|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 119.228.183.201 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:136 hits: 01-08 to 09-22] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 00:16:00 | WinXP | 96.52.163.127 (-): . |
91.192.36.142:7000 | NL:realtek.aswend.com | 135 | pcap | raw alerts ruleset |
irc 540 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | dd1174cc29 NEW |
none[none] | none:none |
none|none | none | none |
| 00:48:00 | WinXP | 68.144.18.72 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 299 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | d799133dd3 NEW |
none[none] | none:none |
none|none | none | none | |
| 00:50:00 | Win2K-f | 219.255.79.46 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.220.124:80 US:206.33.45.125:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:134 hits: 06-17 to 09-22] 4c3df24b32 [Firefox:188 hits: 06-17 to 09-21] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:53:00 | WinXP | 217.201.68.10 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c3914afebc NEW |
none[none] | none:none |
none|none | none | none |
| T:00:53:00 | WinXP | 217.201.68.10 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c3914afebc NEW |
none[none] | none:none |
none|none | none | none |
| 00:56:00 | WinXP | 24.165.140.55 (RR.COM): ROAD RUNNER HOLDCO LLC, LORAIN, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:new.egg.com GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:527 hits: 01-01 to 09-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 00:58:00 | WinXP | 85.243.53.29 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PORTO, PORTO, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:gaz-prom.ru NO:london.uk.eu.undernet.org :gaspode.zanet.org.za :flanders.be.eu.undernet.org :washington.dc.us.undernet.org US:lia.zanet.net |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 93a723b64a NEW |
none[none] | none:none |
none|none | none | none |
| T:00:58:00 | WinXP | 85.243.53.29 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PORTO, PORTO, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 93a723b64a NEW |
none[none] | none:none |
none|none | none | none |
| 01:37:00 | WinXP | 82.15.48.132 (NTL.COM): NTL INFRASTRUCTURE - LEICESTER, READING, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:57:00 | WinXP | 124.66.253.15 (FCH.NE.JP): FUREAI CHANNEL INC, HIROSHIMA, HIROSHIMA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:02:10:00 | WinXP | 72.136.35.109 (ROGERS.COM): ROGERS CABLE INC. YM, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.144.188:80 US:208.111.144.192:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:36:00 | WinXP | 203.91.186.134 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] b7082104e4 [Firefox:145 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:03:01:00 | WinXP | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:196 hits: 06-17 to 09-22] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 03:16:00 | WinXP | 4.224.45.161 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DELAWARE, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:18:00 | Win2K-f | 207.5.188.172 (GWI.NET): GREAT WORKS INTERNET, SHAPLEIGH, MAINE, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 03:22:00 | Win2K-f | 222.232.179.246 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:30 hits: 06-17 to 09-22] b5919931fe [Firefox:635 hits: 06-20 to 09-22] f23b040440 [Firefox:20 hits: 06-22 to 09-22] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| 03:33:00 | Win2K-f | 87.4.148.14 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
84.244.6.253:2345 | DE:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 | fb1fa52455 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:37:00 | Win2K-f | 123.214.227.81 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 34 of 36 |
4c3df24b32 [Firefox:188 hits: 06-17 to 09-21] b5919931fe [Firefox:635 hits: 06-20 to 09-22] e2e45762bf NEW |
4c3df24b32 [1] b5919931fe[1] none [none] |
ASM:Graph ASM:Graph none:none |
Armadillo| ASProtect| none|none |
lines=81 lines=90 none |
trace trace none |
| 04:08:00 | WinXP | 220.215.238.122 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:08:00 | WinXP | 88.233.152.48 (TTNET.NET.TR): TT ADSL-ALCATEL_GAY, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 75537c16ed NEW |
none[none] | none:none |
none|none | none | none |
| 04:15:00 | WinXP | 220.219.10.50 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:37:00 | WinXP | 117.99.14.241 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 05:06:00 | Win2K-f | 219.251.194.235 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 0 of 32 |
8a75955033 [Firefox:35 hits: 06-20 to 09-21] 9276c8b36b [Firefox:35 hits: 06-20 to 09-21] b5919931fe [Firefox:635 hits: 06-20 to 09-22] |
none[4] 9276c8b36b[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 05:36:00 | WinXP | 74.78.62.246 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:81 hits: 01-14 to 09-21] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:05:43:00 | WinXP | 77.253.139.52 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e1a16d858c [Firefox: 4 hits: 09-20 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:05:49:00 | WinXP | 68.184.109.17 (CHARTER.COM): CHARTER COMMUNICATIONS, DOUGLAS, GEORGIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:08:00 | WinXP | 61.207.145.100 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:36:00 | WinXP | 85.84.104.137 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, GETXO, PAIS VASCO, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:54:00 | WinXP | 217.202.59.224 (-): TELECOM ITALIA MOBILE, IT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:22:00 | Win2K-f | 4.154.65.87 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DOUGLASVILLE, GEORGIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:26:00 | WinXP | 64.130.149.211 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e1b693266c NEW |
none[none] | none:none |
none|none | none | none |
| 07:29:00 | WinXP | 77.253.175.208 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e1a16d858c [Firefox: 4 hits: 09-20 to 09-21] |
none[none] | none:none |
none|none | none | none |
| 07:29:00 | WinXP | 83.74.9.8 (IP.TELE2ADSL.DK): NETCOM, DK. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:coins.dal.net NO:london.uk.eu.undernet.org SE:ced.dal.net :washington.dc.us.undernet.org :diemen.nl.eu.undernet.org :brussels.be.eu.undernet.org SE:ozbytes.dal.net SE:vancouver.dal.net :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org :caen.fr.eu.undernet.org :flanders.be.eu.undernet.org SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c6059fcbd5 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:42:00 | WinXP | 4.136.207.243 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARTANBURG, SOUTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 460 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 0965a28cb9 [Firefox: 2 hits: 07-19 to 07-22] |
none[none] | none:none |
none|none | none | none | |
| 07:48:00 | Win2K-f | 124.60.82.192 (-): POWERCOM, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 32 of 33 |
4c3df24b32 [Firefox:188 hits: 06-17 to 09-21] 58408136a4 [Firefox:18 hits: 06-28 to 09-15] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:08:02:00 | WinXP | 58.226.126.22 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox: 9 hits: 07-10 to 09-18] 740e3bffe0 [Firefox:10 hits: 06-25 to 09-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:07:00 | WinXP | 41.234.195.225 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | d6158c8ce9 [Firefox: 3 hits: 09-21 to 09-22] |
none[none] | none:none |
none|none | none | none |
| 08:09:00 | WinXP | 77.253.198.29 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e1a16d858c [Firefox: 4 hits: 09-20 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:08:13:00 | WinXP | 77.253.198.29 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e1a16d858c [Firefox: 4 hits: 09-20 to 09-21] |
none[none] | none:none |
none|none | none | none |
| 08:19:00 | Win2K-f | 122.147.99.93 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:44:00 | Win2K-f | 70.61.156.64 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.201.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:49:00 | WinXP | 92.114.223.122 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cf2dccf188 [Firefox: 2 hits: 09-16 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:08:50:00 | WinXP | 78.50.13.107 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | EU:ebookfinaltrash.ru US:searchportal.information.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:245 hits: 01-01 to 09-22] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:09:07:00 | WinXP | 63.252.248.13 (MCLEODUSA.NET): GREEN COUNTY CABLE, TULSA, OKLAHOMA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:174 hits: 01-01 to 09-22] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 09:08:00 | WinXP | 79.152.42.224 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
194.54.90.246:80 | HK:proxima.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 95db5533b0 NEW |
none[none] | none:none |
none|none | none | none |
| 09:15:00 | Win2K-f | 68.184.98.46 (CHARTER.COM): CHARTER COMMUNICATIONS, DOUGLAS, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:16:00 | WinXP | 76.172.160.110 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:554 hits: 01-01 to 09-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:08:00 | WinXP | 83.132.30.59 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, AMADORA, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox: 6 hits: 09-14 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:10:13:00 | WinXP | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:20:00 | WinXP | 217.21.44.173 (CONDOR.UNICA.BY): UNICA-BRANCH OF ZAO KLEMENS, MINSK, MINSK, BY. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:31:00 | Win2K-f | 68.149.39.91 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
91.192.36.142:7000 | NL:realtek.aswend.com | 135 | pcap | raw alerts ruleset |
irc 548 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 36 | 89e1f234f1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:33:00 | WinXP | 71.72.97.1 (RR.COM): ROAD RUNNER HOLDCO LLC, MT. VERNON, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:10:41:00 | WinXP | 4.131.142.3 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:50:00 | WinXP | 82.15.41.177 (NTL.COM): NTL INFRASTRUCTURE - BAGULEY, HARTLEPOOL, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:00:00 | Win2K-f | 209.226.100.52 (BELL.CA): BELL CANADA, TORONTO, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:37:00 | WinXP | 79.138.153.13 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:16 hits: 09-13 to 09-22] |
none[none] | none:none |
none|none | none | none |
| T:11:37:00 | WinXP | 72.131.81.202 (RR.COM): ROAD RUNNER HOLDCO LLC, BROOKFIELD, WISCONSIN, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:50:00 | WinXP | 80.218.177.173 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 03d7e3a0df NEW |
none[none] | none:none |
none|none | none | none |
| T:11:50:00 | WinXP | 80.218.177.173 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 03d7e3a0df NEW |
none[none] | none:none |
none|none | none | none |
| 12:26:00 | Win2K-f | 98.140.228.75 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:28:00 | WinXP | 67.67.90.179 (SWBELL.NET): PPPOX POOL - RBACK17 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:30:00 | WinXP | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 57ce4acac2 [Firefox:196 hits: 06-17 to 09-22] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:34:00 | WinXP | 4.89.184.108 (HPRHSFN.COM): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru :wpad :www.proxy-socks.net DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:245 hits: 01-01 to 09-22] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 12:41:00 | Win2K-f | 68.148.30.92 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:13:00 | WinXP | 66.19.187.94 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:19:00 | WinXP | 84.217.249.15 (GLOCALNET.NET): GLOCALNET-SE-NET, SE. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | b9e6a0c882 [Firefox: 3 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:13:19:00 | WinXP | 84.217.249.15 (GLOCALNET.NET): GLOCALNET-SE-NET, SE. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | b9e6a0c882 [Firefox: 3 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:13:20:00 | WinXP | 85.27.148.81 (1101232.SYDFYNSNET.DK): IP ADRESSES FOR CONNECTED CUSTOMERS, DK. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net :washington.dc.us.undernet.org SE:vancouver.dal.net NL:diemen.nl.eu.undernet.org :caen.fr.eu.undernet.org SE:qis.md.us.dal.net :lulea.se.eu.undernet.org SE:broadway.ny.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:38:00 | WinXP | 88.157.82.154 (REV-82-102-32-10.TVTEL.PT): TVTEL - GRANDE PORTO COMUNICACOES SA, PORTO, PORTO, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 42cd06418e NEW |
none[none] | none:none |
none|none | none | none |
| T:13:45:00 | WinXP | 118.231.11.172 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:11 hits: 09-17 to 09-22] |
none[none] | none:none |
none|none | none | none |
| T:13:47:00 | WinXP | 80.29.224.175 (-): TELEFONICA MOVILES ESPANA (NCC#2006042768), ES. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox: 6 hits: 09-14 to 09-21] |
none[none] | none:none |
none|none | none | none |
| 13:47:00 | WinXP | 80.29.224.175 (-): TELEFONICA MOVILES ESPANA (NCC#2006042768), ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox: 6 hits: 09-14 to 09-21] |
none[none] | none:none |
none|none | none | none |
| 13:54:00 | WinXP | 89.204.183.241 (O2.COM): O2 GERMANY GMBH & CO. OHG, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:56:00 | WinXP | 89.204.183.241 (O2.COM): O2 GERMANY GMBH & CO. OHG, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:58:00 | WinXP | 217.219.95.194 (-): TELEPHONE ELECTRONIC ZAHEDAN COMPANY INTERNET SERVICE PROVIDER, ZAHEDAN, SISTAN VA BALUCHESTAN, IR. (100Mbps) |
n/a | GB:welcome3.smile.co.uk EU:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:245 hits: 01-01 to 09-22] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:14:03:00 | WinXP | 86.96.9.99 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:18:00 | WinXP | 41.214.188.26 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c20ca482e5 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:25:00 | WinXP | 87.11.145.40 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, NAPOLI, CAMPANIA, IT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d99da8735e [Firefox: 4 hits: 09-18 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 14:42:00 | WinXP | 98.15.200.109 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:45:00 | WinXP | 207.144.212.50 (INFOAVE.NET): PALMETTO RURAL TELEPHONE COMPANY (DIAL-UP), WALTERBORO, SOUTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:06:00 | WinXP | 4.231.151.242 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DEER PARK, TEXAS, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:16 hits: 01-20 to 09-19] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:08:00 | WinXP | 69.183.219.18 (SNET.NET): BRAS11B.MRDNCT, NORWALK, CONNECTICUT, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:554 hits: 01-01 to 09-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:24:00 | Win2K-f | 71.136.17.68 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 32 |
73ce2b74da [Firefox:13 hits: 06-18 to 09-21] 79c01ec060 [Firefox:40 hits: 06-18 to 09-21] b5919931fe [Firefox:635 hits: 06-20 to 09-22] |
73ce2b74da [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 15:25:00 | Win2K-f | 207.5.204.71 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:46:00 | Win2K-f | 4.236.141.153 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.37.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:51:00 | WinXP | 85.152.185.71 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc [Firefox: 2 hits: 09-14 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:16:48:00 | Win2K-f | 71.36.11.143 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:48:00 | WinXP | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 57ce4acac2 [Firefox:196 hits: 06-17 to 09-22] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:50:00 | WinXP | 66.53.81.88 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:56:00 | WinXP | 4.89.184.161 (HPRHSFN.COM): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | RU:www.bbin.ru RU:www.binbank.ru DE:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:245 hits: 01-01 to 09-22] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 17:18:00 | Win2K-f | 75.137.154.25 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:22:00 | WinXP | 99.163.51.16 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:17:38:00 | WinXP | 24.109.53.172 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 0347304e75 NEW |
none[none] | none:none |
none|none | none | none |
| 17:44:00 | Win2K-f | 24.67.120.47 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 260 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:28 hits: 06-18 to 09-20] e53a9ea82e [Firefox:28 hits: 06-18 to 09-20] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
|
| T:18:14:00 | Win2K-f | 118.87.26.63 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 NEW e4ed4df0f0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:25:00 | Win2K-f | 68.144.110.160 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
lanman shell shell shell 1762 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 5 of 36 |
0381578ce5 NEW f83a14ca37 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:18:40:00 | WinXP | 88.30.157.138 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc [Firefox: 2 hits: 09-14 to 09-21] |
none[none] | none:none |
none|none | none | none |
| 18:50:00 | WinXP | 64.184.20.89 (SWAYZEE.COM): SWAYZEE TELEPHONE CO, DALLAS, TEXAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 [Firefox: 3 hits: 09-13 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:18:52:00 | WinXP | 24.195.233.87 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.46.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:11:00 | WinXP | 68.146.99.214 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
2204fd4d17 [Firefox: 5 hits: 09-15 to 09-20] eb0857e1b1 [Firefox: 5 hits: 09-15 to 09-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:28:00 | WinXP | 24.67.102.35 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.46.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 267 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 |
2e99f5a69b NEW ec16941838 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:33:00 | WinXP | 4.230.159.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN ANTONIO, TEXAS, US. (DIAL) |
n/a | DE:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru :wpad US:searchportal.information.com GB:welcome3.smile.co.uk GB:195.92.84.198:80 US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:527 hits: 01-01 to 09-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:19:49:00 | WinXP | 125.196.145.184 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:554 hits: 01-01 to 09-22] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:50:00 | WinXP | 125.196.153.206 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f48648a951 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:54:00 | WinXP | 12.76.225.6 (ATT.NET): AT&T WORLDNET SERVICES, HUNTSVILLE, ALABAMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 20:06:00 | WinXP | 69.155.190.75 (SWBELL.NET): PPPOX POOL - BRAS1 STLSMO, ST. LOUIS, MISSOURI, US. |
58.65.234.9:80 | EU:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk US:shaheeds.org :daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com US:www.counterdata.com DE:m1.webstats.motigo.com FI:imgs2.kavkazcenter.com HK:yahoo-analytics.net HK:pinoc.org HK:google-analyze.org :www.google.com GB:www.chechenpress.co.uk FI:static.kavkazchat.com US:www.google-analytics.com HK:google-analyze.cn US:activex.microsoft.com US:video.google.com US:www.youtube.com DE:ebookfinaltrash.ru US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 228 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:39 hits: 01-02 to 09-12] |
none[3] | none:none |
ASPack| | none | trace |
| 20:20:00 | WinXP | 122.26.197.180 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :www.proxy-socks.net :marsho.dk US:www.jamaatshariat.com DE:m1.webstats.motigo.com US:www.counterdata.com FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com HK:yahoo-analytics.net HK:pinoc.org HK:google-analyze.org **:169.254.249.214:2490 HK:58.65.234.9:80 |
445 | pcap | raw alerts ruleset |
http 158 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:25:00 | Win2K-f | 68.148.68.37 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 195 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 36 34 of 36 0 of 32 |
35853b9158 NEW 8e5af24569 NEW b5919931fe [Firefox:635 hits: 06-20 to 09-22] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:20:33:00 | WinXP | 72.251.14.147 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1141 hits: 12-31 to 09-22] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:35:00 | WinXP | 4.232.3.10 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BREA, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:20:38:00 | WinXP | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:196 hits: 06-17 to 09-22] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 20:50:00 | Win2K-f | 72.136.35.109 (ROGERS.COM): ROGERS CABLE INC. YM, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] b5919931fe [Firefox:635 hits: 06-20 to 09-22] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:51:00 | WinXP | 98.105.56.73 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:06:00 | WinXP | 99.141.120.216 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] 73f1082158 [Firefox:1185 hits: 06-18 to 09-22] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:09:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:26 hits: 06-17 to 09-21] 41efedf70f [Firefox:25 hits: 06-19 to 09-21] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 21:20:00 | WinXP | 118.218.77.126 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:611 hits: 12-31 to 09-22] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 21:21:00 | Win2K-f | 119.94.163.127 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 609 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 95aa4a8220 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:00:00 | Win2K-f | 218.211.207.156 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:21:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 32 of 36 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] b5919931fe [Firefox:635 hits: 06-20 to 09-22] bea8cb1865 [Firefox:14 hits: 08-11 to 09-22] |
none[4] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
tElock| ASProtect| none|none |
none lines=90 none |
trace trace none |
| 22:31:00 | WinXP | 68.121.86.53 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] e07c29c4ae [Firefox:485 hits: 06-19 to 09-22] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:22:52:00 | WinXP | 58.1.152.89 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:391 hits: 01-05 to 09-22] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:34:00 | WinXP | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:42:00 | Win2K-f | 4.174.180.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 138 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2390 hits: 06-17 to 09-22] a08f3b74a4 [Firefox:834 hits: 06-18 to 09-22] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:42:00 | WinXP | 193.248.164.230 (STATIC-IP.OLEANE.FR): TELECOM, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:410 hits: 12-31 to 09-22] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:58:00 | WinXP | 117.99.48.141 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:48 hits: 01-02 to 09-22] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:59:00 | WinXP | 68.144.175.174 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 2 hits: 09-21 to 09-21] |
none[none] | none:none |
none|none | none | none |