|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 01:01:00 | Win2K-f | 208.127.8.130 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
72.10.172.218:2938 | :japan.youngpeyatech.info | 135 | pcap | raw alerts ruleset |
irc 222 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox: 6 hits: 07-15 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 01:02:00 | Win2K-f | 219.114.201.181 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
07fabc79ef [Firefox:10 hits: 06-19 to 08-05] 53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] b5919931fe [Firefox:251 hits: 06-20 to 08-06] |
07fabc79ef [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 01:27:00 | WinXP | 220.102.155.170 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:33:00 | WinXP | 114.120.90.52 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 3 hits: 07-28 to 08-02] |
none[none] | none:none |
none|none | none | none |
| T:01:47:00 | Win2K-f | 66.60.205.122 (NEWULMTEL.NET): NEW ULM TELECOM INC, REDWOOD FALLS, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:50:00 | WinXP | 77.125.130.255 (INTER.NET.IL): EURONET DIGITAL COMMUNICATIONS, IL. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:01:00 | WinXP | 206.169.217.135 (NETPTC.NET): PONDEROSA CABLEVISION, HANFORD, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:02:05:00 | WinXP | 86.155.23.57 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:18:00 | Win2K-f | 222.238.62.90 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 0 of 32 |
074325ecbc [Firefox: 7 hits: 07-02 to 08-06] 2a66fc87fa [Firefox: 7 hits: 07-02 to 08-06] b5919931fe [Firefox:251 hits: 06-20 to 08-06] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:02:20:00 | WinXP | 74.78.51.236 (RR.COM): ROAD RUNNER HOLDCO LLC, MIDDLETOWN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:25:00 | WinXP | 58.90.60.81 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | e1ffcf9fb1 NEW |
none[none] | none:none |
none|none | none | none |
| 02:35:00 | WinXP | 193.250.70.201 (ABO.WANADOO.FR): WANADOO, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:74 hits: 01-08 to 08-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 02:41:00 | Win2K-f | 76.200.216.27 (SBCGLOBAL.NET): PPPOX POOL - BRAS2.OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:02:00 | WinXP | 123.213.64.12 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :wpad US:198.78.220.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 0 of 33 |
533d15b5ce [Firefox:13 hits: 06-21 to 08-05] 58c343a8d8 [Firefox:14 hits: 06-21 to 08-05] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] 58c343a8d8[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 03:13:00 | WinXP | 78.225.160.21 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f20d2c0b8e [Firefox: 3 hits: 07-24 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:03:13:00 | WinXP | 78.225.160.21 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f20d2c0b8e [Firefox: 3 hits: 07-24 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| T:03:19:00 | WinXP | 63.28.121.14 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:29:00 | Win2K-f | 144.134.93.123 (TMNS.NET.AU): TELSTRAINTERNET27, TOOWOOMBA, QUEENSLAND, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:46:00 | Win2K-f | 24.64.128.204 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:13:00 | Win2K-f | 4.152.243.38 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ASHEVILLE, NORTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:16:00 | WinXP | 4.160.105.154 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, COLUMBUS, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:33:00 | Win2K-f | 96.14.105.196 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.43.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox: 4 hits: 07-22 to 08-02] 8dfb3b619f [Firefox: 5 hits: 07-22 to 08-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:50:00 | Win2K-f | 4.232.186.143 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, YUCAIPA, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 918 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 63d9f214ea NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:54:00 | WinXP | 86.154.232.200 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:06:00 | Win2K-f | 70.183.165.30 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:07:00 | WinXP | 72.191.153.20 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:435 hits: 01-01 to 08-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:05:11:00 | WinXP | 71.111.226.198 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.201.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:21:00 | WinXP | 97.89.18.179 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 043592e432 [Firefox: 2 hits: 07-25 to 08-04] |
none[none] | none:none |
none|none | none | none |
| 05:41:00 | Win2K-f | 210.206.10.17 (KONICS.COM): BORANET-NET-210-206/, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:46:00 | WinXP | 151.33.85.247 (33-151.IOL.IT): ITALIA ONLINE S.P.A, MILANO, LOMBARDIA, IT. (DIAL) |
64.85.160.111:5001 | DE:cookie.roltf.ws US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:95 hits: 05-22 to 08-06] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 05:53:00 | WinXP | 218.168.68.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:59:00 | WinXP | 220.219.45.101 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:242 hits: 01-05 to 08-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:00:00 | WinXP | 58.87.168.165 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:16:00 | Win2K-f | 65.183.149.120 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
72.10.172.218:7382 | CA:italian.swiifatecihno.com :preek.oihduhdd.net :japan.youngpeyatech.info CA:72.10.172.218:7382 |
135 | pcap | raw alerts ruleset |
irc 627 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 99ccce251f NEW |
none[none] | none:none |
none|none | none | none |
| T:06:30:00 | WinXP | 72.228.196.145 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http http 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:435 hits: 01-01 to 08-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:30:00 | WinXP | 86.168.82.130 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:37:00 | WinXP | 219.105.97.143 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:49:00 | Win2K-f | 98.140.228.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:51:00 | Win2K-f | 119.94.168.164 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1024 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 36 | 17e9dbcb71 NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:17:00 | WinXP | 4.175.255.114 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHILADELPHIA, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:35:00 | WinXP | 70.61.156.99 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:206.33.43.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
1e438d2271 NEW 38b16f6895 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:37:00 | Win2K-f | 170.51.187.199 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:38:00 | Win2K-f | 121.254.81.29 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info US:130.107.216.118:25011 |
135 | pcap | raw alerts ruleset |
irc http 479 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 31 of 33 14 of 36 15 of 36 14 of 36 |
11768b975d [Firefox: 2 hits: 08-06 to 08-06] 954a98c971 [Firefox: 7 hits: 06-09 to 08-06] 9b09258622 [Firefox: 4 hits: 08-05 to 08-06] b6e55274d0 [Firefox: 3 hits: 08-05 to 08-06] cd0d825f7a [Firefox: 3 hits: 08-05 to 08-06] |
none[none] none [4] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none FSG| none|none none|none none|none |
none none none none none |
none trace none none none |
| 07:49:00 | Win2K-f | 116.127.188.117 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.124:80 US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
6ec2a8994b [Firefox: 9 hits: 06-18 to 07-30] bec9340f6c NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 07:51:00 | WinXP | 118.240.3.212 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:51:00 | WinXP | 88.122.151.238 (PPP.TISCALI.FR): TELECOM ITALIA FRANCE BROADBAND POOLS, DIJON, BOURGOGNE, FR. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:52:00 | WinXP | 130.13.223.125 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 185 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 [Firefox:10 hits: 07-29 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 07:52:00 | Win2K-f | 74.78.51.236 (RR.COM): ROAD RUNNER HOLDCO LLC, MIDDLETOWN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:54:00 | Win2K-f | 130.13.223.125 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 185 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 [Firefox:10 hits: 07-29 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 08:09:00 | WinXP | 123.254.41.92 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:14:00 | WinXP | 114.120.9.239 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 5 hits: 06-10 to 07-13] |
none[4] | none:none |
PolyEnE| | none | trace |
| 08:45:00 | WinXP | 123.222.112.61 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:242 hits: 01-05 to 08-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:46:00 | WinXP | 24.160.202.39 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:242 hits: 01-05 to 08-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:52:00 | WinXP | 24.67.162.209 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 1 of 33 0 of 33 |
48f8b1a711 [Firefox: 9 hits: 06-19 to 08-05] aecf2a5fc9 [Firefox: 7 hits: 06-19 to 08-05] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] aecf2a5fc9[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
PolyEnE| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 09:04:00 | Win2K-f | 170.51.195.134 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:16:00 | WinXP | 85.23.35.139 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:41:00 | Win2K-f | 81.102.52.153 (NTL.COM): NTL INFRASTRUCTURE - CARDIFF, BEDFORD, ENGLAND, UK. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.66.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] b7082104e4 [Firefox:71 hits: 06-18 to 08-05] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:49:00 | WinXP | 211.177.22.188 (KRLINE.NET): KRNIC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 33 |
4c3df24b32 [Firefox:130 hits: 06-17 to 08-06] ff2150aa95 NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| 09:50:00 | WinXP | 172.129.119.95 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 3 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:54:00 | WinXP | 12.78.8.223 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:55:00 | WinXP | 116.127.164.191 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 33 |
776985f561 [Firefox: 2 hits: 06-24 to 07-26] 8ec6129efe [Firefox: 2 hits: 06-24 to 07-26] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
776985f561 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=82 none lines=92 |
trace trace trace |
| 10:19:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] b5919931fe [Firefox:251 hits: 06-20 to 08-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:22:00 | WinXP | 70.125.73.99 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:10:30:00 | WinXP | 62.11.30.32 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, NAPOLI, CAMPANIA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:435 hits: 01-01 to 08-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 10:31:00 | Win2K-f | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.149:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:37:00 | WinXP | 189.51.133.164 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:39:00 | WinXP | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 57ce4acac2 [Firefox:99 hits: 06-17 to 08-06] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:47:00 | WinXP | 89.246.208.236 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:242 hits: 01-05 to 08-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:49:00 | WinXP | 218.167.99.38 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox:13 hits: 07-13 to 08-04] |
none[none] | none:none |
none|none | none | none |
| T:11:00:00 | WinXP | 121.232.39.77 (163DATA.COM.CN): CHINANET JIANGSU PROVINCE NETWORK, BEIJING, BEIJING, CN. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a0044bcb25 [Firefox: 2 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:11:26:00 | Win2K-f | 98.174.80.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] b5919931fe [Firefox:251 hits: 06-20 to 08-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:27:00 | WinXP | 4.233.194.114 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:35:00 | Win2K-f | 75.14.253.81 (-): REFAT M HIJAZ DBA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:48:00 | WinXP | 82.243.80.248 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox: 4 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:12:04:00 | WinXP | 82.243.230.52 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 289328df27 NEW |
none[none] | none:none |
none|none | none | none |
| 12:04:00 | WinXP | 82.243.230.52 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 289328df27 NEW |
none[none] | none:none |
none|none | none | none |
| 12:07:00 | WinXP | 62.108.223.125 (HELSINGENT.SE): HELSINGE NET AB, SE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:47 hits: 01-14 to 08-06] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 12:15:00 | Win2K-f | 78.54.103.157 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 12:21:00 | WinXP | 222.145.194.111 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 12:30:00 | Win2K-f | 68.187.206.45 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 85315c3a76 NEW |
none[none] | none:none |
none|none | none | none | |
| 12:31:00 | WinXP | 4.248.241.183 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FREDERICK, MARYLAND, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 12:36:00 | WinXP | 93.156.66.110 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:37:00 | WinXP | 93.156.66.110 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:46:00 | Win2K-f | 170.51.182.139 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:59:00 | Win2K-f | 68.147.48.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:03:00 | Win2K-f | 86.134.148.1 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 33 | 4ce67d30a6 NEW |
none[none] | none:none |
none|none | none | none |
| 13:11:00 | Win2K-f | 98.133.139.20 (-): ALLTEL SIP CUSTOMERS - CLEVELAND, CLEVELAND, OHIO, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 159 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:28 hits: 06-25 to 08-06] 7f6e032fc0 [Firefox:28 hits: 06-25 to 08-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:16:00 | Win2K-f | 71.111.226.198 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.126.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:18:00 | WinXP | 71.104.114.86 (VERIZON.NET): VERIZON INTERNET SERVICES INC, RANCHO CUCAMONGA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:19:00 | WinXP | 207.144.212.110 (INFOAVE.NET): PALMETTO RURAL TELEPHONE COMPANY (DIAL-UP), WALTERBORO, SOUTH CAROLINA, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com US:www.counterdata.com DE:m1.webstats.motigo.com GB:www.chechenpress.co.uk :www.islamicfinder.org US:www.youtube.com US:208.65.153.253:80 |
445 | pcap | raw alerts ruleset |
http http 138 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:35 hits: 01-02 to 08-02] |
none[3] | none:none |
ASPack| | none | trace |
| 13:26:00 | WinXP | 88.111.240.22 (AS9105.COM): TISCALI UK LTD, STOKE ON TRENT, ENGLAND, UK. (DSL) |
122.131.133.19:13001 | HK:proxim.ircgalaxy.pl JP:chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | a3b8299fb6 NEW |
none[none] | none:none |
none|none | none | none |
| 13:27:00 | WinXP | 70.183.165.30 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:41:00 | Win2K-f | 210.132.143.74 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 44 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 36 | 11b342745b [Firefox: 3 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 13:43:00 | Win2K-f | 222.147.254.236 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | dd1195e952 [Firefox: 5 hits: 06-28 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| T:13:49:00 | WinXP | 117.99.58.86 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:50:00 | WinXP | 60.237.153.136 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:06:00 | Win2K-f | 65.68.44.225 (SWBELL.NET): AT&T INTERNET SERVICES, KANSAS CITY, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:09:00 | WinXP | 217.229.217.135 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, SAARBRUCKEN, SAARLAND, DE. (DIAL) |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | b6b69f1052 NEW |
none[none] | none:none |
none|none | none | none |
| 14:13:00 | WinXP | 87.205.94.239 (INETIA.PL): INTERNETIA, PL. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:17 hits: 07-25 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:14:14:00 | WinXP | 87.205.94.239 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:17 hits: 07-25 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:14:16:00 | Win2K-f | 70.183.169.81 (COX.NET): COX COMMUNICATIONS, WOONSOCKET, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.66.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:31:00 | WinXP | 213.122.29.189 (BTOPENWORLD.COM): BT-WEBPORT, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:32:00 | WinXP | 123.220.207.42 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 14:37:00 | Win2K-f | 70.182.92.124 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:40:00 | Win2K-f | 92.1.69.254 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 734439a119 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:46:00 | WinXP | 121.87.109.88 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
210.245.211.11:65520 122.131.133.19:13001 | HK:proxima.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com JP:chat-shqip.org |
445 | pcap | raw alerts ruleset |
ftp irc http 164 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 25 of 36 |
37f41fd8ab [Firefox:39 hits: 07-24 to 08-04] 5ab0a45f63 [Firefox:50 hits: 07-24 to 08-06] 8d7113c2ce [Firefox:29 hits: 08-01 to 08-02] 9cafe24978 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:15:02:00 | WinXP | 92.18.30.91 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
122.131.133.19:13001 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com JP:chat-shqip.org |
445 | pcap | raw alerts ruleset |
ftp irc http 163 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 19 of 35 17 of 35 20 of 36 |
00dd9f9a73 NEW 37f41fd8ab [Firefox:39 hits: 07-24 to 08-04] 5ab0a45f63 [Firefox:50 hits: 07-24 to 08-06] 8d7113c2ce [Firefox:29 hits: 08-01 to 08-02] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:15:19:00 | Win2K-f | 118.108.20.50 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 15:23:00 | Win2K-f | 4.225.16.152 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KOKOMO, INDIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 212 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 6914740929 [Firefox: 3 hits: 06-11 to 07-09] |
6914740929 [1] | ASM:Graph |
StarForce| | lines=19 | trace | |
| 15:29:00 | Win2K-f | 78.149.106.49 (OPALTELECOM.NET): OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 15:32:00 | Win2K-f | 81.90.151.128 (-): AFRANET, TEHRAN, TEHRAN, IR. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 15:34:00 | WinXP | 219.162.24.93 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 15:42:00 | WinXP | 92.0.240.136 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
122.131.133.19:13001 | HK:proxim.ircgalaxy.pl JP:chat-shqip.org HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp irc 58 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 | e72624fb94 [Firefox: 3 hits: 08-05 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:15:44:00 | Win2K-f | 219.162.24.93 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 16:02:00 | Win2K-f | 202.70.249.50 (ONINET.NE.JP): OKAYAMA NETWORK INC, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 38 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:16:02:00 | Win2K-f | 118.0.152.95 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ebba8e30e9 NEW |
none[none] | none:none |
none|none | none | none | |
| 16:07:00 | WinXP | 118.105.185.251 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 | dd0b6249c4 NEW |
none[none] | none:none |
none|none | none | none |
| 16:09:00 | Win2K-f | 118.108.20.50 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 16:15:00 | WinXP | 99.164.23.178 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 16:16:00 | WinXP | 82.197.252.165 (NETATONCE.NET): ADSL MLM DALAPLAN, KALMAR, KALMAR, SE. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 | 412800c4ab NEW |
none[none] | none:none |
none|none | none | none |
| 16:20:00 | WinXP | 200.117.100.24 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:20:00 | WinXP | 200.117.100.24 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:406 hits: 12-31 to 08-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:21:00 | Win2K-f | 80.63.225.110 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, HERNING, VESTSJALLAND, DK. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 29b7fb63a1 NEW |
none[none] | none:none |
none|none | none | none |
| 16:25:00 | Win2K-f | 118.240.158.22 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 16:29:00 | Win2K-f | 122.146.240.182 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:32:00 | WinXP | 70.253.37.232 (SWBELL.NET): PPPOX POOL - BRAS17.RCSNTX.052105-1419, FT. WORTH, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:16:35:00 | Win2K-f | 208.105.172.35 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:40:00 | WinXP | 124.100.131.41 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | HK:proxim.ircgalaxy.pl JP:chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 1014373c7b NEW |
none[none] | none:none |
none|none | none | none |
| T:16:41:00 | WinXP | 122.19.142.27 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
12 of 33 | a96d6f6d31 [Firefox: 6 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:16:43:00 | WinXP | 96.35.249.240 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
66a1162a85 NEW a12cab51ef [Firefox:435 hits: 01-01 to 08-06] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| 16:50:00 | WinXP | 222.145.178.49 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 65 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 16:56:00 | Win2K-f | 220.104.13.107 (OCN.NE.JP): OPEN COMPUTER NETWORK, MISAWA, AOMORI, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 56 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:17:00:00 | WinXP | 118.9.254.91 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 17:04:00 | WinXP | 219.75.220.249 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
122.131.133.19:13001 | HK:proxim.ircgalaxy.pl JP:chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 65 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 8cb2d8767e NEW |
none[none] | none:none |
none|none | none | none |
| 17:06:00 | Win2K-f | 122.18.9.231 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ebba8e30e9 NEW |
none[none] | none:none |
none|none | none | none | |
| T:17:10:00 | WinXP | 91.65.58.219 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b NEW |
none[none] | none:none |
none|none | none | none |
| T:17:11:00 | WinXP | 204.193.220.106 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 01af816288 NEW |
none[none] | none:none |
none|none | none | none |
| 17:14:00 | WinXP | 96.35.249.240 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:435 hits: 01-01 to 08-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:17:25:00 | Win2K-f | 119.11.109.235 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:17:30:00 | WinXP | 118.1.211.84 (-): . |
122.131.133.19:13001 | HK:proxima.ircgalaxy.pl JP:chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | a4fbe49195 [Firefox: 4 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 17:32:00 | WinXP | 41.214.133.145 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 07614a4923 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:33:00 | WinXP | 41.214.133.145 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 07614a4923 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:33:00 | Win2K-f | 24.153.113.2 (MYACTV.NET): ANTIETAM CABLE TELEVISION INC, HAGERSTOWN, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:34:00 | WinXP | 213.0.200.165 (TELEFONICA.NET): TELEFONICA DATA ESPANA (NCC#2000037081), ES. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:920 hits: 12-31 to 08-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:36:00 | WinXP | 4.244.36.16 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:46:00 | WinXP | 122.29.123.223 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | d793fa3356 NEW |
none[none] | none:none |
none|none | none | none |
| 17:49:00 | Win2K-f | 210.225.219.20 (PLALA.OR.JP): PLALA NETWORKS INC, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 45 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:17:56:00 | Win2K-f | 222.145.178.49 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 18:01:00 | WinXP | 70.254.1.52 (SWBELL.NET): PPPOX POOL - RBACK24.HSTNTX 062705 1909, HOUSTON, TEXAS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad GB:new.egg.com |
445 | pcap | raw alerts ruleset |
http http http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 0 of 36 |
a12cab51ef [Firefox:435 hits: 01-01 to 08-06] b67c2983cd NEW |
40f7f463c4 [0] none [none] |
ASM:Graph none:none |
ASPack| none|none |
lines=281 embedded dns none |
trace none |
| 18:04:00 | Win2K-f | 118.9.254.91 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| T:18:06:00 | Win2K-f | 118.236.153.101 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:18:06:00 | Win2K-f | 121.3.177.217 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 74560ac1c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:09:00 | WinXP | 4.226.42.234 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LEWISVILLE, TEXAS, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:920 hits: 12-31 to 08-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:19:00 | WinXP | 121.3.177.217 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 49 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 74560ac1c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:20:00 | WinXP | 4.174.180.201 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 18:21:00 | Win2K-f | 60.236.93.186 (MESH.AD.JP): NEC CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | da7e62b29d [Firefox: 2 hits: 08-01 to 08-04] |
none[none] | none:none |
none|none | none | none | |
| 18:26:00 | WinXP | 75.177.169.33 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:32:00 | Win2K-f | 96.10.114.12 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:35:00 | WinXP | 219.91.73.149 (APOL.COM.TW): ASIA PACIFIC ON-LINE SERVICES INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:242 hits: 01-05 to 08-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:35:00 | WinXP | 123.225.61.94 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 18:36:00 | Win2K-f | 89.243.102.167 (-): OPAL TELECOM DSL, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 18:40:00 | WinXP | 190.19.214.123 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad RU:www.bbin.ru RU:www.binbank.ru US:208.73.210.32:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:198 hits: 01-01 to 08-06] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 18:42:00 | Win2K-f | 222.148.24.212 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 38 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:18:51:00 | WinXP | 122.134.54.153 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:18:54:00 | Win2K-f | 119.94.11.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:192.221.110.125:80 US:198.78.201.126:80 US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:27 hits: 06-18 to 08-06] 76ee340669 [Firefox:27 hits: 06-18 to 08-06] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:19:02:00 | WinXP | 118.105.185.251 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 4c718f0d24 [Firefox: 3 hits: 06-29 to 07-28] |
none[none] | none:none |
none|none | none | none | |
| T:19:12:00 | WinXP | 202.67.19.220 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
122.131.133.19:13001 | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:12351 JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:14:00 | Win2K-f | 122.146.81.160 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:17:00 | Win2K-f | 218.230.215.236 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKUSHIMA, TOKUSHIMA, JP. |
122.131.133.19:12351 | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:26:00 | Win2K-f | 122.130.229.9 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:32:00 | WinXP | 70.241.106.210 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] a08f3b74a4 [Firefox:393 hits: 06-18 to 08-06] e07c29c4ae [Firefox:177 hits: 06-19 to 08-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 19:34:00 | Win2K-f | 121.72.226.235 (TELSTRACLEAR.NET): TELSTRACLEAR CHRISTCHURCH CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 NEW a51a50404e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:35:00 | WinXP | 124.84.14.225 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 33 | a793802e3c [Firefox: 7 hits: 06-28 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:42:00 | WinXP | 118.236.147.230 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:52:00 | Win2K-f | 125.192.176.160 (MESH.AD.JP): NEC CORPORATION, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 42 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 19:53:00 | WinXP | 67.9.2.250 (RR.COM): ROAD RUNNER HOLDCO LLC, PINELLAS PARK, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:920 hits: 12-31 to 08-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:55:00 | Win2K-f | 118.240.160.202 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| 19:58:00 | Win2K-f | 67.10.90.238 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
194.109.11.65:6556 | NL:0x80.online-software.org NL:0x80.martiansong.com :0xff.memzero.info :0x80.my-secure.name NL:0x80.goingformars.com NL:0x80.my1x1.com |
135 | pcap | raw alerts ruleset |
other 264 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 [Firefox: 2 hits: 06-10 to 06-21] |
none[4] | none:none |
StarForce| | none | trace |
| 19:59:00 | WinXP | 98.140.228.28 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:07:00 | WinXP | 71.103.119.203 (VERIZON.NET): VERIZON INTERNET SERVICES INC, WHITTIER, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:16:00 | Win2K-f | 202.70.249.50 (ONINET.NE.JP): OKAYAMA NETWORK INC, TOKYO, TOKYO, JP. |
122.131.133.19:12351 | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 20:18:00 | Win2K-f | 75.4.238.202 (SBCGLOBAL.NET): RBACK34A.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:207.123.37.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] b7082104e4 [Firefox:71 hits: 06-18 to 08-05] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 20:19:00 | Win2K-f | 202.67.21.15 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| T:20:37:00 | Win2K-f | 122.16.55.161 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:20:40:00 | WinXP | 122.132.112.205 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:20:41:00 | Win2K-f | 201.213.238.106 (NET.AR): PRIMA S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:95 hits: 05-22 to 08-06] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 20:43:00 | Win2K-f | 123.225.61.94 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:282 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none | |
| T:20:43:00 | WinXP | 130.13.34.20 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:47:00 | Win2K-f | 118.8.34.6 (-): . |
122.131.133.19:13001 | JP:chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 20:48:00 | Win2K-f | 218.223.210.29 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
122.131.133.19:12351 | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 20:57:00 | WinXP | 202.70.230.40 (ONINET.NE.JP): OKAYAMA NETWORK INC, TOKYO, TOKYO, JP. |
n/a | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:12351 JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b75ee8011e NEW |
none[none] | none:none |
none|none | none | none |
| T:21:00:00 | Win2K-f | 116.123.57.165 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 34 of 36 |
168aab35a3 [Firefox:83 hits: 06-17 to 08-06] cc53fa213b NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:02:00 | WinXP | 58.93.114.109 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:12351 JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:286 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:21:10:00 | WinXP | 63.109.247.248 (NEWSKIES.NET): BT LIMITED, BEIRUT, BEYROUTH, LB. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 55c3444f3e NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:13:00 | WinXP | 222.233.15.99 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox:15 hits: 06-17 to 08-02] f23b040440 [Firefox: 6 hits: 06-22 to 08-02] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 21:33:00 | Win2K-f | 118.7.103.67 (-): . |
n/a | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:12351 JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 36 | 86d0b73e6a NEW |
none[none] | none:none |
none|none | none | none |
| 21:34:00 | Win2K-f | 70.61.191.144 (RR.COM): ROAD RUNNER HOLDCO LLC, GROVE CITY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:38:00 | WinXP | 89.169.152.76 (-): MOSINFOLINE, RU. |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:95 hits: 05-22 to 08-06] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 21:43:00 | Win2K-f | 219.251.192.245 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxima.ircgalaxy.pl US:208.111.153.231:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 |
5364c612fa [Firefox: 3 hits: 07-06 to 07-25] 53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 21:48:00 | Win2K-f | 70.67.40.104 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.79.125:80 US:207.123.46.126:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 33 of 35 |
03f242275e [Firefox: 3 hits: 07-30 to 08-02] 31d5e9cb41 [Firefox: 3 hits: 07-30 to 08-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:51:00 | WinXP | 76.200.153.144 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:74 hits: 01-08 to 08-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 21:52:00 | Win2K-f | 59.190.104.173 (EONET.NE.JP): K-OPTICOM CORPORATION, NISHINOMIYA, HYOGO, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 64a2cc1200 NEW |
none[none] | none:none |
none|none | none | none |
| 22:02:00 | WinXP | 218.165.116.252 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 3 hits: 07-28 to 08-02] |
none[none] | none:none |
none|none | none | none |
| T:22:03:00 | WinXP | 218.165.116.252 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 3 hits: 07-28 to 08-02] |
none[none] | none:none |
none|none | none | none |
| T:22:18:00 | WinXP | 12.78.11.72 (ATT.NET): AT&T WORLDNET SERVICES, MORRISTOWN, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:291 hits: 12-31 to 08-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:21:00 | WinXP | 218.211.223.40 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1180 hits: 06-17 to 08-06] 73f1082158 [Firefox:596 hits: 06-18 to 08-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:43:00 | WinXP | 170.51.155.89 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:95 hits: 05-22 to 08-06] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 23:34:00 | Win2K-f | 125.102.81.243 (UCOM.NE.JP): G-OS0024N, JP. (100Mbps) |
n/a | JP:chat-shqip.org JP:w3bs.chat-shqip.org JP:122.131.133.19:12351 JP:122.131.133.19:13001 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:257 hits: 06-27 to 08-06] |
none[none] | none:none |
none|none | none | none |
| T:23:41:00 | WinXP | 114.120.78.50 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 5 hits: 06-10 to 07-13] |
none[4] | none:none |
PolyEnE| | none | trace |
| 23:44:00 | WinXP | 122.25.73.41 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:455 hits: 01-01 to 08-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:48:00 | WinXP | 61.94.124.176 (TELKOM.NET.ID): PT TELKOM INDONESIA, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 72bba885e8 NEW |
none[none] | none:none |
none|none | none | none |