|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:20:00 | WinXP | 196.20.165.245 (-): MAURITIUS TELECOM, MU. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:626 hits: 12-31 to 09-25] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:00:27:00 | Win2K-f | 99.224.84.91 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:27:00 | WinXP | 76.78.92.33 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a0d586735b NEW |
none[none] | none:none |
none|none | none | none |
| T:00:38:00 | WinXP | 116.122.115.18 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn US:windowsupdate.microsoft.com US:a-vxp08.net US:stat.a-vxp08.net :reservjob.cn :mulfika.cn US:192.221.110.126:80 US:207.123.42.126:80 US:207.123.46.126:80 EU:78.157.142.33:80 |
135 | pcap | raw alerts ruleset |
irc http 129 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 32 15 of 36 11 of 36 |
168aab35a3 [Firefox:139 hits: 06-17 to 09-25] 61426996c3 [Firefox:11 hits: 06-20 to 08-25] 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] b807e46328 NEW |
none[4] 61426996c3[1] none [none] none [none] |
none:none ASM:Graph none:none none:none |
tElock| Armadillo| none|none none|none |
none lines=82 none none |
trace trace none none |
| 00:40:00 | WinXP | 70.68.186.230 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 US:192.221.110.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
irc 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
e90f8b883b NEW f0e937602b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:54:00 | WinXP | 81.198.38.76 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 957c35e760 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:55:00 | Win2K-f | 60.250.247.204 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 57ce4acac2 [Firefox:204 hits: 06-17 to 09-25] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:59:00 | Win2K-f | 76.200.217.36 (SBCGLOBAL.NET): PPPOX POOL - BRAS2.OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:02:00 | WinXP | 4.233.194.210 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:427 hits: 12-31 to 09-25] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:03:00 | WinXP | 88.164.54.49 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | ace5580acf NEW |
none[none] | none:none |
none|none | none | none |
| 01:37:00 | WinXP | 63.252.225.172 (MCLEODUSA.NET): GREENE COUNTY CABLE, SPRINGFIELD, ILLINOIS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:135 hits: 01-01 to 09-24] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:01:47:00 | WinXP | 99.164.86.161 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:427 hits: 12-31 to 09-25] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:07:00 | WinXP | 92.41.199.130 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 75 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 31 | b82d9bcbfc [Firefox: 2 hits: 04-08 to 05-08] |
076c58f365 [0] | ASM:Graph |
ASPack| | lines=294 embedded dns |
trace |
| T:02:21:00 | WinXP | 4.233.194.210 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:427 hits: 12-31 to 09-25] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:29:00 | Win2K-f | 122.146.240.208 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 382 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 35 |
3db2c812c0 [Firefox: 5 hits: 07-23 to 09-25] 797fdec34a [Firefox: 5 hits: 07-23 to 09-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:31:00 | WinXP | 196.20.165.206 (-): MAURITIUS TELECOM, MU. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:626 hits: 12-31 to 09-25] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:02:33:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:43:00 | Win2K-f | 70.67.53.64 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
8c45399d60 NEW d9a7255548 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:58:00 | Win2K-f | 98.173.193.183 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:30:00 | Win2K-f | 114.200.97.193 (-): . |
63.173.172.98:6667 | :ludie28.googlepages.com | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 | aa268ff3a9 [Firefox: 2 hits: 08-15 to 08-15] |
none[none] | none:none |
none|none | none | none |
| T:03:32:00 | WinXP | 58.229.155.37 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 63.173.172.98:1863 | :ludie28.googlepages.com | 139 | pcap | raw alerts ruleset |
ftp irc http 44 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 16 of 36 |
99797e2b75 NEW f8b5b2500e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:32:00 | Win2K-f | 83.248.122.25 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, SE. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 [Firefox:12 hits: 08-01 to 08-16] |
none[none] | none:none |
none|none | none | none |
| T:03:32:00 | Win2K-f | 119.92.190.162 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 74c6c141d8 [Firefox: 8 hits: 08-02 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:03:34:00 | WinXP | 89.137.77.192 (-): ASTRAL BOTOSANI DOCSIS NETWORK, RO. |
63.173.172.98:6667 63.173.172.98:1863 | :ludie28.googlepages.com | 139 | pcap | raw alerts ruleset |
ftp irc http 140 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 16 of 36 |
ead12a6c02 NEW f8b5b2500e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:34:00 | Win2K-f | 212.186.105.22 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | 625144cee4 NEW |
none[none] | none:none |
none|none | none | none | |
| 03:36:00 | Win2K-f | 218.235.74.22 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 36 | 33b54507d5 NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:38:00 | Win2K-f | 118.217.72.33 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 36 | 2d146934f1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:38:00 | WinXP | 211.213.96.174 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 63.173.172.98:1863 | :ludie28.googlepages.com | 139 | pcap | raw alerts ruleset |
ftp irc http 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 16 of 36 |
3a322fdf34 NEW f8b5b2500e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:41:00 | Win2K-f | 83.215.102.196 (SALZBURG-ONLINE.AT): SALZBURG AG PROVIDES INTERNET-SERVICES, SALZBURG, SALZBURG, AT. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 | aa268ff3a9 [Firefox: 2 hits: 08-15 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 03:45:00 | WinXP | 117.58.138.55 (-): TAEGU CABLE NETWORK CO. LTD, TAEGU, KYONGSANG-BUKTO, KR. |
63.173.172.98:6668 115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn 115.126.2.110:80 115.126.2.121:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 229f2f5c39 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:46:00 | Win2K-f | 116.42.40.194 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:46:00 | WinXP | 62.178.234.63 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. (DSL) |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 413c9ac28b NEW |
none[none] | none:none |
none|none | none | none | |
| 03:47:00 | Win2K-f | 116.45.176.167 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 36 | 68f73cfded NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:51:00 | Win2K-f | 218.220.59.53 (ZAQ.NE.JP): J-COM KANSAI CO. LTD, JP. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 13b148296b NEW |
none[none] | none:none |
none|none | none | none | |
| 04:01:00 | Win2K-f | 219.241.165.62 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ee47ea9271 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:02:00 | WinXP | 116.120.9.18 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 5 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 04:04:00 | WinXP | 62.178.32.56 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. (DSL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d NEW |
none[none] | none:none |
none|none | none | none |
| 04:05:00 | Win2K-f | 82.242.48.25 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 44ea4d3c7c NEW |
none[none] | none:none |
none|none | none | none |
| T:04:06:00 | WinXP | 124.155.93.128 (ASAHI-NET.OR.JP): ASAHI-NET-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:12:00 | Win2K-f | 116.45.165.125 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 36 | 8cbac117f4 NEW |
none[none] | none:none |
none|none | none | none | |
| 04:16:00 | WinXP | 211.187.62.189 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | e5dab5f4ec NEW |
none[none] | none:none |
none|none | none | none |
| 04:18:00 | Win2K-f | 72.235.247.196 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 5 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| T:04:21:00 | Win2K-f | 211.108.220.13 (-): HANSOOP INFORMATION TECHNOLOGY, SEOUL, KYONGGI-DO, KR. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 8e96b2ccbc NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:24:00 | Win2K-f | 211.187.13.45 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 36 | 80554d2ea1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:27:00 | WinXP | 218.163.194.123 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, CHENNAI, TAMIL NADU, IN. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:107 hits: 07-13 to 08-15] |
none[none] | none:none |
none|none | none | none |
| T:04:28:00 | WinXP | 118.222.111.10 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b [Firefox: 8 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 04:29:00 | WinXP | 211.200.114.15 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 35 | a94f8fd4c2 [Firefox:14 hits: 07-29 to 08-01] |
none[none] | none:none |
none|none | none | none |
| 04:35:00 | Win2K-f | 186.12.53.205 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | afa3d78300 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:36:00 | Win2K-f | 221.138.15.70 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 413c9ac28b NEW |
none[none] | none:none |
none|none | none | none | |
| 04:41:00 | Win2K-f | 186.12.61.174 (-): . |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 | b1c539c4b2 NEW |
none[none] | none:none |
none|none | none | none |
| 04:43:00 | Win2K-f | 58.229.154.93 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d NEW |
none[none] | none:none |
none|none | none | none |
| 04:45:00 | WinXP | 115.88.206.130 (-): . |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ff73a432f6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:46:00 | WinXP | 211.25.135.158 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 04:50:00 | Win2K-f | 124.60.248.53 (-): POWERCOM, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 36 | cc1f8162cd NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:53:00 | Win2K-f | 88.177.164.37 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 04:54:00 | WinXP | 218.167.193.222 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ead12a6c02 NEW |
none[none] | none:none |
none|none | none | none |
| 04:55:00 | WinXP | 211.25.135.158 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 05:04:00 | Win2K-f | 211.209.213.19 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 44ea4d3c7c NEW |
none[none] | none:none |
none|none | none | none |
| T:05:04:00 | Win2K-f | 200.68.80.237 (IPLANNETWORKS.NET): NSS S.A, LA PLATA, BUENOS AIRES, AR. |
213.239.192.125:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:172 hits: 05-22 to 09-14] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:05:06:00 | WinXP | 211.200.113.198 (-): HANARO TELECOM INC, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 2cba94a10b NEW |
none[none] | none:none |
none|none | none | none |
| T:05:07:00 | WinXP | 116.45.17.75 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 05:12:00 | Win2K-f | 219.111.113.58 (DY.BBEXCITE.JP): INTERNET INITIATIVE JAPAN INC, JP. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:107 hits: 07-13 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 05:19:00 | Win2K-f | 218.53.19.204 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | a537edc44b NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:24:00 | Win2K-f | 119.149.12.152 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 36 | a01e1408c8 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:26:00 | WinXP | 82.77.120.251 (RDSNET.RO): SAGEATA ALBA S.R.L, CLUJ-NAPOCA, CLUJ, RO. (100Mbps) |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:28:00 | Win2K-f | 218.168.207.109 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:32:00 | WinXP | 118.216.144.159 (-): . |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | 33b54507d5 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:32:00 | Win2K-f | 62.178.32.56 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. (DSL) |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:32:00 | WinXP | 68.148.30.92 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:05:50:00 | Win2K-f | 58.229.154.93 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 36 | ea39b7911d NEW |
none[none] | none:none |
none|none | none | none | |
| 05:50:00 | Win2K-f | 86.212.84.120 (ABO.WANADOO.FR): IP2000-ADSL-BAS, MONTPELLIER, LANGUEDOC-ROUSSILLON, FR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 05:54:00 | Win2K-f | 61.216.6.2 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 35 | d142a982d2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:55:00 | WinXP | 211.209.213.19 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 44ea4d3c7c NEW |
none[none] | none:none |
none|none | none | none |
| T:05:58:00 | Win2K-f | 210.221.46.121 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn 115.126.2.110:80 US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
irc http 813 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 32 of 33 12 of 36 15 of 36 0 of 36 0 of 36 |
0a2b1894da [Firefox: 8 hits: 06-26 to 09-18] 414b95a784 [Firefox: 8 hits: 06-26 to 09-18] 8367165e84 NEW 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] cc2f861b1c NEW d9ac68f184 [Firefox: 2 hits: 09-25 to 09-25] |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| 05:59:00 | WinXP | 78.34.17.174 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:18 hits: 09-17 to 09-25] |
none[none] | none:none |
none|none | none | none |
| T:06:00:00 | WinXP | 78.34.17.174 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:18 hits: 09-17 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 06:07:00 | Win2K-f | 221.125.94.15 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | bc3ac9fa01 NEW |
none[none] | none:none |
none|none | none | none | |
| 06:14:00 | WinXP | 58.225.71.76 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | bcae797d03 [Firefox: 3 hits: 08-01 to 08-15] |
none[none] | none:none |
none|none | none | none |
| T:06:16:00 | WinXP | 89.246.201.62 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:403 hits: 01-05 to 09-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:22:00 | WinXP | 221.124.248.166 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:23:00 | Win2K-f | 89.178.253.53 (CORBINA.RU): BROADBAND CUSTOMERS IN MOSCOW, MOSCOW, MOSKVA, RU. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :kitroneza.cn :lolika.cn US:microsoft.com US:download.microsoft.com DE:rushprotect.net 115.126.2.110:80 |
445 | pcap | raw alerts ruleset |
irc http 184 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 36 11 of 35 |
91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] 9ad38c553d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:27:00 | Win2K-f | 85.150.4.57 (WANADOO.NL): ORANGE NEDERLAND BREEDBAND B.V, NL. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:31:00 | WinXP | 202.213.94.204 (HCTV.NE.JP): HIGASHIMATSUYAMA CABLE TELEVISION CO. LTD, JP. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru :wpad RU:195.200.213.54:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:538 hits: 01-01 to 09-25] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:33:00 | WinXP | 4.156.99.38 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOSTON, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:40:00 | Win2K-f | 88.165.39.66 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 89d021262b [Firefox: 8 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 06:45:00 | Win2K-f | 86.105.21.203 (SMANET.RO): JUMP NETWORK SERVICES S.R.L, PLOIESTI, PRAHOVA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:45:00 | Win2K-f | 118.220.146.34 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
irc 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:27 hits: 06-21 to 09-21] 58c343a8d8 [Firefox:30 hits: 06-21 to 09-21] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 06:52:00 | WinXP | 218.50.234.100 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 63.173.172.98:6668 | :proxima.ircgalaxy.pl :fleshkatera.cn 115.126.2.110:80 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 45af4e71da NEW |
none[none] | none:none |
none|none | none | none |
| T:06:54:00 | WinXP | 58.121.220.157 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 5 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 06:54:00 | WinXP | 118.216.235.20 (-): . |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 115.126.2.121:65520 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
http irc 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:139 hits: 06-17 to 09-25] 4c3df24b32 [Firefox:195 hits: 06-17 to 09-24] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:06:55:00 | WinXP | 69.134.140.31 (RR.COM): ROAD RUNNER HOLDCO LLC, FALLS CHURCH, VIRGINIA, US. |
n/a | US:www.genesisstore.sk US:www.topgameland.com US:209.205.196.2:83 US:209.205.196.3:83 |
135 | pcap | raw alerts ruleset |
other 678 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 555717ccc6 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:59:00 | Win2K-f | 83.215.113.84 (SALZBURG-ONLINE.AT): SALZBURG AG PROVIDES INTERNET-SERVICES, SALZBURG, SALZBURG, AT. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox: 4 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| T:07:02:00 | Win2K-f | 4.249.156.115 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ARLINGTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 103 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:23:00 | Win2K-f | 88.115.50.82 (ELISA-LAAJAKAISTA.FI): ELISA-ADSL, FI. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:31:00 | WinXP | 124.111.255.77 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 | fa0f1de77c NEW |
none[none] | none:none |
none|none | none | none |
| 07:32:00 | Win2K-f | 82.83.214.123 (ARCOR-IP.NET): ARCOR-DSL-NET, DE. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 34 | e362f1c062 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:42:00 | Win2K-f | 220.157.190.32 (ASAHI-NET.OR.JP): ASAHI NET INC, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
http 152 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 32 |
0115338c8b [Firefox: 3 hits: 09-12 to 09-15] 321f4fc27d [Firefox: 3 hits: 09-12 to 09-15] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 07:44:00 | WinXP | 221.125.214.60 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 9d5d0ad83c [Firefox: 2 hits: 08-15 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 07:54:00 | WinXP | 92.41.245.18 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http irc 58 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 85597d85c0 [Firefox: 3 hits: 04-29 to 09-20] |
f00f427b94 [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| T:07:56:00 | Win2K-f | 89.137.173.31 (-): ASTRAL CONSTANTA DOCSIS NETWORK, CONSTANTA, CONSTANTA, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 99797e2b75 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:07:00 | WinXP | 88.165.39.66 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b [Firefox: 8 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 08:08:00 | WinXP | 190.105.50.46 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:20 hits: 09-13 to 09-25] |
none[none] | none:none |
none|none | none | none |
| T:08:09:00 | WinXP | 190.105.50.46 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:20 hits: 09-13 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 08:13:00 | Win2K-f | 82.127.233.214 (ABO.WANADOO.FR): IP2000-ADSL-BAS, PARIS, ILE-DE-FRANCE, FR. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 36 | bcae797d03 [Firefox: 3 hits: 08-01 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| T:08:19:00 | WinXP | 88.233.156.162 (TTNET.NET.TR): TT ADSL-ALCATEL_GAY, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:28:00 | Win2K-f | 190.176.145.168 (-): . |
213.239.192.125:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:172 hits: 05-22 to 09-14] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 08:28:00 | Win2K-f | 24.85.112.106 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:30:00 | Win2K-f | 85.150.4.57 (WANADOO.NL): ORANGE NEDERLAND BREEDBAND B.V, NL. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:31:00 | Win2K-f | 89.137.173.31 (-): ASTRAL CONSTANTA DOCSIS NETWORK, CONSTANTA, CONSTANTA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 99797e2b75 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:59:00 | Win2K-f | 81.196.65.23 (RDSNET.RO): RCS-RDS-CABLELINK, TIMISOARA, TIMIS, RO. (100Mbps) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 33 | e286d9e6a9 [Firefox:23 hits: 07-13 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| 09:05:00 | WinXP | 79.34.10.45 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 13003605cc NEW |
none[none] | none:none |
none|none | none | none |
| 09:08:00 | Win2K-f | 88.186.44.130 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:107 hits: 07-13 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 09:14:00 | Win2K-f | 98.174.44.63 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:19:00 | Win2K-f | 58.121.220.157 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 5 hits: 07-29 to 08-15] |
none[none] | none:none |
none|none | none | none | |
| T:09:37:00 | Win2K-f | 68.148.101.122 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
0e394ae1b6 NEW 9365593ebb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:39:00 | WinXP | 91.141.105.209 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 97a3feb53f NEW |
none[none] | none:none |
none|none | none | none |
| 09:39:00 | WinXP | 91.141.105.209 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 97a3feb53f NEW |
none[none] | none:none |
none|none | none | none |
| T:09:41:00 | Win2K-f | 88.187.211.40 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 NEW |
none[none] | none:none |
none|none | none | none |
| 10:00:00 | WinXP | 170.51.40.249 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | DE:cookie.roltf.ws US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:172 hits: 05-22 to 09-14] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 10:01:00 | Win2K-f | 70.62.226.28 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
73f1082158 [Firefox:1227 hits: 06-18 to 09-25] 79c01ec060 [Firefox:42 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
73f1082158 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:10:08:00 | WinXP | 12.75.5.145 (ATT.NET): AT&T WORLDNET SERVICES, NORTH RICHLAND HILLS, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:135 hits: 01-01 to 09-24] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 10:30:00 | WinXP | 122.2.125.218 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 0f99623be1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:34:00 | WinXP | 122.2.125.218 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 0f99623be1 NEW |
none[none] | none:none |
none|none | none | none |
| 10:36:00 | WinXP | 213.122.40.13 (BTOPENWORLD.COM): BT-WEBPORT, LONDON, ENGLAND, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 78b6c997a3 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:48:00 | WinXP | 196.20.165.197 (-): MAURITIUS TELECOM, MU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:11:00 | WinXP | 130.13.59.15 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:427 hits: 12-31 to 09-25] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:18:00 | Win2K-f | 212.186.170.131 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:30:00 | WinXP | 118.219.69.101 (-): . |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 0be0473a78 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:31:00 | WinXP | 190.225.172.85 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | cc263a661d [Firefox: 4 hits: 09-24 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 11:37:00 | Win2K-f | 209.254.117.90 (MCLEODUSA.NET): MCLEODUSA INCORPORATED, AURORA, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:45:00 | WinXP | 76.194.20.42 (MIDWEST-CONNECTIONS.COM): MIDWEST CONNECTIONS, PAOLA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:48:00 | Win2K-f | 70.119.113.164 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 11:49:00 | WinXP | 85.84.69.35 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:20 hits: 09-13 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 11:58:00 | WinXP | 4.248.66.183 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BELLEVILLE, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:00:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 57ce4acac2 [Firefox:204 hits: 06-17 to 09-25] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:17:00 | WinXP | 63.245.41.225 (FLAMINGOTV.NET): FLAMINGO TELEVISION BONAIRE, AN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:27:00 | Win2K-f | 4.253.23.119 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VIDOR, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:15 hits: 06-19 to 09-25] 53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 12:29:00 | Win2K-f | 24.83.3.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:7382 115.126.2.121:65520 | :proxim.ircgalaxy.pl CA:italian.swiifatecihno.com |
135 | pcap | raw alerts ruleset |
irc 298 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | f99b3c8fe6 [Firefox: 2 hits: 07-13 to 07-14] |
none[none] | none:none |
none|none | none | none |
| 12:45:00 | Win2K-f | 63.17.176.116 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:63.17.176.116:707 |
135 | pcap | raw alerts ruleset |
other 9 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:48:00 | Win2K-f | 116.126.249.246 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
irc 114 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox:24 hits: 06-18 to 09-22] bcf66a38c8 [Firefox:11 hits: 07-30 to 09-22] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:12:51:00 | WinXP | 209.107.244.204 (IL.US): CUMBERLAND INTERNET, NEOGA, ILLINOIS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:626 hits: 12-31 to 09-25] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:00:00 | WinXP | 207.5.224.248 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:05:00 | WinXP | 85.241.233.222 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:116 hits: 01-03 to 09-25] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:11:00 | WinXP | 88.170.70.155 (PROXAD.NET): PROXAD / FREE SAS, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :kitroneza.cn US:windowsupdate.microsoft.com US:a-vxp08.net US:smtp.bizmail.yahoo.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http irc 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 36 15 of 36 33 of 35 |
2e688be9c5 NEW 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] fee215afd0 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:13:29:00 | WinXP | 93.81.121.10 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | US:smtp.bizmail.yahoo.com :kitroneza.cn US:208.73.210.32:80 92.241.164.155:80 |
445 | pcap | raw alerts ruleset |
irc http 105 lines |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 13:32:00 | WinXP | 41.214.165.56 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c20ca482e5 NEW |
none[none] | none:none |
none|none | none | none |
| 13:45:00 | WinXP | 66.98.55.26 (CODETEL.NET.DO): VERIZON DOMINICANA, LA ROMANA, LA ROMANA, DO. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 5ed9c4adac NEW |
none[none] | none:none |
none|none | none | none |
| T:14:16:00 | WinXP | 68.204.166.160 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:17:00 | WinXP | 70.48.36.169 (BELL.CA): SYMPATICO HSE, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:a-vxp08.net :kitroneza.cn :4507546.1.29ba000d9e19d166730e31743dceca9d.chr.santa-inbox.com |
135 | pcap | raw alerts ruleset |
http irc http http http 42 lines |
Argh : 0.3 profile |
none | summary tarball |
9 of 36 | 145c231cff NEW |
none[none] | none:none |
none|none | none | none |
| 14:48:00 | WinXP | 4.228.6.248 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:116 hits: 01-03 to 09-25] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:03:00 | Win2K-f | 58.224.199.235 (HANANET.NET): HANARO TELECOM INC, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
irc http 165 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:10 hits: 07-10 to 09-23] 740e3bffe0 [Firefox:11 hits: 06-25 to 09-23] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:06:00 | WinXP | 151.118.200.3 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e540a70fe0 [Firefox: 2 hits: 09-21 to 09-24] |
none[none] | none:none |
none|none | none | none |
| T:15:07:00 | Win2K-f | 98.175.106.144 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:07:00 | WinXP | 85.1.183.77 (BLUEWIN.CH): BLUEWIN IS AN INTERNET SERVICE PROVIDER IN CH, CH. |
n/a | :7194046.1.29ba000d9e19d166730e31743dceca9d.chr.santa-inbox.com US:smtp.bizmail.yahoo.com :kitroneza.cn US:windowsupdate.microsoft.com :7805015.1.29ba000d9e19d166730e31743dceca9d.chr.santa-inbox.com |
445 | pcap | raw alerts ruleset |
http irc 105 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:20:00 | WinXP | 118.237.37.12 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:23 hits: 06-20 to 09-22] |
none[4] | none:none |
none|none | none | trace | |
| 15:25:00 | Win2K-f | 68.126.125.225 (PACBELL.NET): PPPOX POOL - RBACK5 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DIAL) |
115.126.2.121:65520 | :proxima.ircgalaxy.pl :fleshkatera.cn 115.126.2.110:80 |
445 | pcap | raw alerts ruleset |
irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:31:00 | WinXP | 4.174.130.202 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:33:00 | Win2K-f | 68.148.94.41 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
0e394ae1b6 NEW 9365593ebb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 15:33:00 | WinXP | 70.184.249.24 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn US:204.160.104.126:80 US:205.128.73.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
irc 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:19 hits: 08-05 to 09-22] f685f8e027 [Firefox:23 hits: 06-18 to 09-22] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:15:35:00 | WinXP | 84.157.230.182 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, REUTLINGEN, BADEN-WURTTEMBERG, DE. |
n/a | :8862937.1.29ba000d9e19d166730e31743dceca9d.chr.santa-inbox.com :kitroneza.cn :9465031.1.29ba000d9e19d166730e31743dceca9d.chr.santa-inbox.com |
445 | pcap | raw alerts ruleset |
irc http 39 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:16:04:00 | WinXP | 221.12.196.253 (MEGAEGG.NE.JP): ENERGIA COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:403 hits: 01-05 to 09-25] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:05:00 | WinXP | 87.196.57.248 (NET.NOVIS.PT): NOVIS TELECOM S.A, LISBON, LISBOA, PT. (DSL) |
n/a | :kitroneza.cn US:smtp.bizmail.yahoo.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
irc http 107 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:11:00 | Win2K-f | 189.48.126.137 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
84.244.6.253:2345 | DE:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 36 | 104dbd4df3 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:22:00 | WinXP | 122.29.2.188 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:563 hits: 01-01 to 09-25] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:34:00 | Win2K-f | 96.15.241.221 (-): . |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:208.111.173.47:80 US:208.111.173.52:80 92.241.164.155:80 |
135 | pcap | raw alerts ruleset |
irc http 374 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 14 of 35 29 of 34 15 of 36 |
0bfa79dc19 [Firefox:13 hits: 07-22 to 09-24] 7f2d9843cc NEW 8dfb3b619f [Firefox:14 hits: 07-22 to 09-24] 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:17:48:00 | WinXP | 92.96.74.21 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:140 hits: 01-08 to 09-25] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 18:03:00 | WinXP | 96.15.221.252 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:12 hits: 09-14 to 09-22] |
none[none] | none:none |
none|none | none | none |
| T:18:23:00 | Win2K-f | 98.141.160.183 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:30:00 | WinXP | 70.233.92.217 (SBCGLOBAL.NET): PPPOX POOL - BRAS12.MRDNCT, CONNECTICUT, US. (DSL) |
n/a | US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 NEW |
none[none] | none:none |
none|none | none | none |
| 18:32:00 | WinXP | 71.111.191.229 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ALOHA, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:38:00 | Win2K-f | 70.245.154.45 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:55:00 | Win2K-f | 121.72.229.63 (TELSTRACLEAR.NET): TELSTRACLEAR CHRISTCHURCH CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:16 hits: 08-02 to 09-24] a51a50404e [Firefox:16 hits: 08-02 to 09-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:20:00 | WinXP | 4.230.222.221 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 19:39:00 | Win2K-f | 4.175.165.43 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PALMYRA, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:19:47:00 | WinXP | 4.89.128.68 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WOLCOTTVILLE, INDIANA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:116 hits: 01-03 to 09-25] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:03:00 | Win2K-f | 58.126.203.142 (HANANET.NET): HANARO TELECOM INC, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn 115.126.2.110:80 US:208.111.148.54:80 92.241.164.155:80 |
135 | pcap | raw alerts ruleset |
irc http 351 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 14 of 36 0 of 33 15 of 36 |
168aab35a3 [Firefox:139 hits: 06-17 to 09-25] 2b4036778a NEW 4c3df24b32 [Firefox:195 hits: 06-17 to 09-24] 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] |
none[4] none [none] 4c3df24b32[1] none [none] |
none:none none:none ASM:Graph none:none |
tElock| none|none Armadillo| none|none |
none none lines=81 none |
trace none trace none |
| 20:10:00 | WinXP | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:windowsupdate.microsoft.com US:a-vxp08.net :kitroneza.cn US:smtp.bizmail.yahoo.com US:208.111.148.254:80 US:208.73.210.32:80 |
135 | pcap | raw alerts ruleset |
http irc 1280 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 33 of 33 15 of 36 32 of 36 0 of 33 |
39e2d8fd17 NEW 53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] bea8cb1865 [Firefox:16 hits: 08-11 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[none] none [4] none [none] none [none] e07c29c4ae[1] |
none:none none:none none:none none:none ASM:Graph |
none|none tElock| none|none none|none FSG| |
none none none none lines=92 |
none trace none none trace |
| T:20:13:00 | WinXP | 41.234.189.112 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d6158c8ce9 [Firefox: 4 hits: 09-21 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:20:31:00 | WinXP | 61.31.33.163 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:40:00 | WinXP | 76.234.61.46 (SBCGLOBAL.NET): PPPOX POOL - BRAS16.LSAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.53.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:01:00 | WinXP | 186.9.13.151 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:07:00 | WinXP | 98.135.26.120 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 82573923df NEW |
none[none] | none:none |
none|none | none | none |
| 21:10:00 | Win2K-f | 211.74.49.69 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
214bc429e1 NEW 9ad48d782a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:16:00 | WinXP | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:23:00 | WinXP | 201.172.227.23 (INTERCABLE.NET): TELEVISION INTERNACIONAL S.A. DE C.V, MONTERREY, NUEVO LEON, MX. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 21:23:00 | WinXP | 201.172.227.23 (INTERCABLE.NET): TELEVISION INTERNACIONAL S.A. DE C.V, MONTERREY, NUEVO LEON, MX. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:37:00 | WinXP | 210.157.204.189 (SANNET.NE.JP): SANNET INTERNET SERVICE, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:116 hits: 01-03 to 09-25] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:41:00 | Win2K-f | 24.82.168.174 (SHELLCOMPUTERS.COM): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox: 3 hits: 09-12 to 09-15] 321f4fc27d [Firefox: 3 hits: 09-12 to 09-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:46:00 | Win2K-f | 124.61.38.40 (-): POWERCOM, KR. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn 115.126.2.110:80 US:208.111.148.115:80 92.241.164.155:80 |
135 | pcap | raw alerts ruleset |
irc http 302 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 10 of 35 34 of 36 15 of 36 |
09c3d90250 [Firefox: 9 hits: 08-04 to 09-25] 69d7b5f97b NEW 8f34a39070 [Firefox: 9 hits: 08-04 to 09-25] 91dc355a93 [Firefox: 7 hits: 09-25 to 09-25] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 22:00:00 | WinXP | 59.101.222.180 (CONNECT.NET.AU): AAPT LIMITED, RICHMOND, QUEENSLAND, AU. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f04fb66461 [Firefox: 3 hits: 09-12 to 09-22] |
none[none] | none:none |
none|none | none | none |
| 22:01:00 | Win2K-f | 121.63.146.8 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, WUHAN, HUBEI, CN. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :kitroneza.cn 115.126.2.110:80 92.241.164.155:80 |
445 | pcap | raw alerts ruleset |
irc http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:10:00 | WinXP | 208.83.218.91 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:19 hits: 08-09 to 09-24] |
none[none] | none:none |
none|none | none | none |
| 22:20:00 | WinXP | 117.99.51.43 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:626 hits: 12-31 to 09-25] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:30:00 | WinXP | 81.198.187.134 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b18331c6d8 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:33:00 | WinXP | 68.204.164.3 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1156 hits: 12-31 to 09-25] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:42:00 | Win2K-f | 4.253.19.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VIDOR, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:15 hits: 06-19 to 09-25] 53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 22:55:00 | WinXP | 211.135.122.254 (ZAQ.NE.JP): KEIHAN CABLE TELEVISION CO. LTD, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:15 hits: 06-19 to 09-25] 53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 23:01:00 | WinXP | 69.218.232.141 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:03:00 | Win2K-f | 208.126.28.103 (NETINS.NET): FARMERS MUTUAL TELEPHONE CO JESUP, JESUP, IOWA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] b5919931fe [Firefox:654 hits: 06-20 to 09-25] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:07:00 | WinXP | 4.243.27.2 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SALEM, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 174 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] e07c29c4ae [Firefox:500 hits: 06-19 to 09-25] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:23:24:00 | Win2K-f | 71.112.182.9 (VERIZON.NET): VERIZON INTERNET SERVICES INC, EVERETT, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] a08f3b74a4 [Firefox:872 hits: 06-18 to 09-25] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:27:00 | WinXP | 70.61.156.64 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2480 hits: 06-17 to 09-25] 73f1082158 [Firefox:1227 hits: 06-18 to 09-25] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |