|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:14:00 | WinXP | 119.95.179.29 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:204.160.104.126:80 US:205.128.73.126:80 HK:210.245.211.11:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:36 hits: 06-18 to 08-23] 76ee340669 [Firefox:37 hits: 06-18 to 08-23] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 00:22:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.46.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:37:00 | WinXP | 122.53.5.178 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 355cabe10f [Firefox: 2 hits: 06-11 to 07-18] |
none[4] | none:none |
StarForce| | none | trace | |
| T:01:22:00 | WinXP | 217.219.95.209 (-): TELEPHONE ELECTRONIC ZAHEDAN COMPANY INTERNET SERVICE PROVIDER, ZAHEDAN, SISTAN VA BALUCHESTAN, IR. (100Mbps) |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:224 hits: 01-01 to 08-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:01:36:00 | WinXP | 122.19.142.104 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:50:00 | WinXP | 150.199.94.114 (MO.US): MORENET, COLUMBIA, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:01:00 | WinXP | 218.211.83.32 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:08:00 | WinXP | 116.123.57.165 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:205.128.73.126:80 US:4.23.60.125:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 34 of 36 |
168aab35a3 [Firefox:115 hits: 06-17 to 08-24] cc53fa213b [Firefox: 2 hits: 08-07 to 08-16] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 02:13:00 | WinXP | 216.57.114.206 (PSHIFT.NET): POWER SHIFT COMPUTER SERVICES INC, STOWE, VERMONT, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:02:15:00 | WinXP | 203.91.186.107 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] b7082104e4 [Firefox:114 hits: 06-18 to 08-24] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 02:17:00 | WinXP | 203.91.186.107 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] b7082104e4 [Firefox:114 hits: 06-18 to 08-24] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 02:21:00 | Win2K-f | 61.31.33.163 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:56:00 | Win2K-f | 65.68.44.124 (SWBELL.NET): AT&T INTERNET SERVICES, KANSAS CITY, MISSOURI, US. (DSL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:205.128.73.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox:15 hits: 06-18 to 08-24] c6bfb5f0f2 [Firefox:15 hits: 06-18 to 08-24] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 03:20:00 | WinXP | 70.66.21.144 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:23:00 | Win2K-f | 12.198.30.48 (-): JOYCE MEDIA INC, ACTON, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] b5919931fe [Firefox:471 hits: 06-20 to 08-24] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:25:00 | WinXP | 220.137.81.172 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:332 hits: 01-05 to 08-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:37:00 | Win2K-f | 208.81.162.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:43:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
210.245.211.11:65520 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:208.111.148.226:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 115 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] bea8cb1865 [Firefox: 7 hits: 08-11 to 08-23] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:03:45:00 | WinXP | 193.248.252.205 (STATIC-IP.OLEANE.FR): TELECOM, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:105 hits: 01-08 to 08-24] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:04:10:00 | WinXP | 77.44.164.103 (HOST-213-178-230-63.ALOOLA.SY): SYRIAN COMPUTER SOCIETY SCS, SY. |
n/a | :www.proxy-socks.net | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:224 hits: 01-01 to 08-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 04:20:00 | WinXP | 78.34.15.203 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e4157a2cc3 [Firefox: 2 hits: 08-23 to 08-24] |
none[none] | none:none |
none|none | none | none | |
| 04:36:00 | Win2K-f | 76.226.96.162 (SBCGLOBAL.NET): PPPOX SE3.SFLDMI, PLANO, TEXAS, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 04:45:00 | WinXP | 85.152.120.164 (CM-85-152-106-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 68a76c215f [Firefox: 4 hits: 08-14 to 08-22] |
none[none] | none:none |
none|none | none | none |
| T:04:50:00 | WinXP | 219.68.72.224 (GIGA.NET.TW): HOSHIN GIGAMEDIA CENTER INC, TAIPEI, T'AI-PEI, TW. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | de9dec4800 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:54:00 | WinXP | 118.12.209.150 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:55:00 | Win2K-f | 4.225.141.74 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:07:00 | Win2K-f | 222.233.232.99 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.173.53:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:115 hits: 06-17 to 08-24] 667f0c59f3 [Firefox:19 hits: 07-04 to 08-24] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 05:12:00 | WinXP | 122.25.34.203 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:16:00 | Win2K-f | 218.236.215.108 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:199.93.53.125:80 US:204.160.126.124:80 HK:210.245.211.11:65520 US:8.12.222.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:28 hits: 06-20 to 08-24] 9276c8b36b [Firefox:28 hits: 06-20 to 08-24] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:29:00 | WinXP | 121.83.108.183 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:39:00 | Win2K-f | 79.150.248.102 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:53:00 | WinXP | 4.159.5.241 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CALEDONIA, MICHIGAN, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 05:55:00 | WinXP | 122.52.75.194 (PLDT.NET): IPG, PH. |
210.245.211.11:65520 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:204.160.104.126:80 US:207.123.37.126:80 US:207.123.46.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:36 hits: 06-18 to 08-23] 76ee340669 [Firefox:37 hits: 06-18 to 08-23] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 06:04:00 | WinXP | 70.233.230.70 (SBCGLOBAL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:205.128.73.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:05:00 | WinXP | 79.132.193.152 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | a92e3f8fc8 [Firefox:28 hits: 01-26 to 08-21] |
dfe02a1e52 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:11:00 | WinXP | 217.202.78.55 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 490bccf8d8 NEW |
none[none] | none:none |
none|none | none | none |
| 06:33:00 | Win2K-f | 196.208.72.155 (TELKOM-IPNET.CO.ZA): AFRINIC, JOHANNESBURG, GAUTENG, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:38:00 | WinXP | 41.214.186.145 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | a73d9b037c NEW |
none[none] | none:none |
none|none | none | none |
| 06:56:00 | WinXP | 122.18.133.164 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:57:00 | Win2K-f | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:04:00 | WinXP | 75.177.13.250 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1024 hits: 12-31 to 08-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:18:00 | WinXP | 24.109.205.28 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:26 hits: 07-28 to 08-24] |
none[none] | none:none |
none|none | none | none |
| 07:19:00 | WinXP | 70.184.14.218 (COX.NET): COX COMMUNICATIONS, JOHNSTON, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:33:00 | Win2K-f | 222.233.26.172 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:204.160.104.126:80 US:205.128.73.126:80 US:207.123.37.123:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 32 30 of 32 |
3dffacd270 [Firefox: 8 hits: 06-20 to 08-17] d5bf17f14e [Firefox:10 hits: 06-20 to 08-24] |
3dffacd270 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 08:03:00 | Win2K-f | 68.149.138.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:15:00 | Win2K-f | 76.68.29.18 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:199.93.44.124:80 US:207.123.42.126:80 US:207.123.46.125:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 111 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 35 of 36 |
819406a2a1 NEW aa0a8d6314 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:27:00 | Win2K-f | 93.81.82.224 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:30:00 | Win2K-f | 68.146.188.157 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] b5919931fe [Firefox:471 hits: 06-20 to 08-24] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:36:00 | WinXP | 116.126.26.99 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.173.47:80 US:208.111.173.52:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 108 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox:18 hits: 06-18 to 08-21] bcf66a38c8 [Firefox: 5 hits: 07-30 to 08-24] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:08:39:00 | WinXP | 125.58.98.42 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 26 of 33 |
2851817490 [Firefox: 4 hits: 06-27 to 08-24] ed4acd1f8e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:50:00 | WinXP | 92.41.202.216 (IKBCC.COM): EU-ZZ, UK. |
210.245.211.11:65520 77.91.227.179:80 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn :www.upononjob.cn DE:hereall.net :mulfika.cn IL:ksn.a1001186.wrs.flutix.com EU:viacodecright2.com IL:wr.kastora.com IL:dl.bundlext.com US:pricestan.cc DE:ebookfinaltrash.ru US:searchportal.information.com US:208.73.210.32:80 HK:210.245.211.11:65520 EU:91.203.92.13:80 EU:91.203.92.25:80 |
445 | pcap | raw alerts ruleset |
http irc http http http http 539 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 13 of 36 16 of 36 14 of 36 26 of 36 0 of 36 |
10a081161d NEW 351f8b17da NEW 35f4e44060 NEW 75d013e972 [Firefox: 8 hits: 08-20 to 08-24] 7f2646c230 NEW b836bbbc36 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| T:08:56:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:03:00 | WinXP | 200.141.168.88 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:ebookfinaltrash.ru US:searchportal.information.com US:spi.domainsponsor.com IL:wr.kastora.com IL:dl.bundlext.com CA:www.bmo.com US:b155.mcboo.com IL:194.90.224.86:80 |
445 | pcap | raw alerts ruleset |
irc http http http http http http http http 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:06:00 | WinXP | 60.254.217.106 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 35 | df2f0e165e NEW |
none[none] | none:none |
none|none | none | none |
| T:09:06:00 | WinXP | 60.254.217.106 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | df2f0e165e NEW |
none[none] | none:none |
none|none | none | none |
| T:09:18:00 | WinXP | 211.203.16.62 (HANANET.NET): HANARO TELECOM INC, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:209.84.20.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 34 of 36 |
168aab35a3 [Firefox:115 hits: 06-17 to 08-24] 7cebed19c8 [Firefox: 2 hits: 08-16 to 08-19] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 09:24:00 | WinXP | 4.248.54.7 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:332 hits: 01-05 to 08-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:33:00 | Win2K-f | 118.217.249.55 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.201.126:80 US:206.33.45.125:80 US:209.84.20.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 100 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:115 hits: 06-17 to 08-24] 61426996c3 [Firefox:10 hits: 06-20 to 08-20] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 09:34:00 | WinXP | 4.152.219.29 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEWPORT NEWS, VIRGINIA, US. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru DE:dl2.teenpassage.com RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox:12 hits: 08-08 to 08-23] |
none[none] | none:none |
none|none | none | none |
| 10:21:00 | Win2K-f | 24.30.174.247 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:36:00 | WinXP | 217.202.25.64 (-): TELECOM ITALIA MOBILE, IT. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 1a274b66c2 NEW |
none[none] | none:none |
none|none | none | none |
| 10:51:00 | Win2K-f | 91.177.90.150 (ISP.BELGACOM.BE): BELGACOM-ADSL, BE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 38 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 10:51:00 | WinXP | 85.186.126.154 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:10:51:00 | WinXP | 90.150.121.102 (PERMONLINE.RU): PFES.FOR ADSL USERS, RU. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk :nano.youracneclear.com |
445 | pcap | raw alerts ruleset |
ftp irc http 610 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 13 of 31 |
264f19f9cc NEW e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| T:10:53:00 | Win2K-f | 118.166.46.202 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 10:53:00 | WinXP | 89.169.155.213 (-): MOSINFOLINE, RU. |
n/a | 445 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:55:00 | Win2K-f | 85.186.127.138 (-): ASTRAL SUCEAVA AIPA, RO. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:10:55:00 | WinXP | 90.189.183.151 (SNT.RU): OJSC SIBIRTELECOM, RU. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 10:57:00 | Win2K-f | 71.85.123.253 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 57 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:10:57:00 | Win2K-f | 80.130.54.65 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, OLDENBURG, NIEDERSACHSEN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:59:00 | Win2K-f | 151.23.55.62 (-): MANAGEMENT SCHEDE E1/PRI, IT. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 11:02:00 | Win2K-f | 212.46.228.1 (TYUMEN-CITY.RU): TYUMEN CITY GOVERNMENT NETWORK, RU. |
69.42.216.108:9890 69.42.216.121:2070 | :f.unicat.org FR:www.members.lycos.co.uk :nano.youracneclear.com |
445 | pcap | raw alerts ruleset |
ftp irc http 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 36 13 of 31 |
0e97465e3f NEW e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| 11:03:00 | Win2K-f | 92.84.67.112 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:05:00 | Win2K-f | 190.173.144.82 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:05:00 | WinXP | 89.136.1.35 (-): ASTRAL GALATI, GALATI, GALATI, RO. |
69.42.216.108:9890 69.42.216.121:2070 | :f.unicat.org FR:www.members.lycos.co.uk :nano.youracneclear.com |
445 | pcap | raw alerts ruleset |
ftp irc http 141 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 36 13 of 31 |
0e97465e3f NEW e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| 11:05:00 | WinXP | 78.54.102.254 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:06:00 | WinXP | 86.106.56.223 (UPCNET.RO): SC UPC ROMANIA SA, PLOIESTI, PRAHOVA, RO. |
69.42.216.108:9890 69.42.216.108:2010 69.42.216.107:2041 | :f.unicat.org FR:www.members.lycos.co.uk :adware.rxmods.net :irc.goth1c.info FR:213.193.4.11:80 |
445 | pcap | raw alerts ruleset |
ftp irc http 1155 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 19 of 36 18 of 35 13 of 31 |
24c3943ad4 NEW abe1b198e4 NEW cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] none [none] none [none] fda109a6fd[0] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| |
none none none lines=583 embedded dns |
none none none trace |
| 11:22:00 | WinXP | 190.128.124.71 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, CO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 11:24:00 | Win2K-f | 92.125.241.209 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc http 840 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| T:11:27:00 | WinXP | 78.96.9.223 (-): ASTRAL ROMAN DOCSIS, RO. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:28:00 | Win2K-f | 89.129.157.80 (YA.COM): YA.COM INTERNET FACTORY, BARCELONA, CATALUñA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:31:00 | WinXP | 88.204.179.207 (-): JSC KAZAKHTELECOM ASTNA AFFILIATE, KZ. |
69.42.216.108:9890 69.42.216.108:2010 | :f.unicat.org FR:www.members.lycos.co.uk :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 475 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| T:11:34:00 | Win2K-f | 71.85.123.253 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc http 442 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| T:11:34:00 | Win2K-f | 61.231.70.207 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:35:00 | Win2K-f | 92.125.241.209 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 49 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:11:36:00 | Win2K-f | 85.183.151.155 (ALICEDSL.DE): HANSENET-ADSL, DE. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 442 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| 11:40:00 | WinXP | 78.96.234.194 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:51:00 | WinXP | 90.150.143.131 (-): OJSC URALSVYAZINFORM EKATERINBURG DEPARTMENT, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 62 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:11:52:00 | Win2K-f | 86.106.85.144 (CELLNET.RO): SC CELL-NET GRUP SRL, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace | |
| 11:53:00 | Win2K-f | 200.104.238.236 (VTR.NET): VTR BANDA ANCHA S.A, SANTIAGO, REGION METROPOLITANA, CL. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:11:53:00 | WinXP | 91.67.8.107 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:55:00 | WinXP | 78.131.122.146 (-): EMKTV DOROG DOCSIS, HU. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 11:58:00 | Win2K-f | 85.183.151.155 (ALICEDSL.DE): HANSENET-ADSL, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 11:58:00 | Win2K-f | 90.150.143.131 (-): OJSC URALSVYAZINFORM EKATERINBURG DEPARTMENT, EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 11:59:00 | Win2K-f | 203.115.65.142 (PACENET-INDIA.COM): INDIA'S PREMEIR BROADBAND AND IPTV SERVICES MUMBAI, MUMBAI, MAHARASHTRA, IN. (DSL) |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:05:00 | Win2K-f | 85.186.165.38 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc http 1058 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 11 of 36 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] efea4bcc80 NEW |
none[none] fda109a6fd[0] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=583 embedded dns none |
none trace none |
| 12:06:00 | Win2K-f | 91.64.217.128 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, TRIER, RHEINLAND-PFALZ, DE. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc http 1048 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 11 of 36 35 of 36 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e203ce72cd NEW fc14c6727d NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:12:07:00 | WinXP | 91.64.47.217 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.108:9890 69.42.216.108:2010 | :f.unicat.org FR:www.members.lycos.co.uk :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 1128 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 18 of 35 13 of 31 |
cc303a6263 NEW cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] none [none] fda109a6fd[0] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=583 embedded dns |
none none trace |
| T:12:10:00 | Win2K-f | 78.97.80.158 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 12:11:00 | WinXP | 85.186.165.38 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 45 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:11:00 | Win2K-f | 85.186.126.154 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:14:00 | WinXP | 91.67.230.210 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 47 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | c86fc630d2 [Firefox: 2 hits: 05-18 to 05-18] |
none[4] | none:none |
ASProtect| | none | trace |
| 12:15:00 | WinXP | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] e07c29c4ae [Firefox:369 hits: 06-19 to 08-24] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:20:00 | WinXP | 91.67.230.210 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org FR:www.members.lycos.co.uk |
445 | pcap | raw alerts ruleset |
ftp irc 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | c86fc630d2 [Firefox: 2 hits: 05-18 to 05-18] |
none[4] | none:none |
ASProtect| | none | trace |
| 12:32:00 | Win2K-f | 78.96.9.223 (-): ASTRAL ROMAN DOCSIS, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:41:00 | Win2K-f | 203.115.65.142 (PACENET-INDIA.COM): INDIA'S PREMEIR BROADBAND AND IPTV SERVICES MUMBAI, MUMBAI, MAHARASHTRA, IN. (DSL) |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:12:45:00 | Win2K-f | 78.96.8.96 (-): ASTRAL TURDA DOCSIS, TURDA, CLUJ, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 12:54:00 | Win2K-f | 98.140.228.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:12:00 | Win2K-f | 60.195.106.248 (-): BEIJING TELETRON TELECOM ENGINEERING CO. LTD, TOKYO, TOKYO, JP. |
210.245.211.11:65520 77.91.227.179:80 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn :www.upononjob.cn DE:hereall.net :mulfika.cn IL:ksn.a1001186.wrs.flutix.com EU:viacodecright2.com IL:wr.kastora.com IL:dl.bundlext.com US:b155.mcboo.com US:csx.adservs.com EU:91.203.92.13:80 EU:91.203.92.25:80 |
139 | pcap | raw alerts ruleset |
irc http 502 lines |
Yeah : 1.3 profile |
none | summary tarball |
16 of 36 13 of 36 14 of 36 26 of 36 33 of 36 |
115b5d71ef NEW 4e5279ec45 NEW 75d013e972 [Firefox: 8 hits: 08-20 to 08-24] 7f2646c230 NEW dfc43fb6c7 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| 13:12:00 | WinXP | 60.195.106.248 (-): BEIJING TELETRON TELECOM ENGINEERING CO. LTD, TOKYO, TOKYO, JP. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | dfc43fb6c7 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:17:00 | WinXP | 85.74.252.43 (OTENET.GR): MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS, GR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:93 hits: 01-03 to 08-24] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:23:00 | Win2K-f | 190.18.194.138 (-): . |
69.42.216.108:9890 69.42.216.108:2010 | :f.unicat.org FR:www.members.lycos.co.uk :adware.rxmods.net |
445 | pcap | raw alerts ruleset |
ftp irc http 444 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 35 13 of 31 |
cd75030ece [Firefox: 8 hits: 07-29 to 08-05] e8d4d8cde1 [Firefox:409 hits: 03-31 to 08-23] |
none[none] fda109a6fd[0] |
none:none ASM:Graph |
none|none ASProtect| |
none lines=583 embedded dns |
none trace |
| 13:26:00 | Win2K-f | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 57ce4acac2 [Firefox:148 hits: 06-17 to 08-24] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:31:00 | WinXP | 24.71.229.255 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, FT. MCMURRAY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 756 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 381e3033c0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:39:00 | Win2K-f | 71.179.196.195 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:wr.kastora.com |
445 | pcap | raw alerts ruleset |
irc http 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:46:00 | WinXP | 63.17.213.245 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:47:00 | Win2K-f | 88.203.205.31 (SPNET.NET): SPNET, BG. |
210.245.211.11:65520 | DE:dl2.teenpassage.com DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:47:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:204.160.104.126:80 US:204.160.126.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 [Firefox: 6 hits: 06-18 to 08-23] f0e73c39a8 [Firefox: 7 hits: 06-18 to 08-23] |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 13:59:00 | WinXP | 24.43.99.173 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:05:00 | Win2K-f | 192.203.2.145 (AF.MIL): ENGINEERING ANALYSIS AF, SAN ANTONIO, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
irc 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:07:00 | Win2K-f | 65.95.156.78 (BELL.CA): SYMPATICO HSE, TORONTO, ONTARIO, CA. (DSL) |
210.245.211.11:65520 | **:169.254.43.219:707 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:22:00 | Win2K-f | 211.128.202.190 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:199.93.44.126:80 US:207.123.46.126:80 US:209.84.20.126:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 111 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 29 of 36 |
462c169957 NEW 82558dde21 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:30:00 | Win2K-f | 89.178.14.44 (CORBINA.RU): BROADBAND CUSTOMERS IN MOSCOW, MOSCOW, MOSKVA, RU. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:35:00 | Win2K-f | 216.139.96.35 (GRM.NET): GRAND RIVER MUTUAL TELEPHONE CORPORATION, PRINCETON, MISSOURI, US. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:38:00 | WinXP | 69.132.10.192 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com EU:ebookfinaltrash.ru US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 35 29 of 29 |
94396e7738 NEW a12cab51ef [Firefox:486 hits: 01-01 to 08-23] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:14:47:00 | WinXP | 76.226.96.162 (SBCGLOBAL.NET): PPPOX SE3.SFLDMI, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] e07c29c4ae [Firefox:369 hits: 06-19 to 08-24] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:09:00 | Win2K-f | 220.57.120.8 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:26:00 | Win2K-f | 70.75.195.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 756 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 381e3033c0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:48:00 | WinXP | 200.226.103.120 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 766eff0ca8 NEW |
none[none] | none:none |
none|none | none | none |
| 16:01:00 | WinXP | 201.20.199.245 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:02:00 | WinXP | 190.30.16.30 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:19:00 | Win2K-f | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:25:00 | WinXP | 12.219.119.131 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, MOYOCK, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 41 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 0 of 36 29 of 29 0 of 36 |
42901ef5c6 NEW 5749944768 NEW a12cab51ef [Firefox:486 hits: 01-01 to 08-23] c84f80ac92 NEW |
none[none] none [none] 40f7f463c4[0] none [none] |
none:none none:none ASM:Graph none:none |
none|none none|none ASPack| none|none |
none none lines=281 embedded dns none |
none none trace none |
| T:16:27:00 | WinXP | 4.230.228.140 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 44 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 32 0 of 36 |
ba063349f2 NEW e60e575448 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:34:00 | WinXP | 58.90.241.225 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:34:00 | WinXP | 68.173.224.174 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1024 hits: 12-31 to 08-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:48:00 | WinXP | 67.10.218.137 (RR.COM): ROAD RUNNER HOLDCO LLC, SUGAR LAND, TEXAS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:54:00 | Win2K-f | 219.71.235.221 (NVWTV.COM.TW): HOSHIN GIGAMEDIA CENTER INC, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 30 of 35 0 of 32 |
017226a316 [Firefox: 4 hits: 07-27 to 08-24] 9b03689ec5 [Firefox: 4 hits: 07-27 to 08-24] b5919931fe [Firefox:471 hits: 06-20 to 08-24] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 17:29:00 | WinXP | 99.250.205.203 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:206.33.45.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:47:00 | Win2K-f | 76.161.225.191 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:01:00 | Win2K-f | 99.145.86.147 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:01:00 | Win2K-f | 65.67.112.112 (SWBELL.NET): PPPOX - RCSNTXRBACK, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:03:00 | WinXP | 61.227.132.205 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:18:00 | WinXP | 222.233.39.115 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 07645465a6 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:19:00 | Win2K-f | 222.233.39.115 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 07645465a6 NEW |
none[none] | none:none |
none|none | none | none |
| 18:24:00 | WinXP | 70.242.11.125 (SWBELL.NET): PPPOX POOL - RBACK22 HSTNTX 082904-1727, HOUSTON, TEXAS, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:24:00 | WinXP | 70.242.11.125 (SWBELL.NET): PPPOX POOL - RBACK22 HSTNTX 082904-1727, HOUSTON, TEXAS, US. (DSL) |
n/a | RU:moscow-advokat.ru NO:london.uk.eu.undernet.org SE:viking.dal.net :flanders.be.eu.undernet.org SE:coins.dal.net US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:500 hits: 12-31 to 08-24] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:32:00 | WinXP | 4.233.194.199 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:368 hits: 12-31 to 08-24] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:43:00 | Win2K-f | 4.249.96.168 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:52:00 | WinXP | 122.25.145.143 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:55:00 | WinXP | 76.172.168.91 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:507 hits: 01-01 to 08-24] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:10:00 | WinXP | 64.175.34.174 (PACBELL.NET): PPPOX POOL RBACK1.PLTNCA, VACAVILLE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.123:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:19:00 | WinXP | 41.214.169.152 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a73d9b037c NEW |
none[none] | none:none |
none|none | none | none |
| T:19:29:00 | WinXP | 125.233.168.93 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 68a76c215f [Firefox: 4 hits: 08-14 to 08-22] |
none[none] | none:none |
none|none | none | none |
| 20:03:00 | WinXP | 216.195.149.80 (GWI.NET): GREAT WORKS INTERNET, WISCASSET, MAINE, US. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:26 hits: 07-28 to 08-24] |
none[none] | none:none |
none|none | none | none |
| 20:07:00 | Win2K-f | 70.119.123.43 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:22:00 | WinXP | 75.138.115.242 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox:16 hits: 08-02 to 08-23] |
none[none] | none:none |
none|none | none | none |
| 20:24:00 | WinXP | 12.73.150.79 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1024 hits: 12-31 to 08-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:25:00 | WinXP | 12.73.150.79 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1024 hits: 12-31 to 08-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:55:00 | Win2K-f | 218.211.140.180 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:02:00 | Win2K-f | 206.169.217.116 (NETPTC.NET): PONDEROSA CABLEVISION, HANFORD, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] a08f3b74a4 [Firefox:623 hits: 06-18 to 08-24] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:37:00 | Win2K-f | 76.77.231.48 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:38:00 | Win2K-f | 70.70.215.5 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] b5919931fe [Firefox:471 hits: 06-20 to 08-24] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 21:58:00 | WinXP | 219.109.110.48 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCORPORATED), OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:332 hits: 01-05 to 08-24] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:14:00 | WinXP | 12.78.7.110 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:368 hits: 12-31 to 08-24] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:16:00 | Win2K-f | 122.146.82.109 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 US:8.12.202.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 73f1082158 [Firefox:911 hits: 06-18 to 08-24] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:36:00 | Win2K-f | 218.53.157.129 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:209.84.20.126:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:28 hits: 06-20 to 08-24] 9276c8b36b [Firefox:28 hits: 06-20 to 08-24] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:41:00 | WinXP | 118.169.215.9 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1832 hits: 06-17 to 08-24] 57ce4acac2 [Firefox:148 hits: 06-17 to 08-24] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:50:00 | Win2K-f | 91.21.85.93 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, TRIER, RHEINLAND-PFALZ, DE. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:56:00 | Win2K-f | 98.140.228.136 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:59:00 | WinXP | 124.227.227.18 (163DATA.COM.CN): CHINANET GUANGXI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1024 hits: 12-31 to 08-24] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |