 19:48:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 19:53:00 | Win2K-f | 124.84.193.247 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 19:53:00 | WinXP | 130.13.55.49 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 184 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 35 | 35085295a6 [Firefox: 4 hits: 07-28 to 07-28] |
none[none] | none:none |
none|none | none | none | |
| T:19:56:00 | WinXP | 76.168.73.62 (RR.COM): ROAD RUNNER HOLDCO LLC, VENICE, CALIFORNIA, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:510 hits: 12-31 to 07-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:59:00 | Win2K-f | 130.13.55.49 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 184 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 35 | 35085295a6 [Firefox: 4 hits: 07-28 to 07-28] |
none[none] | none:none |
none|none | none | none | |
| T:20:06:00 | WinXP | 118.3.90.116 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 45 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 | cfaeeb74d4 [Firefox: 2 hits: 07-28 to 07-28] |
none[none] | none:none |
none|none | none | none |
| T:20:07:00 | WinXP | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:20:10:00 | Win2K-f | 116.81.83.249 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 88d0c0c4f6 NEW |
none[none] | none:none |
none|none | none | none |
| 20:17:00 | Win2K-f | 125.215.76.138 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 20:18:00 | WinXP | 123.221.239.231 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:20:19:00 | Win2K-f | 122.29.119.175 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 | 14fd72f162 NEW |
none[none] | none:none |
none|none | none | none |
| 20:25:00 | WinXP | 98.30.40.85 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3291 hits: 12-31 to 07-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:33:00 | WinXP | 4.230.222.241 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:34:00 | WinXP | 63.245.183.231 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, BURLINGTON, KANSAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:32 hits: 03-24 to 07-23] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:34:00 | Win2K-f | 70.65.78.10 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 1095 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 0 of 32 |
644b2a1105 NEW 9c9ab20965 NEW b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 20:35:00 | WinXP | 211.213.56.83 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 1119 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 34 of 36 0 of 33 |
168aab35a3 [Firefox:75 hits: 06-17 to 07-28] 4ebdcb3c7d NEW e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 20:37:00 | Win2K-f | 218.211.220.50 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:47:00 | WinXP | 202.71.56.189 (WARABI.NE.JP): WARABI CABLE VISION CO. LTD, WARABI, SAITAMA, JP. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:ced.dal.net :lulea.se.eu.undernet.org :washington.dc.us.undernet.org NL:london.uk.eu.undernet.org NL:diemen.nl.eu.undernet.org :flanders.be.eu.undernet.org :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net SE:ozbytes.dal.net :los-angeles.ca.us.undernet.org SE:qis.md.us.dal.net SE:vancouver.dal.net :brussels.be.eu.undernet.org :gaspode.zanet.org.za SE:viking.dal.net US:lia.zanet.net SE:coins.dal.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox: 8 hits: 04-05 to 07-19] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 20:49:00 | Win2K-f | 93.80.68.26 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:microsoft.com US:download.microsoft.com HK:210.245.211.11:80 DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
irc 3 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:50:00 | Win2K-f | 221.127.39.63 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 20:54:00 | WinXP | 24.80.171.205 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:55:00 | Win2K-f | 118.236.21.238 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 | 954a187fb3 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:57:00 | WinXP | 118.3.116.153 (-): . |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 48 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:21:00:00 | WinXP | 4.230.234.158 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru US:adult-empire.com |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3291 hits: 12-31 to 07-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:11:00 | Win2K-f | 125.215.67.88 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 7a14662381 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:11:00 | Win2K-f | 221.185.180.132 (OCN.NE.JP): OPEN COMPUTER NETWORK, DENPASAR, BALI, ID. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 21:15:00 | Win2K-f | 24.195.224.179 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 21:22:00 | WinXP | 221.126.145.183 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
190.174.67.119:13001 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 58 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 | 011af15e19 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:24:00 | Win2K-f | 119.72.9.222 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:24:00 | WinXP | 124.26.215.220 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 21:25:00 | WinXP | 97.94.109.231 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] 73f1082158 [Firefox:516 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:25:00 | Win2K-f | 216.203.250.152 (ALGX.NET): XO COMMUNICATIONS, SCOTTSDALE, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:21:27:00 | WinXP | 200.100.176.47 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9f445f9783 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:33:00 | WinXP | 122.17.12.117 (OCN.NE.JP): OPEN COMPUTER NETWORK, QUEZON CITY, MANILA, PH. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:bfb88.a1001186.wrs.mcboo.com |
445 | pcap | raw alerts ruleset |
shell ftp irc http 254 lines |
Yeah : 1.8 profile |
none | summary tarball |
11 of 36 17 of 35 20 of 36 36 of 36 |
2e2a6fdcdb NEW 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] 8d7113c2ce NEW 996e09cd66 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 21:43:00 | Win2K-f | 123.222.134.220 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 21:44:00 | Win2K-f | 116.123.35.174 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 101 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 32 |
168aab35a3 [Firefox:75 hits: 06-17 to 07-28] 667f0c59f3 [Firefox: 7 hits: 07-04 to 07-27] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| none|none ASProtect| |
none none lines=90 |
trace none trace |
| 21:44:00 | WinXP | 118.7.218.193 (-): . |
210.245.211.11:65520 190.174.67.119:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.143.2:80 |
445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 36 | c0a1d93531 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:46:00 | WinXP | 74.141.73.11 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, LOUISVILLE, KENTUCKY, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1456 hits: 12-31 to 07-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:21:46:00 | Win2K-f | 84.237.128.87 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 21:51:00 | Win2K-f | 84.237.128.87 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:21:58:00 | WinXP | 219.126.177.181 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com :wpad |
445 | pcap | raw alerts ruleset |
irc http 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:01:00 | WinXP | 71.112.116.216 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SNOHOMISH, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:08:00 | Win2K-f | 221.127.39.63 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:22:10:00 | Win2K-f | 120.75.103.228 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 22:11:00 | Win2K-f | 221.127.192.74 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | ec3d13cabe [Firefox: 2 hits: 06-27 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 22:15:00 | Win2K-f | 116.126.200.26 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 104 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 30 of 33 29 of 32 |
b5919931fe [Firefox:160 hits: 06-20 to 07-29] f10855e3e1 [Firefox: 2 hits: 06-19 to 07-25] f7f799f818 [Firefox: 3 hits: 06-19 to 07-25] |
b5919931fe [1] f10855e3e1[1] none [4] |
ASM:Graph ASM:Graph none:none |
ASProtect| Armadillo| tElock| |
lines=90 lines=82 none |
trace trace trace |
| 22:16:00 | WinXP | 119.65.188.207 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 36 | 4a86735688 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:16:00 | WinXP | 58.125.87.63 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox:10 hits: 07-29 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:22:19:00 | WinXP | 58.59.207.243 (163DATA.COM.CN): CHINANET GUANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
210.245.211.11:65520 | IL:ksn.a1001186.wrs.mcboo.com HK:proxim.ircgalaxy.pl |
445 | pcap | raw alerts ruleset |
irc http 40 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 35 17 of 35 |
37f41fd8ab [Firefox: 7 hits: 07-24 to 07-26] 5ab0a45f63 [Firefox: 8 hits: 07-24 to 07-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:19:00 | Win2K-f | 58.122.108.9 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox:10 hits: 07-29 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 22:19:00 | WinXP | 58.59.207.243 (163DATA.COM.CN): CHINANET GUANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 001b6f7107 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:20:00 | WinXP | 24.80.100.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:24:00 | Win2K-f | 24.74.125.220 (RR.COM): ROAD RUNNER HOLDCO LLC, BENICIA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 22:25:00 | WinXP | 219.250.219.191 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox:10 hits: 07-29 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 22:29:00 | WinXP | 24.84.175.221 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:324 hits: 05-01 to 07-30] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:22:30:00 | WinXP | 85.152.193.172 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 36 | 857f13ab34 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:32:00 | Win2K-f | 62.145.208.181 (CABLE4U.NL): CABLE4U CABLE INTERNET PROVIDER, CULEMBORG, GELDERLAND, NL. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 2 hits: 07-29 to 07-29] |
none[none] | none:none |
none|none | none | none | |
| 22:35:00 | WinXP | 212.163.51.41 (LOCALHOST): CONCERT, ES. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 6c36e19037 [Firefox:13 hits: 06-22 to 07-15] |
none[4] | none:none |
none|none | none | trace | |
| T:22:36:00 | WinXP | 118.7.1.22 (-): . |
190.174.67.119:13001 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 22:39:00 | Win2K-f | 118.7.1.22 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| T:22:40:00 | WinXP | 222.233.39.115 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 NEW |
none[none] | none:none |
none|none | none | none |
| 22:55:00 | WinXP | 122.29.27.121 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:232 hits: 09-28 to 07-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:55:00 | Win2K-f | 118.4.56.63 (-): . |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:161 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:23:00:00 | Win2K-f | 58.0.108.201 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
190.174.67.119:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 36 | 7467b433ff NEW |
none[none] | none:none |
none|none | none | none |
| T:23:02:00 | WinXP | 70.183.235.134 (COX.NET): COX COMMUNICATIONS, PENSACOLA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 23:04:00 | Win2K-f | 67.62.51.160 (CAVTEL.NET): CAVALIER, BALTIMORE, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:05:00 | Win2K-f | 211.215.44.14 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
irc http 93 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 30 of 32 0 of 32 |
4c3df24b32 [Firefox:121 hits: 06-17 to 07-29] 8390780c27 [Firefox:29 hits: 06-18 to 07-29] b5919931fe [Firefox:160 hits: 06-20 to 07-29] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 23:05:00 | WinXP | 211.178.100.116 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox: 6 hits: 07-27 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:23:09:00 | Win2K-f | 122.24.250.202 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 | da692d54b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:10:00 | Win2K-f | 80.96.145.177 (-): SC-GENIUS-NETWORK-SRL, GALATI, GALATI, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | bcae797d03 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:10:00 | WinXP | 116.42.55.50 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 36 | 5dd1412e3e NEW |
none[none] | none:none |
none|none | none | none | |
| 23:13:00 | WinXP | 70.76.139.162 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:80 DE:85.114.143.2:80 |
135 | pcap | raw alerts ruleset |
http irc 1332 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 0 of 33 |
81264c16dd [Firefox: 4 hits: 07-03 to 07-26] 9a91743938 [Firefox: 5 hits: 07-03 to 07-27] e07c29c4ae [Firefox:125 hits: 06-19 to 07-30] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:23:14:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:17:00 | WinXP | 58.91.183.64 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:763 hits: 07-11 to 07-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:20:00 | WinXP | 60.236.100.163 (MESH.AD.JP): NEC CORPORATION, YOKOHAMA, KANAGAWA, JP. |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:12351 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 56 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| T:23:24:00 | WinXP | 70.62.193.159 (RR.COM): ROAD RUNNER HOLDCO LLC, MENTOR, OHIO, US. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:101 hits: 07-13 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 23:24:00 | Win2K-f | 118.236.181.122 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:194 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 23:39:00 | Win2K-f | 77.86.6.20 (KCOM.COM): TORCH COMMUNICATIONS LTD, UK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:19 hits: 07-13 to 07-30] |
none[none] | none:none |
none|none | none | none | |
| 23:39:00 | Win2K-f | 221.125.129.208 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 36 | 3093fbf7cb NEW |
none[none] | none:none |
none|none | none | none | |
| 23:44:00 | WinXP | 211.24.147.74 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:44:00 | Win2K-f | 121.114.148.124 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:50:00 | WinXP | 118.7.189.53 (-): . |
190.174.67.119:12351 | :chat-shqip.org :w3bs.chat-shqip.org 190.174.67.119:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:231 hits: 06-27 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 23:50:00 | WinXP | 218.48.16.223 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox:10 hits: 07-29 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 23:52:00 | Win2K-f | 218.211.83.32 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:58:00 | Win2K-f | 124.27.144.110 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
190.174.67.119:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | 88d0c0c4f6 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:58:00 | Win2K-f | 24.195.224.179 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 36 33 of 33 0 of 33 |
1a3c84a663 NEW 53bfe15e91 [Firefox:1024 hits: 06-17 to 07-30] a08f3b74a4 [Firefox:339 hits: 06-18 to 07-30] |
none[none] none [4] a08f3b74a4[1] |
none:none none:none ASM:Graph |
none|none tElock| Armadillo| |
none none lines=81 |
none trace trace |