|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:10:00 | WinXP | 70.69.77.203 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 NEW |
none[4] | none:none |
none|none | none | trace | |
| 00:30:00 | Win2K-f | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:204.2.133.57:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da NEW 79c01ec060 [Firefox: 2 hits: 06-18 to 06-19] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 00:31:00 | WinXP | 4.248.64.47 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BELLEVILLE, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.2.133.43:80 US:204.2.133.57:80 US:204.2.133.73:80 US:204.2.133.81:80 |
135 | pcap | raw alerts ruleset |
other 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:43:00 | Win2K-f | 68.179.126.170 (TERAGO.CA): TERAGO NETWORKS INC, EVANSVILLE, INDIANA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.53.126:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 29 of 33 |
196b916474 [Firefox: 2 hits: 06-18 to 06-21] d0ad254fd0 [Firefox: 2 hits: 06-18 to 06-21] |
none[4] d0ad254fd0[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:51:00 | Win2K-f | 202.87.42.232 (NETMAGICSOLUTIONS.COM): NETMAGIC DATACENTER, IN. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.124:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 28 of 32 |
133401d618 [Firefox: 2 hits: 06-18 to 06-21] 847d491ed3 NEW |
none[4] 847d491ed3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 01:12:00 | WinXP | 24.39.10.215 (RR.COM): ROAD RUNNER HOLDCO LLC, SACO, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:17:00 | WinXP | 92.40.214.55 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | ef846e4a0a [Firefox: 2 hits: 06-18 to 06-18] |
none[4] | none:none |
PolyEnE| | none | trace |
| 01:18:00 | WinXP | 92.40.214.55 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | ef846e4a0a [Firefox: 2 hits: 06-18 to 06-18] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:01:26:00 | WinXP | 93.156.48.67 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:35:00 | WinXP | 98.140.251.237 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:301 hits: 05-01 to 06-21] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:01:45:00 | Win2K-f | 67.116.236.69 (-): PPPOX POOL - RBACK1.PLTNCA 05182006-1157, VACAVILLE, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:17:00 | WinXP | 4.254.162.55 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] b7082104e4 [Firefox: 7 hits: 06-18 to 06-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 02:19:00 | Win2K-f | 61.37.147.200 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. (100Mbps) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 30 of 33 |
3690b64ca2 [Firefox: 2 hits: 06-18 to 06-21] a6fb77fd26 [Firefox: 2 hits: 06-18 to 06-21] |
none[4] a6fb77fd26[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=82 |
trace trace |
| 02:42:00 | WinXP | 218.239.93.139 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.46.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:16 hits: 06-17 to 06-21] 53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 03:04:00 | Win2K-f | 87.19.37.238 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, REGGIO EMILIA, EMILIA-ROMAGNA, IT. |
n/a | US:hail.dns2go.com **:scorti1.dns2go.com US:208.101.48.210:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1522 hits: 04-27 to 06-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 03:22:00 | WinXP | 65.68.44.78 (SWBELL.NET): AT&T INTERNET SERVICES, KANSAS CITY, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox: 3 hits: 06-18 to 06-20] c6bfb5f0f2 [Firefox: 3 hits: 06-18 to 06-20] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
|
| 03:33:00 | WinXP | 118.160.22.63 (-): . |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | f43bfbc3bd NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 03:37:00 | WinXP | 124.85.165.93 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:52 hits: 09-28 to 06-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:03:41:00 | Win2K-f | 210.108.201.141 (BORA.NET): BORANET-NET, ULSAN, KYONGSANG-NAMDO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:55:00 | WinXP | 80.102.20.87 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, SEVILLA, ANDALUCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:56:00 | WinXP | 80.102.20.87 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, SEVILLA, ANDALUCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
23 of 32 | 8bce56637a [Firefox: 2 hits: 12-07 to 06-18] |
none[4] | none:none |
PolyEnE| | none | trace |
| 04:10:00 | WinXP | 205.244.39.17 (SPRINTLINK.NET): SPRINT, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:20:00 | WinXP | 208.126.17.87 (NETINS.NET): JEFFERSON TELEPHONE COMPANY, RAVENWOOD, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:26:00 | WinXP | 119.95.83.211 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 393 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
7c58921d41 NEW d51a5e4f60 NEW |
none[4] d51a5e4f60[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
|
| 04:44:00 | WinXP | 65.167.40.215 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:44:00 | Win2K-f | 211.177.210.212 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:47:00 | WinXP | 118.167.190.172 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2679 hits: 12-31 to 06-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:04:55:00 | WinXP | 88.14.186.45 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MADRID, MADRID, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 91d75fc99e NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| 05:30:00 | Win2K-f | 68.144.71.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:207.123.37.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
0c1c51204b NEW 3d293743d8 NEW |
0c1c51204b [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 05:48:00 | WinXP | 219.249.5.243 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:199.93.46.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
1af57e7e9d NEW 6091c0e079 NEW |
1af57e7e9d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 05:55:00 | Win2K-f | 70.72.66.186 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 264 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 18f75b34a5 [Firefox: 2 hits: 06-18 to 06-20] |
none[4] | none:none |
PolyEnE| | none | trace | |
| 06:10:00 | WinXP | 4.154.202.161 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPRINGFIELD, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 US:207.123.46.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:14:00 | Win2K-f | 61.216.122.170 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:17:00 | WinXP | 122.2.145.201 (PLDT.NET): IPG, PH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:301 hits: 05-01 to 06-21] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 06:27:00 | Win2K-f | 4.162.231.215 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MCKINNEY, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:32:00 | WinXP | 204.95.48.173 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:00:00 | WinXP | 77.253.99.50 (COM.PL): NETIA, PL. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 4ab5b0788c [Firefox:12 hits: 04-21 to 06-21] |
272da55ef8 [0] | ASM:Graph |
PolyEnE| | lines=114 | trace |
| 07:13:00 | WinXP | 204.95.49.81 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:14:00 | WinXP | 86.137.143.115 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox: 9 hits: 06-12 to 06-21] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:07:21:00 | Win2K-f | 4.154.59.218 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KINGSTON, TENNESSEE, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:33:00 | Win2K-f | 122.53.13.101 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:192.221.110.126:80 US:192.221.99.124:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox: 6 hits: 06-18 to 06-21] 76ee340669 [Firefox: 6 hits: 06-18 to 06-21] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 07:51:00 | WinXP | 61.224.40.42 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2679 hits: 12-31 to 06-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:57:00 | WinXP | 4.154.45.171 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:10:00 | Win2K-f | 4.239.249.191 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITEHALL, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:14:00 | Win2K-f | 58.120.20.108 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:12.190.48.65:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:12 hits: 06-17 to 06-21] 4c3df24b32 [Firefox:16 hits: 06-17 to 06-21] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:16:00 | Win2K-f | 122.53.104.198 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:12.190.48.97:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox: 6 hits: 06-18 to 06-21] 76ee340669 [Firefox: 6 hits: 06-18 to 06-21] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:08:22:00 | Win2K-f | 65.86.192.131 (-): NOVICK EDELSTEIN ET AL, YONKERS, NEW YORK, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:58:00 | WinXP | 122.2.21.35 (PLDT.NET): JNEC7300I02_CONSUMER, CEBU, CEBU CITY, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:06:00 | Win2K-f | 122.3.203.104 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] |
none[4] | none:none |
tElock| | none | trace |
| 09:07:00 | WinXP | 24.215.85.5 (EASTLINK.CA): EASTLINK, HALIFAX, NOVA SCOTIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 55 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:09:11:00 | Win2K-f | 204.95.49.81 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:11:00 | Win2K-f | 122.120.98.189 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2679 hits: 12-31 to 06-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:09:31:00 | WinXP | 63.28.5.197 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:35:00 | WinXP | 98.140.250.243 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:51:00 | WinXP | 12.226.8.131 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, LEWES, DELAWARE, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:300 hits: 05-03 to 06-18] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:09:53:00 | WinXP | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:54:00 | WinXP | 12.226.8.131 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, LEWES, DELAWARE, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:300 hits: 05-03 to 06-18] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 09:56:00 | Win2K-f | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:08:00 | Win2K-f | 208.105.159.136 (-): . |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
dfbaaf577c NEW f504b4af20 NEW |
none[4] f504b4af20[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:10:12:00 | WinXP | 68.207.139.176 (RR.COM): ROAD RUNNER HOLDCO LLC, WETUMPKA, ALABAMA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 6 hits: 08-25 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace |
| 10:16:00 | WinXP | 70.168.9.104 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:199.93.41.126:80 US:199.93.46.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 28 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] f685f8e027 [Firefox: 2 hits: 06-18 to 06-20] |
none[4] f685f8e027[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 10:34:00 | WinXP | 123.214.59.225 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:207.123.37.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:16 hits: 06-17 to 06-21] 53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:10:43:00 | Win2K-f | 204.95.49.81 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:34:00 | WinXP | 24.83.204.143 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:47:00 | WinXP | 71.74.92.97 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | DE:siliconfireware.ru :www.proxy-socks.net :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1064 hits: 05-01 to 06-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:11:52:00 | WinXP | 12.219.242.45 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.66.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] b7082104e4 [Firefox: 7 hits: 06-18 to 06-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:11:54:00 | WinXP | 91.141.123.63 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:05:00 | Win2K-f | 71.128.100.211 (PACBELL.NET): PACFICC COAST CHEMICALS, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:06:00 | WinXP | 118.231.50.174 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:2679 hits: 12-31 to 06-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:12:12:00 | Win2K-f | 24.66.49.242 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox: 2 hits: 06-18 to 06-18] e53a9ea82e [Firefox: 2 hits: 06-18 to 06-18] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:12:16:00 | Win2K-f | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 12:16:00 | Win2K-f | 24.66.49.242 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox: 2 hits: 06-18 to 06-18] e53a9ea82e [Firefox: 2 hits: 06-18 to 06-18] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:12:21:00 | WinXP | 85.240.138.180 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, AMORA, SETUBAL, PT. (DSL) |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 3175bcfdb3 NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:12:35:00 | Win2K-f | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:40:00 | WinXP | 70.118.76.8 (RR.COM): ROAD RUNNER HOLDCO LLC, OVIEDO, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:54:00 | Win2K-f | 69.232.211.13 (PACBELL.NET): PPPOX POOLS - BRAS12 PLTN, OAKLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:05:00 | WinXP | 87.246.194.92 (LUBLIN.PL): UNIWERSYTET MARII CURIE SKLODOWSKIEJ, LUBLIN, LUBELSKIE, PL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1343 hits: 12-31 to 06-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:16:00 | WinXP | 66.27.105.120 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN DIEGO, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 042774a2b7 [Firefox:143 hits: 05-01 to 06-21] |
1c9a472cd7 [0] | ASM:Graph |
PolyEnE| | lines=71 embedded dns |
trace |
| 13:16:00 | Win2K-f | 66.124.172.157 (PACBELL.NET): LIFE CARE PHARMACY, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | DE:d.vncsvr.net DE:85.25.92.153:59928 |
135 | pcap | raw alerts ruleset |
other 234 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | ad8c469d62 [Firefox: 2 hits: 06-12 to 06-18] |
ad8c469d62 [1] | ASM:Graph |
StarForce| | lines=2 | trace |
| T:13:18:00 | WinXP | 193.250.19.92 (ABO.WANADOO.FR): WANADOO FRANCE, LYON, RHONE-ALPES, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 13:18:00 | WinXP | 4.228.192.63 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FARGO, NORTH DAKOTA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:21:00 | WinXP | 4.230.60.136 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:31:00 | Win2K-f | 61.219.201.219 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:32:00 | Win2K-f | 209.30.19.221 (PACBELL.NET): AT&T INTERNET SERVICES, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
23972eade5 NEW a67016efe8 NEW |
23972eade5 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:13:33:00 | Win2K-f | 64.22.193.79 (NETEXPRESS.NET): LIGHTEDGE SOLUTIONS, DAVENPORT, IOWA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 140 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:42:00 | WinXP | 41.214.186.79 (-): . |
n/a | UA:citi-bank.ru :parex-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 6 hits: 08-25 to 06-19] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:13:45:00 | Win2K-f | 218.237.185.57 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 31 of 33 |
8390780c27 [Firefox: 3 hits: 06-18 to 06-21] af88ae89f8 [Firefox: 2 hits: 06-18 to 06-20] |
none[4] af88ae89f8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:13:46:00 | WinXP | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:54:00 | WinXP | 62.94.48.17 (EA.EUTELIA.IT): EUTELIA, FIRENZE, TOSCANA, IT. |
n/a | EU:siliconfireware.ru :wpad RU:www.bbin.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:470 hits: 05-04 to 06-21] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 13:56:00 | WinXP | 189.48.234.13 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 1e5df7ba74 [Firefox:24 hits: 03-24 to 06-18] |
a5331b711f [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:05:00 | WinXP | 93.156.59.44 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 14:16:00 | WinXP | 67.1.39.205 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, ALBANY, OREGON, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:14:17:00 | WinXP | 67.1.39.205 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, ALBANY, OREGON, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:29:00 | WinXP | 205.244.39.17 (SPRINTLINK.NET): SPRINT, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:31:00 | Win2K-f | 75.79.5.20 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:12:00 | WinXP | 76.168.73.62 (RR.COM): ROAD RUNNER HOLDCO LLC, VENICE, CALIFORNIA, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:13:00 | WinXP | 219.105.121.140 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:653 hits: 07-11 to 06-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:14:00 | WinXP | 204.95.50.174 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:18:00 | WinXP | 219.116.47.39 (INFOWEB.NE.JP): INFOWEB-CIDR-BLK, TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:19:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:24:00 | WinXP | 170.51.223.112 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | DE:siliconfireware.ru RU:www.bbin.ru :wpad RU:www.vtb.ru CA:www.cwbank.com RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 33 | d31c3e91b4 NEW |
none[4] | none:none |
ASPack| | none | trace |
| 15:35:00 | WinXP | 75.177.169.33 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:35:00 | WinXP | 79.130.7.55 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:653 hits: 07-11 to 06-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:48:00 | WinXP | 195.139.239.138 (BLUECOM.NO): CATCH COMMUNCIATIONS ASA, OSLO, OSLO, NO. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
07fa3e2807 NEW 27607f00d2 NEW |
07fa3e2807 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:16:01:00 | Win2K-f | 66.54.123.68 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:01:00 | WinXP | 66.54.123.68 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:31:00 | Win2K-f | 216.8.192.89 (-): . |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 266 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 855987276d NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:17:07:00 | Win2K-f | 116.123.158.10 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.99.124:80 US:199.93.46.125:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd NEW e5e0dbde57 NEW |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:17:08:00 | Win2K-f | 64.181.117.26 (AUSTINCPAAC.COM): FIBERNET OF WEST VIRGINIA, CHARLESTON, WEST VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:192.221.99.124:80 US:199.93.46.125:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 30 of 33 |
230cf1bf53 NEW b5ec5822e0 NEW |
none[4] none [4] |
none:none none:none |
PolyEnE| tElock| |
none none |
trace trace |
| 17:28:00 | WinXP | 75.81.238.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CLEVELAND, OHIO, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:55:00 | WinXP | 24.78.176.64 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:01:00 | WinXP | 81.41.52.151 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, ES. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:301 hits: 05-01 to 06-21] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 18:12:00 | Win2K-f | 63.28.19.234 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com 96.6.122.74:80 96.6.122.9:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:15:00 | Win2K-f | 67.87.172.156 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BRIDGEPORT, CONNECTICUT, US. |
n/a | US:microsoft.com US:download.microsoft.com 96.6.122.9:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:23:00 | WinXP | 66.2.44.67 (ALGX.NET): XO COMMUNICATIONS, JERSEY CITY, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:31:00 | WinXP | 64.109.36.36 (AMERITECH.NET): DIAL POOL TNT1-APTNWI, DE PERE, WISCONSIN, US. (DIAL) |
n/a | DE:siliconfireware.ru EU:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1064 hits: 05-01 to 06-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:34:00 | Win2K-f | 122.110.7.227 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1021 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 33 | 68c00da3c5 NEW |
none[3] | none:none |
PolyEnE| | none | trace | |
| 18:34:00 | WinXP | 75.14.253.81 (-): REFAT M HIJAZ DBA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.41.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:45:00 | WinXP | 66.220.226.19 (VERMONTEL.NET): VERMONT TELEPHONE COMPANY INC, CHESTER, VERMONT, US. |
n/a | :www.google.com.au US:www.yahoo.com :jbeegvia.ru US:www.worldbank.org NL:www.viruslist.com :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru DE:kavkaz.co.uk :kfwfceki.ru :nhuwxyuw.ru RU:alfabank.ru :udluzuq.ru :fiazpvnne.ru :ppxuub.ru :lvwgdhwlj.ru :raxeqajrf.ru EU:crutop.nu GB:www.candidateverifier.com :dhagunb.ru :zpwmktjv.ru :aadqca.ru :ygnrqi.ru RU:www.cbr.ru :ycgnbe.ru :yeqsuem.ru :aiizkak.ru :dupeloz.ru US:crime-research.ru :dodgscv.ru RU:www.mmbank.ru :lodrzze.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:11 hits: 09-29 to 06-21] |
none[3] | none:none |
tElock| | none | trace |
| 18:45:00 | Win2K-f | 61.222.2.212 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:48:00 | WinXP | 66.220.226.19 (VERMONTEL.NET): VERMONT TELEPHONE COMPANY INC, CHESTER, VERMONT, US. |
n/a | US:www.yahoo.com :jbeegvia.ru DE:kavkaz.co.uk US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru SE:www.kavkazcenter.com :okskyyn.ru :pnlkria.ru :kargai.ru :kfwfceki.ru :nhuwxyuw.ru :udluzuq.ru RU:alfabank.ru :fiazpvnne.ru :ppxuub.ru :lvwgdhwlj.ru EU:crutop.nu :raxeqajrf.ru GB:www.candidateverifier.com :dhagunb.ru :zpwmktjv.ru :aadqca.ru US:crime-research.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:11 hits: 09-29 to 06-21] |
none[3] | none:none |
tElock| | none | trace |
| T:18:51:00 | Win2K-f | 122.147.96.215 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 18:52:00 | Win2K-f | 71.111.218.218 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.126.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 317 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
5913ead1a1 NEW ac99506c36 NEW |
5913ead1a1 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 18:58:00 | WinXP | 67.150.254.182 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, SAN JOSE, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:02:00 | WinXP | 69.218.233.123 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:205.128.79.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 NEW 53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] |
4ca3056804 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:19:03:00 | WinXP | 64.85.211.235 (SOCKET.NET): SOCKET INTERNET SERVICES CORPORATION, BRISTOW, OKLAHOMA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:719 hits: 05-01 to 06-21] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:19:10:00 | Win2K-f | 61.218.193.242 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.124:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:10:00 | WinXP | 124.18.107.121 (R-124-18-16-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | EU:siliconfireware.ru RU:www.bbin.ru :wpad DE:ebookfinaltrash.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1064 hits: 05-01 to 06-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:16:00 | WinXP | 71.12.20.234 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.46.126:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 32 |
24acffe86e NEW a0d83e7d41 NEW |
24acffe86e [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 19:21:00 | Win2K-f | 71.138.36.227 (PACBELL.NET): PPPOX POOL - RBACK16.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:24:00 | WinXP | 76.208.191.80 (SBCGLOBAL.NET): ADSL POOL - BRAS5 LSANCA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:33:00 | Win2K-f | 204.95.48.173 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:39:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:40:00 | Win2K-f | 218.45.122.218 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, URAWA, SAITAMA, JP. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
02cab5983b NEW 76e6f343c5 NEW |
none[4] 76e6f343c5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 19:48:00 | Win2K-f | 61.255.107.99 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.125:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
05ea62612c [Firefox: 3 hits: 06-18 to 06-21] 3a0107380f [Firefox: 3 hits: 06-18 to 06-21] |
none[4] 3a0107380f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 19:50:00 | WinXP | 118.104.234.27 (-): . |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1064 hits: 05-01 to 06-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:51:00 | WinXP | 4.252.128.91 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | DE:siliconfireware.ru :wpad DE:ebookfinaltrash.ru DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:470 hits: 05-04 to 06-21] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:19:52:00 | WinXP | 75.49.225.67 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:02:00 | Win2K-f | 203.121.180.155 (-): COLO-CATIONPI-2-203121180128, TH. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.41.124:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:10:00 | Win2K-f | 65.68.19.187 (-): POPLAR PCS, JONESBORO, ARKANSAS, US. (100Mbps) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.124:80 US:207.123.37.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox: 3 hits: 06-18 to 06-20] c6bfb5f0f2 [Firefox: 3 hits: 06-18 to 06-20] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:20:11:00 | WinXP | 71.160.88.9 (VERIZON.NET): VERIZON INTERNET SERVICES INC, HESPERIA, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:207.123.37.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 33 32 of 33 |
851db880e7 NEW f15bd2d1cf NEW |
851db880e7 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| 20:23:00 | WinXP | 211.2.95.224 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:653 hits: 07-11 to 06-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:20:27:00 | WinXP | 218.239.82.124 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:16 hits: 06-17 to 06-21] 53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 20:40:00 | WinXP | 70.69.88.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:199.93.44.126:80 US:199.93.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:40:00 | Win2K-f | 207.5.207.93 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:199.93.44.126:80 US:199.93.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 73f1082158 [Firefox:43 hits: 06-18 to 06-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:01:00 | WinXP | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 NEW f0e73c39a8 NEW |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:21:09:00 | WinXP | 4.226.105.23 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:719 hits: 05-01 to 06-21] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace | |
| T:21:30:00 | Win2K-f | 61.221.133.226 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] 57ce4acac2 [Firefox:17 hits: 06-17 to 06-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:50:00 | WinXP | 12.78.8.4 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 06-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:57:00 | WinXP | 116.123.1.178 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.44.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b NEW 857b781ca9 NEW |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:22:06:00 | Win2K-f | 85.181.61.21 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:40:00 | WinXP | 24.67.50.84 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:40:00 | WinXP | 24.67.50.84 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3077 hits: 12-31 to 06-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:42:00 | Win2K-f | 221.139.177.101 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.46.125:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
2e04b06527 NEW 5c054291de NEW |
none[4] 5c054291de[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 22:44:00 | Win2K-f | 204.95.49.172 (NEP.NET): THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY, FOREST CITY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:47:00 | WinXP | 118.21.107.45 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:52 hits: 09-28 to 06-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:56:00 | Win2K-f | 61.217.145.34 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:03:00 | WinXP | 12.219.190.95 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, EVELETH, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.46.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 62 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] b7082104e4 [Firefox: 7 hits: 06-18 to 06-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 23:15:00 | WinXP | 87.119.246.17 (SARANSK.RU): BRANCH IN MORDOVIAN REPUBLIC OJSC VOLGATELECOM, RU. |
n/a | US:hail.dns2go.com **:scorti1.dns2go.com US:208.101.48.210:7000 US:63.149.6.91:7000 US:65.117.119.162:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 32 | 5f78ff609d [Firefox:1522 hits: 04-27 to 06-18] |
d4a06bdc3a [0] | ASM:Graph |
none|none | lines=4 | trace |
| 23:15:00 | WinXP | 75.46.215.62 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.LTRKAR, LITTLE ROCK, ARKANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:72.247.30.81:80 US:72.247.30.83:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:21:00 | WinXP | 61.94.166.58 (-): TLKM_D4_DIALUP_SLO-G, BANDUNG, JAWA BARAT (DJAWA BARAT), ID. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | a99f17e623 [Firefox:22 hits: 03-28 to 06-18] |
87dfec58db [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| 23:27:00 | Win2K-f | 66.27.179.243 (RR.COM): ROAD RUNNER HOLDCO LLC, CANOGA PARK, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:12.190.48.65:80 US:12.190.48.97:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] a08f3b74a4 [Firefox:41 hits: 06-18 to 06-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:29:00 | Win2K-f | 83.103.200.161 (ASTRAL.RO): ASTRAL-BR-AIPA, RO. |
n/a | :scorti1.dns2go.com US:208.101.48.210:7000 US:63.149.6.91:7000 US:65.117.119.162:7000 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | dc8e1c63cd [Firefox:105 hits: 12-27 to 06-18] |
e0eb8646ee [0] | ASM:Graph |
none|none | lines=601 embedded dns |
trace |
| 23:37:00 | Win2K-f | 75.16.84.72 (SBCGLOBAL.NET): RBACK34C.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:12.190.48.65:80 US:12.190.48.97:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:123 hits: 06-17 to 06-21] b7082104e4 [Firefox: 7 hits: 06-18 to 06-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 23:54:00 | WinXP | 12.72.39.29 (ATT.NET): AT&T WORLDNET SERVICES, RANCHO CUCAMONGA, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |