|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:06:00 | WinXP | 24.80.172.192 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.44.124:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:25 hits: 06-20 to 08-23] e5c7bce70e [Firefox:24 hits: 06-20 to 08-23] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:19:00 | WinXP | 24.80.172.192 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 0 of 33 2 of 32 |
607b60ad51 [Firefox:25 hits: 06-20 to 08-23] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] e5c7bce70e [Firefox:24 hits: 06-20 to 08-23] |
none[4] e07c29c4ae[1] e5c7bce70e[1] |
none:none ASM:Graph ASM:Graph |
tElock| FSG| Armadillo| |
none lines=92 lines=81 |
trace trace trace |
| T:00:40:00 | Win2K-f | 196.208.97.170 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:06:00 | WinXP | 123.212.119.89 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:167 hits: 06-17 to 08-23] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:01:08:00 | Win2K-f | 208.77.181.35 (MYCOMSPAN.COM): COMSPAN BANDON NETWORK LLC, BANDON, OREGON, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn IL:ksn.a1001186.wrs.flutix.com US:199.93.44.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
irc http 658 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 14 of 36 32 of 35 26 of 36 |
2d76ff4e53 [Firefox: 7 hits: 07-23 to 08-23] 75d013e972 [Firefox: 7 hits: 08-20 to 08-23] 7df1377ee3 [Firefox: 7 hits: 07-23 to 08-23] 812a0cf35a [Firefox: 2 hits: 08-22 to 08-23] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 01:24:00 | WinXP | 117.99.16.71 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:496 hits: 12-31 to 08-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:01:25:00 | WinXP | 117.99.16.71 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:496 hits: 12-31 to 08-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:01:30:00 | Win2K-f | 89.179.68.50 (CORBINA.RU): INVESTELEKTROSVIAZ LTD, RU. |
210.245.211.11:65520 | :fleshkatera.cn HK:proxim.ircgalaxy.pl DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:35:00 | WinXP | 84.217.250.55 (GLOCALNET.NET): GLOCALNET-SE-NET, SE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 63452bf08e NEW |
none[none] | none:none |
none|none | none | none |
| T:01:47:00 | WinXP | 24.166.177.93 (RR.COM): ROAD RUNNER HOLDCO LLC, OVERLAND PARK, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:19:00 | Win2K-f | 203.91.168.73 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 9 of 33 |
2851817490 [Firefox: 3 hits: 06-27 to 07-19] 624c441842 [Firefox: 2 hits: 06-27 to 07-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:23:00 | WinXP | 220.215.164.183 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:02:26:00 | WinXP | 80.199.145.175 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, ROSKILDE, ROSKILDE, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4442fbf8df NEW |
none[none] | none:none |
none|none | none | none |
| 02:56:00 | Win2K-f | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:01:00 | WinXP | 72.22.226.37 (PMT.ORG): PROJECT MUTUAL TELEPHONE INC, HEYBURN, IDAHO, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:505 hits: 01-01 to 08-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 03:04:00 | Win2K-f | 125.58.120.191 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:07:00 | WinXP | 79.163.221.44 (-): IDEA, PL. |
210.245.211.11:65520 194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:22 hits: 07-28 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:03:15:00 | WinXP | 85.185.94.166 (-): ANGIZEH NEGAR KHAVARAN ISP, MASHHAD, KHORASAN, IR. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c48a98539d NEW |
none[none] | none:none |
none|none | none | none |
| 03:25:00 | WinXP | 24.195.233.174 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:36:00 | Win2K-f | 118.219.236.35 (-): . |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 US:205.128.73.126:80 US:4.23.60.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 100 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:112 hits: 06-17 to 08-23] 667f0c59f3 [Firefox:18 hits: 07-04 to 08-20] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:03:37:00 | Win2K-f | 58.232.149.91 (-): THRUNET-INFRA-GANGWON05, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 US:205.128.73.126:80 US:4.23.60.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox: 3 hits: 06-18 to 08-09] e5e0dbde57 [Firefox: 3 hits: 06-18 to 08-09] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:03:40:00 | WinXP | 80.121.15.85 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:103 hits: 01-08 to 08-22] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:03:50:00 | WinXP | 80.160.111.82 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, GLOSTRUP, COPENHAGEN, DK. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru DE:dl2.teenpassage.com AT:graz.at.eu.undernet.org :irc.kar.net US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8e4e1ec135 NEW |
none[none] | none:none |
none|none | none | none |
| 03:59:00 | WinXP | 145.236.123.156 (TELEKOM.HU): HUNGARIAN TELECOMMUNICATIONS COMPANY LIMITED, BUDAPEST, BUDAPEST, HU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:00:00 | Win2K-f | 4.225.247.205 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTAGE, MICHIGAN, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:05:00 | WinXP | 220.156.13.111 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:13:00 | Win2K-f | 89.179.93.64 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.226:80 DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc http 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:38:00 | WinXP | 91.66.21.92 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b19b1a3b65 [Firefox: 2 hits: 08-22 to 08-23] |
none[none] | none:none |
none|none | none | none |
| T:04:39:00 | WinXP | 91.66.21.92 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b19b1a3b65 [Firefox: 2 hits: 08-22 to 08-23] |
none[none] | none:none |
none|none | none | none |
| T:04:45:00 | WinXP | 80.191.115.148 (-): REGIONAL LIBRARAY OF SCIENCE AND TECHNOLOGY, SHIRAZ, FARS, IR. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http http 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 0 of 36 35 of 36 |
3099ee9232 NEW 45ee08c58b NEW 7337e0f9fe NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 04:45:00 | Win2K-f | 98.141.162.197 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:00:00 | WinXP | 217.245.102.187 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:103 hits: 01-08 to 08-22] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:05:21:00 | WinXP | 117.99.19.130 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:496 hits: 12-31 to 08-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:31:00 | WinXP | 213.36.0.190 (PPP.TISCALI.FR): TISCALI FRANCE, FR. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:33:00 | Win2K-f | 61.34.136.36 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 US:199.93.44.124:80 US:204.160.126.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 154 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
9d1c8d89a4 [Firefox: 4 hits: 08-10 to 08-19] b57dbae4a3 [Firefox: 4 hits: 08-10 to 08-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:40:00 | WinXP | 196.208.97.170 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:47:00 | WinXP | 61.46.137.208 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 403 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | c4c5a56ffe [Firefox: 6 hits: 08-15 to 08-23] |
none[none] | none:none |
none|none | none | none | |
| T:05:48:00 | WinXP | 202.216.50.125 (FLETS-A-WEST-1-10.DSN.JP): DS NETWORKS CO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:51:00 | WinXP | 41.214.166.81 (-): . |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:22 hits: 07-28 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:05:51:00 | WinXP | 41.214.166.81 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:22 hits: 07-28 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:05:57:00 | Win2K-f | 72.233.8.8 (LAYEREDTECH.COM): LAYERED TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:58:00 | WinXP | 220.220.130.55 (PLALA.OR.JP): NTT COMMUNICATIONS CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:39:00 | WinXP | 59.114.242.184 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:144 hits: 06-17 to 08-23] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:06:47:00 | WinXP | 76.177.220.127 (RR.COM): ROAD RUNNER HOLDCO LLC, YULEE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:53:00 | WinXP | 65.68.44.124 (SWBELL.NET): AT&T INTERNET SERVICES, KANSAS CITY, MISSOURI, US. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.43:80 US:208.111.148.54:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 132 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox:14 hits: 06-18 to 08-21] c6bfb5f0f2 [Firefox:14 hits: 06-18 to 08-21] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 06:58:00 | WinXP | 118.240.118.211 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:505 hits: 01-01 to 08-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:05:00 | Win2K-f | 24.82.101.167 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. |
72.10.172.218:7382 | CA:italian.swiifatecihno.com | 135 | pcap | raw alerts ruleset |
irc http 240 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 30 11 of 36 |
6f48587848 [Firefox: 2 hits: 02-18 to 08-14] 88765a5690 NEW |
0bc04966dd [0] none [none] |
none:none none:none |
none|none none|none |
none none |
trace none |
| 07:08:00 | Win2K-f | 122.146.224.102 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:09:00 | WinXP | 172.166.107.9 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.99.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 163 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:10:00 | WinXP | 58.231.169.59 (-): THRUNET-INFRA-DAEJEON05, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:192.221.108.126:80 US:192.221.99.124:80 US:205.128.73.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 109 lines |
Yeah : 1.8 profile |
none | summary tarball |
1 of 33 30 of 32 |
7b2dec4d44 NEW d5bf17f14e [Firefox: 8 hits: 06-20 to 08-17] |
7b2dec4d44 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 07:17:00 | Win2K-f | 124.61.39.42 (-): POWERCOM, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:8.12.202.125:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 104 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 32 of 33 |
4c3df24b32 [Firefox:167 hits: 06-17 to 08-23] 58408136a4 [Firefox:15 hits: 06-28 to 08-20] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:07:23:00 | Win2K-f | 97.93.78.32 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 07:23:00 | WinXP | 41.202.93.108 (-): . |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 330eaa2da2 [Firefox:17 hits: 01-28 to 08-20] |
none[3] | none:none |
ASPack| | none | trace |
| T:07:31:00 | Win2K-f | 119.95.129.154 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:45:00 | Win2K-f | 71.103.172.2 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SAN BERNARDINO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.123:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:47:00 | WinXP | 60.254.198.29 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | df2f0e165e NEW |
none[none] | none:none |
none|none | none | none |
| T:07:48:00 | WinXP | 211.76.41.133 (UBBN.NET): UNION CABLE TV CO. LTD, TW. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 US:207.123.37.123:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 201 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 30 of 33 0 of 33 |
9963e9c1ff [Firefox: 2 hits: 06-26 to 08-23] a647a60592 [Firefox: 2 hits: 06-26 to 08-23] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:08:05:00 | Win2K-f | 219.71.115.4 (NVWTV.COM.TW): HOSHIN GIGAMEDIA CENTER INC, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 30 of 35 |
017226a316 [Firefox: 3 hits: 07-27 to 08-13] 9b03689ec5 [Firefox: 3 hits: 07-27 to 08-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:07:00 | Win2K-f | 207.5.232.242 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:17:00 | WinXP | 77.57.93.204 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 25d78144c5 [Firefox:11 hits: 08-01 to 08-19] |
none[none] | none:none |
none|none | none | none |
| 08:17:00 | WinXP | 77.57.93.204 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
210.245.211.11:65520 194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 25d78144c5 [Firefox:11 hits: 08-01 to 08-19] |
none[none] | none:none |
none|none | none | none |
| T:08:23:00 | WinXP | 79.163.232.59 (-): IDEA, PL. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:22 hits: 07-28 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:08:28:00 | WinXP | 66.50.120.46 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:31:00 | WinXP | 210.79.163.63 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:33:00 | Win2K-f | 24.30.174.247 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 09:10:00 | Win2K-f | 24.166.177.93 (RR.COM): ROAD RUNNER HOLDCO LLC, OVERLAND PARK, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:40:00 | Win2K-f | 74.67.48.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:09:56:00 | WinXP | 219.122.194.150 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 3a813df3ed [Firefox: 5 hits: 02-04 to 08-11] |
7759abbf55 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:02:00 | WinXP | 217.76.159.212 (ARSYSTEL.COM): NET-ARSYS-EURO, ES. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:04:00 | WinXP | 61.254.122.18 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:192.221.99.124:80 US:204.160.104.126:80 US:207.123.46.126:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 106 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:112 hits: 06-17 to 08-23] 4c3df24b32 [Firefox:167 hits: 06-17 to 08-23] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:17:00 | WinXP | 41.214.186.9 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c9d01112a8 [Firefox: 4 hits: 08-06 to 08-11] |
none[none] | none:none |
none|none | none | none |
| T:10:17:00 | WinXP | 41.214.186.9 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru DE:dl2.teenpassage.com SE:vancouver.dal.net :gaspode.zanet.org.za AT:graz.at.eu.undernet.org SE:ozbytes.dal.net SE:qis.md.us.dal.net :los-angeles.ca.us.undernet.org FI:london.uk.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c9d01112a8 [Firefox: 4 hits: 08-06 to 08-11] |
none[none] | none:none |
none|none | none | none |
| T:10:34:00 | WinXP | 117.99.36.43 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:91 hits: 01-03 to 08-21] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:36:00 | Win2K-f | 70.74.220.25 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:47:00 | Win2K-f | 58.230.146.15 (-): THRUNET-INFRA-SEOUL02, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
2 of 35 30 of 32 |
bcf66a38c8 [Firefox: 4 hits: 07-30 to 08-21] d5bf17f14e [Firefox: 8 hits: 06-20 to 08-17] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 10:58:00 | WinXP | 92.32.84.187 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 63452bf08e NEW |
none[none] | none:none |
none|none | none | none |
| T:11:02:00 | WinXP | 201.252.101.233 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | ec93bb7379 NEW |
none[none] | none:none |
none|none | none | none |
| 11:07:00 | Win2K-f | 189.48.90.17 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:22:00 | WinXP | 201.69.254.48 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 21f744cf9b NEW |
none[none] | none:none |
none|none | none | none |
| 11:34:00 | WinXP | 12.78.8.58 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:34:00 | Win2K-f | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.66.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 57ce4acac2 [Firefox:144 hits: 06-17 to 08-23] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:35:00 | Win2K-f | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 57ce4acac2 [Firefox:144 hits: 06-17 to 08-23] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:40:00 | WinXP | 68.146.188.157 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 11:50:00 | WinXP | 77.102.0.83 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:11:54:00 | WinXP | 85.86.238.104 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8350eec99e NEW |
none[none] | none:none |
none|none | none | none |
| T:12:04:00 | WinXP | 70.119.123.43 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:4.23.60.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:20:00 | WinXP | 208.188.17.129 (SWBELL.NET): AS101 RCSNTX DIAL POOL, DALLAS, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:28:00 | Win2K-f | 124.61.39.42 (-): POWERCOM, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 111 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 32 of 33 0 of 32 |
4c3df24b32 [Firefox:167 hits: 06-17 to 08-23] 58408136a4 [Firefox:15 hits: 06-28 to 08-20] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
4c3df24b32 [1] none [none] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| none|none ASProtect| |
lines=81 none lines=90 |
trace none trace |
| T:12:33:00 | WinXP | 4.225.143.22 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:46:00 | WinXP | 4.244.171.254 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TULSA, OKLAHOMA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:47:00 | WinXP | 4.244.171.254 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TULSA, OKLAHOMA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:04:00 | WinXP | 93.84.106.18 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:13:08:00 | WinXP | 66.19.34.95 (USLEC.NET): USLEC CORP, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:09:00 | Win2K-f | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 57ce4acac2 [Firefox:144 hits: 06-17 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 13:33:00 | WinXP | 24.137.124.41 (EASTLINK.CA): EASTLINK, DARTMOUTH, NOVA SCOTIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:37:00 | WinXP | 41.214.171.68 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox: 4 hits: 08-19 to 08-22] |
none[none] | none:none |
none|none | none | none |
| 13:40:00 | WinXP | 4.138.90.45 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WOODSTOCK, GEORGIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:55:00 | WinXP | 82.249.30.13 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b [Firefox: 8 hits: 08-06 to 08-19] |
none[none] | none:none |
none|none | none | none |
| 13:55:00 | WinXP | 82.249.30.13 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b [Firefox: 8 hits: 08-06 to 08-19] |
none[none] | none:none |
none|none | none | none |
| T:14:20:00 | Win2K-f | 70.254.8.18 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:209.84.20.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:21:00 | WinXP | 218.211.83.32 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:32:00 | WinXP | 77.20.8.78 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b19b1a3b65 [Firefox: 2 hits: 08-22 to 08-23] |
none[none] | none:none |
none|none | none | none |
| 15:07:00 | Win2K-f | 63.18.96.114 (UU.NET): UUNET TECHNOLOGIES INC, AULT, COLORADO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:206.33.45.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 186 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:10:00 | WinXP | 201.0.9.36 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox: 4 hits: 08-19 to 08-22] |
none[none] | none:none |
none|none | none | none |
| T:15:10:00 | WinXP | 76.161.225.191 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:14:00 | WinXP | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
194.109.11.65:6556 | :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com NL:0x80.goingformars.com NL:0x80.online-software.org NL:194.109.11.65:6556 |
135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 33 | e30fb27bda [Firefox: 4 hits: 07-07 to 08-19] |
none[none] | none:none |
none|none | none | none |
| 15:32:00 | WinXP | 63.246.123.82 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.42.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:37:00 | Win2K-f | 68.151.127.50 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:10:00 | WinXP | 41.214.188.242 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox: 4 hits: 08-19 to 08-22] |
none[none] | none:none |
none|none | none | none |
| 16:13:00 | WinXP | 125.4.225.120 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
2e45ae247e [Firefox: 5 hits: 06-25 to 08-11] 53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:16:15:00 | WinXP | 24.79.215.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 196 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:25 hits: 06-20 to 08-23] e5c7bce70e [Firefox:24 hits: 06-20 to 08-23] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:21:00 | WinXP | 76.166.29.57 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:496 hits: 12-31 to 08-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:45:00 | WinXP | 88.215.84.192 (CABLESURF.DE): KABELFERNSEHEN MUENCHEN SERVICENTER GMBH & CO.KG, MUNICH, BAYERN, DE. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:31 hits: 01-02 to 08-23] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:54:00 | Win2K-f | 99.170.21.97 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.46.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:28:00 | WinXP | 81.84.228.219 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e4157a2cc3 NEW |
none[none] | none:none |
none|none | none | none |
| 17:42:00 | WinXP | 200.100.230.179 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | b40d13789d NEW |
none[none] | none:none |
none|none | none | none |
| 17:53:00 | Win2K-f | 71.85.126.50 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:14:00 | WinXP | 76.178.247.198 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:91 hits: 01-03 to 08-21] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:22:00 | WinXP | 69.127.29.12 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), HICKSVILLE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:44:00 | WinXP | 4.248.51.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:19:13:00 | WinXP | 130.13.60.200 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:24:00 | WinXP | 130.13.60.200 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:362 hits: 12-31 to 08-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:32:00 | Win2K-f | 70.165.19.46 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:18:00 | WinXP | 201.252.95.24 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:19:00 | WinXP | 122.146.227.162 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:25:00 | WinXP | 69.216.161.174 (-): CITY OF NORWAY, DETROIT, MICHIGAN, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.43:80 US:208.111.148.54:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 35 33 of 35 |
0aba74f83a NEW 1d215d08be NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:33:00 | WinXP | 72.251.76.46 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:71 hits: 01-14 to 08-22] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:20:46:00 | Win2K-f | 222.236.27.24 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.153.236:80 US:208.111.173.16:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 131 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 30 of 33 |
168aab35a3 [Firefox:112 hits: 06-17 to 08-23] f62373a83b [Firefox: 3 hits: 07-03 to 07-28] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:21:08:00 | WinXP | 98.140.59.201 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:09:00 | Win2K-f | 211.203.125.127 (HANANET.NET): HANARO TELECOM INC, PUSAN, PUSAN-GWANGYOKSI, KR. |
210.245.211.11:65520 | DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 21:33:00 | Win2K-f | 65.172.147.233 (SKYBEST.COM): SKYBEST COMMUNICATIONS INC, NEW BERN, NORTH CAROLINA, US. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 112 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 2 of 36 0 of 32 |
2f27f1f3ed NEW 5f8dacfa58 NEW b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:21:42:00 | WinXP | 64.183.209.202 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:198.78.201.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] b7082104e4 [Firefox:113 hits: 06-18 to 08-22] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 21:49:00 | WinXP | 202.177.78.136 (NS.ICTV.JP): IRUMA CABLE TV, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:51:00 | WinXP | 202.177.78.136 (NS.ICTV.JP): IRUMA CABLE TV, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:52:00 | Win2K-f | 194.84.56.192 (RGS.RU): (10312) HK ROSGOSSTRAKH MOSCOW, MOSCOW, MOSKVA, RU. (100Mbps) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:10:00 | WinXP | 219.249.125.27 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:4.23.60.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 0 of 33 |
8a75955033 [Firefox:27 hits: 06-20 to 08-20] 9276c8b36b [Firefox:27 hits: 06-20 to 08-20] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] |
none[4] 9276c8b36b[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:18:00 | Win2K-f | 71.79.67.62 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 22:27:00 | Win2K-f | 208.127.8.179 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | CA:done.blacktiehsbdcs.com | 135 | pcap | raw alerts ruleset |
irc 221 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox:10 hits: 07-15 to 08-20] |
none[none] | none:none |
none|none | none | none |
| 22:36:00 | WinXP | 222.147.245.149 (OCN.NE.JP): OPEN COMPUTER NETWORK, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:323 hits: 01-05 to 08-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 22:50:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:08:00 | WinXP | 12.73.32.240 (ATT.NET): AT&T WORLDNET SERVICES, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:24:00 | Win2K-f | 210.233.212.27 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 32 |
3ed16ae12d [Firefox:14 hits: 06-19 to 08-19] 79c01ec060 [Firefox:25 hits: 06-18 to 08-22] b5919931fe [Firefox:462 hits: 06-20 to 08-23] |
3ed16ae12d [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:23:38:00 | WinXP | 208.81.162.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] 73f1082158 [Firefox:893 hits: 06-18 to 08-23] e07c29c4ae [Firefox:363 hits: 06-19 to 08-23] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 23:41:00 | Win2K-f | 121.254.78.219 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:198.78.220.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1794 hits: 06-17 to 08-23] a08f3b74a4 [Firefox:607 hits: 06-18 to 08-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:53:00 | WinXP | 114.120.67.244 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1017 hits: 12-31 to 08-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |