|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:17:00 | Win2K-f | 71.119.195.123 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] b5919931fe [Firefox:103 hits: 06-20 to 07-10] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:21:00 | Win2K-f | 71.119.195.123 (VERIZON.NET): VERIZON INTERNET SERVICES INC, UPLAND, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:24:00 | Win2K-f | 70.168.12.244 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 28 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] f685f8e027 [Firefox: 2 hits: 06-18 to 06-20] |
none[4] f685f8e027[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 01:10:00 | WinXP | 118.165.10.52 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 [Firefox: 4 hits: 07-09 to 07-09] |
none[none] | none:none |
none|none | none | none | |
| 01:12:00 | Win2K-f | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:21:00 | WinXP | 80.161.53.241 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:23 hits: 05-12 to 07-07] |
none[4] | none:none |
PolyEnE| | none | trace |
| 01:37:00 | Win2K-f | 4.158.57.118 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | US:www.symantec.com US:j0r.biz US:68.178.232.143:80 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 33 | d86f2db5f5 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:50:00 | WinXP | 143.238.131.135 (BIGPOND.NET.AU): TELSTRAINTERNET19, BRISBANE, QUEENSLAND, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.44.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:58:00 | Win2K-f | 96.15.137.133 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:199.93.44.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:12 hits: 06-25 to 07-10] 7f6e032fc0 [Firefox:12 hits: 06-25 to 07-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:58:00 | WinXP | 123.222.114.200 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 55d0af189c NEW |
none[none] | none:none |
none|none | none | none |
| 02:13:00 | Win2K-f | 172.192.253.162 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:51:00 | Win2K-f | 211.176.174.20 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:75 hits: 06-17 to 07-10] 8390780c27 [Firefox:15 hits: 06-18 to 07-10] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 03:12:00 | WinXP | 81.132.180.179 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SHEFFIELD, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:690 hits: 07-11 to 07-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:28:00 | Win2K-f | 172.192.253.162 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:32:00 | WinXP | 218.169.196.127 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 8178c88f5e [Firefox: 4 hits: 07-08 to 07-10] |
none[none] | none:none |
none|none | none | none |
| 03:32:00 | WinXP | 118.236.138.215 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox: 9 hits: 06-20 to 07-06] |
none[4] | none:none |
none|none | none | trace | |
| T:03:48:00 | WinXP | 195.240.67.71 (TISCALI.NL): TISCALI-DIALN, SPIJKENISSE, ZUID-HOLLAND, NL. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1406 hits: 12-31 to 07-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:06:00 | WinXP | 68.74.70.147 (-): PPPOX POOL - EMHRIL RBACK, CHICAGO, ILLINOIS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.44.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:12:00 | WinXP | 71.75.239.205 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:472 hits: 12-31 to 07-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:12:00 | WinXP | 116.59.141.48 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 31 | 4d244a981f [Firefox: 7 hits: 03-30 to 07-10] |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:04:23:00 | WinXP | 75.16.241.135 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] e07c29c4ae [Firefox:80 hits: 06-19 to 07-10] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 04:30:00 | WinXP | 172.137.217.119 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:204.160.126.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:38:00 | WinXP | 64.24.49.58 (POPSITE.NET): USLEC CORP, NEW YORK, NEW YORK, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | a92e3f8fc8 [Firefox:117 hits: 05-03 to 07-08] |
dfe02a1e52 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:04:40:00 | Win2K-f | 75.136.142.95 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 355 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | c87f230134 NEW |
none[none] | none:none |
none|none | none | none |
| 04:44:00 | Win2K-f | 222.239.170.121 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox: 5 hits: 06-21 to 07-07] 58c343a8d8 [Firefox: 5 hits: 06-21 to 07-07] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:05:11:00 | WinXP | 64.134.122.182 (WAYPORT.NET): WAYPORT INC, AUSTIN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.220.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox: 4 hits: 06-19 to 07-09] 79c01ec060 [Firefox: 8 hits: 06-18 to 07-09] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 05:37:00 | WinXP | 118.236.93.233 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox: 6 hits: 06-22 to 06-30] |
none[4] | none:none |
none|none | none | trace | |
| 05:42:00 | WinXP | 82.242.189.113 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | f7db239714 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:44:00 | WinXP | 202.125.49.126 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:142 hits: 09-28 to 07-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:51:00 | Win2K-f | 4.248.252.222 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FRONT ROYAL, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:52:00 | Win2K-f | 64.192.64.16 (WCG.NET): LIGHTCORE A CENTURYTELCOMPANY, NASHUA, NEW HAMPSHIRE, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.124:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
1b94c1cc14 [Firefox: 2 hits: 07-01 to 07-06] 62728ad1cd [Firefox: 2 hits: 07-01 to 07-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:22:00 | Win2K-f | 203.88.176.25 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
744e090fa5 NEW d7c12e2354 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:23:00 | WinXP | 75.143.206.245 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3178 hits: 12-31 to 07-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 07:04:00 | WinXP | 85.180.74.75 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:12:00 | Win2K-f | 199.227.202.37 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.46.124:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 32 of 33 |
a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] aa5bf057fc NEW |
a08f3b74a4 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:07:18:00 | WinXP | 66.217.140.199 (USLEC.NET): USLEC CORP, BEL AIR, MARYLAND, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3178 hits: 12-31 to 07-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:28:00 | WinXP | 203.95.58.88 (THN.NE.JP): TOKAI CO.LTD, JP. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:218 hits: 05-02 to 07-03] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 07:28:00 | WinXP | 203.95.58.88 (THN.NE.JP): TOKAI CO.LTD, JP. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:218 hits: 05-02 to 07-03] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 07:37:00 | WinXP | 74.218.60.182 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:207.123.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:57:00 | WinXP | 71.65.25.155 (RR.COM): ROAD RUNNER HOLDCO LLC, ANN ARBOR, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:142 hits: 09-28 to 07-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:02:00 | Win2K-f | 122.42.90.99 (-): POWERCOMM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
8a93930ea8 [Firefox: 5 hits: 07-06 to 07-10] bc94f66052 [Firefox: 5 hits: 07-06 to 07-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:04:00 | WinXP | 92.114.175.68 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | dae77d66f3 [Firefox: 2 hits: 07-08 to 07-08] |
none[none] | none:none |
none|none | none | none |
| T:08:07:00 | Win2K-f | 199.227.202.31 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] b5919931fe [Firefox:103 hits: 06-20 to 07-10] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:17:00 | WinXP | 201.74.46.184 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:472 hits: 12-31 to 07-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:27:00 | WinXP | 4.160.243.210 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SIMPSONVILLE, KENTUCKY, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.124:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
5097c25982 NEW a8b87527e7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:29:00 | WinXP | 213.22.166.85 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LAGOA, FARO, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:07:00 | WinXP | 190.189.97.247 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:302 hits: 05-03 to 06-26] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 09:10:00 | WinXP | 123.225.131.5 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:142 hits: 09-28 to 07-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:26:00 | Win2K-f | 4.182.249.122 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AUBURN, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 431 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | b2aa60cb38 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:27:00 | Win2K-f | 24.66.40.131 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 31 of 32 23 of 33 |
b5919931fe [Firefox:103 hits: 06-20 to 07-10] bca9e0fb5f [Firefox:10 hits: 06-18 to 07-10] e53a9ea82e [Firefox:10 hits: 06-18 to 07-10] |
b5919931fe [1] none [4] e53a9ea82e[1] |
ASM:Graph none:none ASM:Graph |
ASProtect| PolyEnE| Armadillo| |
lines=90 none lines=81 |
trace trace trace |
| 09:35:00 | Win2K-f | 68.126.0.21 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.126.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:03:00 | Win2K-f | 71.111.215.170 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 316 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
5913ead1a1 NEW ac99506c36 NEW |
5913ead1a1 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:10:21:00 | WinXP | 151.21.80.229 (21-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, ROME, LAZIO, IT. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 7e30e79ece NEW |
none[none] | none:none |
none|none | none | none |
| 10:46:00 | Win2K-f | 64.183.255.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ARLINGTON, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] b7082104e4 [Firefox:32 hits: 06-18 to 07-09] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 10:50:00 | WinXP | 118.236.54.87 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox: 6 hits: 06-22 to 06-30] |
none[4] | none:none |
none|none | none | trace | |
| T:10:54:00 | Win2K-f | 24.78.187.254 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:206.251.244.226:80 |
135 | pcap | raw alerts ruleset |
http irc 220 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 33 27 of 33 |
29ee96abb2 NEW 9d293b3f67 NEW a014934a72 [Firefox:68 hits: 06-28 to 07-09] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:11:10:00 | Win2K-f | 71.242.216.246 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ALLENTOWN, PENNSYLVANIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:27:00 | WinXP | 172.129.79.158 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox: 5 hits: 07-03 to 07-07] c73f738c30 [Firefox: 5 hits: 07-03 to 07-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:36:00 | WinXP | 118.83.135.141 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:40:00 | Win2K-f | 211.32.136.203 (BORA.NET): BORANET-NET, KR. (100Mbps) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.79.124:80 US:207.123.37.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
435321cd07 NEW dbea9045a1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:42:00 | WinXP | 68.88.97.126 (SWBELL.NET): SBC INTERNET SERVICES - SOUTHWEST, TEMPLE, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:472 hits: 12-31 to 07-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:11:52:00 | WinXP | 76.230.251.35 (-): PPPOX POOL - SE1.MILWWI, DALLAS, TEXAS, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 42 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1106 hits: 05-01 to 07-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:12:00:00 | Win2K-f | 203.174.219.77 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:01:00 | WinXP | 208.61.171.73 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. (DSL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:482 hits: 05-04 to 07-10] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:12:51:00 | WinXP | 203.95.58.88 (THN.NE.JP): TOKAI CO.LTD, JP. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 442989bf73 NEW |
none[none] | none:none |
none|none | none | none |
| 12:51:00 | WinXP | 4.225.209.230 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOVELAND, COLORADO, US. (DIAL) |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.145.225.22:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 | b22b2e6f96 [Firefox: 2 hits: 09-12 to 03-07] |
none[4] | none:none |
ASPack| | none | trace |
| T:12:55:00 | Win2K-f | 75.179.35.8 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] b7082104e4 [Firefox:32 hits: 06-18 to 07-09] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:12:56:00 | WinXP | 4.225.169.207 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:27:00 | WinXP | 151.65.190.84 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1406 hits: 12-31 to 07-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:13:39:00 | WinXP | 24.83.75.47 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 484fba02dc NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:44:00 | Win2K-f | 213.58.134.210 (-): TELECOMUNICACOES MARKETING E INFORMATICA LDA, LISBON, LISBOA, PT. (100Mbps) |
84.244.6.253:2345 66.29.31.3:80 | US:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 49 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 4 of 33 |
67e640fc3e NEW 795b90d8a8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:07:00 | Win2K-f | 216.27.117.230 (PRIMELINK1.NET): PRIMELINK INC, SOUTH BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 US:205.128.66.126:80 US:205.128.79.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
dc20b6fe59 [Firefox: 5 hits: 06-23 to 07-08] f97070ef2b [Firefox: 5 hits: 06-23 to 07-08] |
dc20b6fe59 [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=81 none |
trace trace |
| T:14:11:00 | WinXP | 71.75.239.205 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:472 hits: 12-31 to 07-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:15:00 | Win2K-f | 151.118.178.193 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:206.33.45.125:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 32 |
7f66e51c85 NEW 9d12fe9d3b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:35:00 | WinXP | 24.165.140.55 (RR.COM): ROAD RUNNER HOLDCO LLC, LORAIN, OHIO, US. |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad DE:ebookfinaltrash.ru GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1106 hits: 05-01 to 07-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:36:00 | WinXP | 85.242.194.46 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 996e7053d5 NEW |
none[none] | none:none |
none|none | none | none |
| 14:44:00 | Win2K-f | 70.79.229.235 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
81264c16dd NEW 9a91743938 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:14:49:00 | Win2K-f | 70.60.102.104 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
http 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 0 of 32 none |
2110c8100f [Firefox: 7 hits: 06-19 to 07-10] b5919931fe [Firefox:103 hits: 06-20 to 07-10] e818015a89 [Firefox: 6 hits: 06-23 to 07-10] |
none[4] b5919931fe[1] e818015a89[1] |
none:none ASM:Graph ASM:Graph |
PolyEnE| ASProtect| Armadillo| |
none lines=90 lines=81 |
trace trace trace |
| T:15:07:00 | WinXP | 24.93.108.178 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] e07c29c4ae [Firefox:80 hits: 06-19 to 07-10] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:08:00 | WinXP | 130.13.21.230 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 90719ceab6 NEW |
none[none] | none:none |
none|none | none | none |
| 15:08:00 | WinXP | 130.13.21.230 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 90719ceab6 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:13:00 | Win2K-f | 4.168.21.137 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CARSON, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 323 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 30 of 33 |
5126de19b5 NEW 85cf2bf2c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 15:14:00 | WinXP | 4.168.21.137 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CARSON, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 331 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 5126de19b5 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:52:00 | WinXP | 76.244.150.13 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:14:00 | WinXP | 77.101.110.95 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:19:00 | WinXP | 66.50.89.114 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3178 hits: 12-31 to 07-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:31:00 | WinXP | 200.226.98.4 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 83b1886c68 NEW |
none[none] | none:none |
none|none | none | none |
| 16:38:00 | Win2K-f | 71.105.111.38 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MONICA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.66.126:80 US:205.128.79.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:48:00 | WinXP | 79.64.237.210 (AS9105.COM): TELINCO, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:142 hits: 09-28 to 07-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:50:00 | Win2K-f | 4.159.38.72 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 170 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:00:00 | WinXP | 220.215.221.179 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:142 hits: 09-28 to 07-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:17:01:00 | WinXP | 172.192.38.131 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:03:00 | Win2K-f | 24.83.110.221 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:09:00 | WinXP | 199.227.202.42 (-): APPFORGE, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.220.124:80 US:198.78.220.126:80 US:205.128.79.124:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] a08f3b74a4 [Firefox:182 hits: 06-18 to 07-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:14:00 | WinXP | 83.97.248.215 (CM-83-97-244-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | dae77d66f3 [Firefox: 2 hits: 07-08 to 07-08] |
none[none] | none:none |
none|none | none | none |
| T:17:23:00 | Win2K-f | 125.181.214.20 (-): POWC-214, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:205.128.79.125:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 141 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
7bdeb65dd2 NEW e2b84629ac NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:26:00 | WinXP | 4.237.235.139 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com :wpad US:192.221.110.126:80 US:199.93.41.124:80 US:199.93.53.126:80 US:204.160.126.126:80 US:205.128.66.126:80 US:205.128.79.125:80 US:207.123.47.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:27:00 | WinXP | 71.2.176.27 (EMBARQHSD.NET): EMBARQ CORPORATION, CHANDLER, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.124:80 US:204.160.126.126:80 US:205.128.66.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:50:00 | WinXP | 211.32.136.203 (BORA.NET): BORANET-NET, KR. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:205.128.66.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:53:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:205.128.66.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:55:00 | Win2K-f | 24.87.99.200 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 32 of 33 |
0dc39cd3c1 [Firefox: 3 hits: 06-27 to 07-10] a120847406 [Firefox: 3 hits: 06-27 to 07-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:11:00 | Win2K-f | 24.82.35.70 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:53:00 | WinXP | 68.146.119.230 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 276 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 2d52cb56a4 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:54:00 | Win2K-f | 4.248.228.89 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:16:00 | Win2K-f | 70.72.166.250 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:17:00 | WinXP | 66.50.89.72 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3178 hits: 12-31 to 07-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:47:00 | Win2K-f | 67.62.51.160 (CAVTEL.NET): CAVALIER, BALTIMORE, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:04:00 | WinXP | 75.143.207.185 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3178 hits: 12-31 to 07-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:06:00 | WinXP | 219.250.173.252 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox: 7 hits: 06-20 to 07-10] 9276c8b36b [Firefox: 7 hits: 06-20 to 07-10] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:11:00 | WinXP | 67.208.227.186 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 965c2ca7e5 NEW |
none[none] | none:none |
none|none | none | none |
| 20:19:00 | Win2K-f | 151.118.173.75 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
72.10.172.218:7763 | CA:fuck.urpal43sourpalhuh.com CA:japan.youngpeyatech.info CA:italian.swiifatecihno.com :preek.oihduhdd.net CA:72.10.172.218:2938 CA:72.10.172.218:7382 CA:72.10.172.218:7763 |
135 | pcap | raw alerts ruleset |
other 619 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | bcced879a4 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:28:00 | Win2K-f | 124.241.145.8 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:33:00 | WinXP | 123.215.228.212 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:205.128.66.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 2 of 33 |
716df12201 NEW f4654210bb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:59:00 | Win2K-f | 4.166.39.229 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.254:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
6c080c6d8c NEW b5349a2a0f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:08:00 | Win2K-f | 4.159.29.11 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHAMPLIN, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:18:00 | WinXP | 116.59.50.9 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1406 hits: 12-31 to 07-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:21:20:00 | Win2K-f | 24.79.65.222 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
3516e33174 NEW d093c44748 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:21:00 | Win2K-f | 61.46.141.57 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 33 | b7c507fb59 NEW |
none[none] | none:none |
none|none | none | none | |
| 21:24:00 | WinXP | 202.213.181.144 (CCV.NE.JP): FUREAI CHANNEL INC, HIROSHIMA, HIROSHIMA, JP. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.126:80 US:207.123.44.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 33 |
2ba0c64b36 NEW 5481cd6a4f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:49:00 | Win2K-f | 122.148.203.90 (DODO.COM.AU): LAYER 2 BROADBAND CUSTOMER NETWORK, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 250 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | dd98c3c108 [Firefox: 5 hits: 06-24 to 07-06] |
dd98c3c108 [1] | ASM:Graph |
Armadillo| | lines=82 | trace | |
| 22:05:00 | Win2K-f | 65.208.34.21 (-): IDEARC MEDIA SERVICE WEST INC, DALLAS, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:07:00 | Win2K-f | 119.95.214.23 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.66.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 381 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 32 |
5601dcf617 NEW d0c1f3c8c7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:26:00 | Win2K-f | 116.127.124.27 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 0 of 32 |
5364c612fa NEW 53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] b5919931fe [Firefox:103 hits: 06-20 to 07-10] |
none[none] none [4] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none tElock| ASProtect| |
none none lines=90 |
none trace trace |
| 22:34:00 | WinXP | 24.109.151.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:50:00 | WinXP | 98.134.250.44 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.44.126:80 US:207.123.44.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:12 hits: 06-25 to 07-10] 7f6e032fc0 [Firefox:12 hits: 06-25 to 07-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:18:00 | WinXP | 122.55.147.69 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:33:00 | Win2K-f | 76.212.139.4 (SBCGLOBAL.NET): PPPOX POOL - BRAS6 SNDGCA, SAN DIEGO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.99.124:80 US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] 73f1082158 [Firefox:265 hits: 06-18 to 07-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:41:00 | WinXP | 97.89.7.34 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.37.125:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
7ba9e53288 NEW d2e7fab9c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:46:00 | Win2K-f | 68.145.78.90 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 268 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | d70e9267fe [Firefox: 3 hits: 06-24 to 07-08] |
none[4] | none:none |
PolyEnE| | none | trace |
| 23:47:00 | Win2K-f | 144.134.27.86 (TMNS.NET.AU): TELSTRAINTERNET27, GOLD COAST, QUEENSLAND, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:551 hits: 06-17 to 07-10] b7082104e4 [Firefox:32 hits: 06-18 to 07-09] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 23:57:00 | WinXP | 119.72.3.155 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1406 hits: 12-31 to 07-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |