|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:25:00 | WinXP | 96.14.242.25 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:205.128.66.124:80 US:205.128.79.124:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 NEW 8dfb3b619f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:28:00 | WinXP | 70.67.185.201 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:205.128.66.124:80 US:205.128.79.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
irc http 345 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 27 of 34 |
072e815c14 NEW dc43e5460c NEW e86bf3a079 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:00:31:00 | Win2K-f | 91.62.199.91 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 9015d9e9fc NEW |
none[none] | none:none |
none|none | none | none | |
| 00:51:00 | Win2K-f | 122.110.133.63 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3056 hits: 12-31 to 07-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 01:03:00 | Win2K-f | 97.94.109.231 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:19:00 | Win2K-f | 122.54.253.165 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:21:00 | WinXP | 118.166.226.169 (-): . |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3056 hits: 12-31 to 07-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 01:22:00 | Win2K-f | 210.3.135.36 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 27 of 32 |
79a515c871 [Firefox: 2 hits: 06-19 to 07-10] b71c74380c [Firefox: 2 hits: 06-19 to 07-10] |
none[4] none [4] |
none:none none:none |
PolyEnE| PolyEnE| |
none none |
trace trace |
| 01:43:00 | WinXP | 121.125.168.54 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 34 |
168aab35a3 [Firefox:61 hits: 06-17 to 07-21] 1a4889b67e NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:01:55:00 | Win2K-f | 61.231.162.21 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3056 hits: 12-31 to 07-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| T:02:07:00 | Win2K-f | 24.85.84.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:26:00 | WinXP | 219.164.16.206 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:30:00 | WinXP | 61.215.169.157 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:205.128.66.124:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 57ce4acac2 [Firefox:68 hits: 06-17 to 07-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:42:00 | WinXP | 218.165.187.142 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:45:00 | WinXP | 122.110.130.167 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:04:00 | WinXP | 122.147.99.13 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 257 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
dd98c3c108 [Firefox: 7 hits: 06-24 to 07-18] e98746deb1 [Firefox: 6 hits: 06-24 to 07-18] |
dd98c3c108 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:03:08:00 | WinXP | 220.219.36.101 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:494 hits: 12-31 to 07-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:22:00 | WinXP | 220.139.0.197 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:03:43:00 | WinXP | 118.236.185.21 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:12 hits: 06-22 to 07-19] |
none[4] | none:none |
none|none | none | trace | |
| T:03:58:00 | WinXP | 79.132.202.149 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sprw.information.com US:spi.domainsponsor.com UA:vit.ln.ua :baner.vit GB:new.egg.com :wpad UA:195.189.16.10:80 |
445 | pcap | raw alerts ruleset |
http http http http 64 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7dd1fe2970 [Firefox:20 hits: 09-07 to 06-03] |
dcc673c815 [0] | ASM:Graph |
ASPack| | lines=374 embedded dns |
trace |
| T:03:59:00 | Win2K-f | 77.101.110.95 (BLUEYONDER.CO.UK): CABLEINET, UK. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:08:00 | WinXP | 59.117.161.176 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:08:00 | WinXP | 71.111.216.60 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.66.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:24:00 | Win2K-f | 58.120.185.157 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.79.126:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 31 of 34 |
82f7eab9f2 NEW 8fa1660e44 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:38:00 | WinXP | 117.99.42.245 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1434 hits: 12-31 to 07-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:48:00 | WinXP | 85.241.44.147 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, LISBON, LISBOA, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | 4047d40cb1 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:06:00 | Win2K-f | 91.195.99.145 (IPAPER.COM): BLOCK FOR PI ASSIGNMENTS, UK. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:09:00 | WinXP | 122.23.71.54 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:40:00 | Win2K-f | 209.226.123.101 (BELL.CA): BELL CANADA, OTTAWA, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:45:00 | WinXP | 69.216.140.148 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] b7082104e4 [Firefox:54 hits: 06-18 to 07-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 05:49:00 | Win2K-f | 70.70.221.54 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:06:00 | WinXP | 122.52.28.4 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.219:80 US:208.111.148.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:21 hits: 06-18 to 07-19] 76ee340669 [Firefox:21 hits: 06-18 to 07-19] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 06:12:00 | WinXP | 41.214.173.81 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 8178c88f5e [Firefox:12 hits: 07-08 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:06:12:00 | WinXP | 41.214.173.81 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 8178c88f5e [Firefox:12 hits: 07-08 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:06:19:00 | WinXP | 41.214.128.77 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:98 hits: 05-03 to 07-20] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:06:22:00 | Win2K-f | 65.255.131.76 (OFMLIVE.NET): OREGON FARMERS MUTUAL TELEPHONE COMPANY, OREGON, MISSOURI, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:29:00 | WinXP | 59.117.161.176 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:29:00 | WinXP | 76.241.137.88 (-): SE4.BCVLOH PPPOX, RICHARDSON, TEXAS, US. |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:new.egg.com GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.145.225.22:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:33 hits: 05-17 to 07-21] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:31:00 | WinXP | 219.240.156.108 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 HK:210.245.211.11:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox: 7 hits: 06-21 to 07-12] 58c343a8d8 [Firefox: 8 hits: 06-21 to 07-15] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:06:46:00 | WinXP | 124.115.15.45 (163DATA.COM.CN): CHINANET SHANXI(SN) PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:205.128.79.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:50:00 | WinXP | 67.36.8.235 (AMERITECH.NET): DIAL POOL - TNT1BCVLOH - AMERITECH, CLEVELAND, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:494 hits: 12-31 to 07-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:51:00 | WinXP | 86.134.31.27 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | cce9566ceb [Firefox:32 hits: 06-12 to 07-21] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:07:25:00 | Win2K-f | 88.104.27.218 (AS9105.COM): TISCALI UK LTD, LIVERPOOL, ENGLAND, UK. (DSL) |
n/a | CZ:217.170.244.2:443 CZ:82.114.64.251:443 |
445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 28 | 7fdfe363d5 [Firefox:3056 hits: 12-31 to 07-21] |
10862ea8b8 [0] | ASM:Graph |
FSG| | lines=1933 embedded dns |
trace |
| 07:26:00 | WinXP | 92.114.246.113 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | fd486d7c16 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:43:00 | WinXP | 86.154.239.247 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:728 hits: 07-11 to 07-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:58:00 | WinXP | 66.28.88.12 (ARTISANCOMMUNICATIONS.NET): COGENT COMMUNICATIONS, WASHINGTON, DISTRICT OF COLUMBIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.46.125:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:03:00 | WinXP | 4.228.9.101 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LONGMONT, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.46.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:05:00 | Win2K-f | 71.112.119.68 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BOTHELL, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.46.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:17:00 | Win2K-f | 24.92.22.204 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.46.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:19:00 | WinXP | 118.240.80.237 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:40:00 | WinXP | 118.1.159.213 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:41:00 | WinXP | 24.80.182.43 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.126.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:49:00 | Win2K-f | 208.82.42.92 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] b7082104e4 [Firefox:54 hits: 06-18 to 07-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:09:11:00 | WinXP | 87.57.149.129 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | 73878506d4 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:35:00 | Win2K-f | 206.171.178.219 (LEMOORENET.COM): LEMOORE NET, LEMOORE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.126.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:50:00 | Win2K-f | 24.67.21.94 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.44.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:51:00 | WinXP | 4.88.14.233 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND HILL, GEORGIA, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:sprw.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 34 29 of 29 |
34f63d4b80 NEW df17a625ee [Firefox:492 hits: 05-04 to 07-21] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| 09:55:00 | WinXP | 92.114.220.117 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox:10 hits: 07-06 to 07-21] |
none[none] | none:none |
none|none | none | none |
| 10:05:00 | Win2K-f | 96.14.21.217 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.152:80 US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 NEW 8dfb3b619f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:28:00 | Win2K-f | 217.34.42.213 (BTOPENWORLD.COM): SINGLE STATIC IP ADDRESSES, FARNHAM, ENGLAND, UK. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:53:00 | WinXP | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.124:80 US:199.93.53.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 57ce4acac2 [Firefox:68 hits: 06-17 to 07-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:59:00 | Win2K-f | 130.13.203.90 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.108:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 32 |
7f66e51c85 [Firefox: 2 hits: 07-11 to 07-12] 9d12fe9d3b [Firefox: 2 hits: 07-11 to 07-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:15:00 | Win2K-f | 63.245.190.140 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, MCPHERSON, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 12:29:00 | Win2K-f | 61.255.159.153 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 US:208.111.173.52:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox: 2 hits: 06-29 to 07-04] c7d6018f97 [Firefox: 2 hits: 06-29 to 07-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:49:00 | WinXP | 92.40.107.144 (IKBCC.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1434 hits: 12-31 to 07-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:51:00 | Win2K-f | 24.109.95.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 295 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | a16ffae822 NEW |
none[none] | none:none |
none|none | none | none |
| 12:53:00 | WinXP | 92.40.181.170 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 85597d85c0 NEW |
f00f427b94 [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| T:12:55:00 | WinXP | 92.114.247.186 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 34 | 4fcb64de75 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:58:00 | Win2K-f | 144.134.155.242 (TMNS.NET.AU): TELSTRAINTERNET27, MELBOURNE, VICTORIA, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:01:00 | Win2K-f | 4.136.207.186 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARTANBURG, SOUTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 327 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 0965a28cb9 NEW |
none[none] | none:none |
none|none | none | none | |
| 13:18:00 | Win2K-f | 70.254.10.155 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:26:00 | WinXP | 70.183.165.30 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:47:00 | Win2K-f | 98.140.229.237 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:03:00 | WinXP | 76.10.28.74 (PAVLOVMEDIA.COM): VILLAGE AT CHANDLER CROSSING, EAST LANSING, MICHIGAN, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:30:00 | WinXP | 79.12.121.71 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 14:34:00 | Win2K-f | 119.95.128.98 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 8020eb2d22 [Firefox: 2 hits: 07-13 to 07-20] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:14:46:00 | WinXP | 92.114.158.209 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 366148f7b7 [Firefox:10 hits: 07-06 to 07-21] |
none[none] | none:none |
none|none | none | none |
| T:14:54:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:56:00 | Win2K-f | 75.51.220.197 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:57:00 | WinXP | 216.81.98.47 (ACCESSATC.NET): ALMA TELEPHONE, ALMA, GEORGIA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:58:00 | WinXP | 216.81.98.47 (ACCESSATC.NET): ALMA TELEPHONE, ALMA, GEORGIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 29 | fad259ec3c NEW |
none[none] | none:none |
none|none | none | none |
| 15:00:00 | Win2K-f | 69.123.135.76 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), SPRING VALLEY, NEW YORK, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 34 30 of 34 |
2c9c851322 NEW bd37db5990 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 15:00:00 | WinXP | 87.110.58.199 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 34 | 9f5e2a4b42 NEW |
none[none] | none:none |
none|none | none | none |
| 15:03:00 | WinXP | 12.208.71.66 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, STREAMWOOD, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:14:00 | WinXP | 216.203.250.62 (ALGX.NET): XO COMMUNICATIONS, SCOTTSDALE, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.220.126:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:18:00 | WinXP | 200.199.46.121 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox: 8 hits: 07-12 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:15:24:00 | WinXP | 24.178.114.227 (CHARTER.COM): CHARTER COMMUNICATIONS, CARROLLTON, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:25:00 | WinXP | 71.101.177.217 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PALMETTO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.41.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:46:00 | Win2K-f | 66.168.176.15 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] b5919931fe [Firefox:142 hits: 06-20 to 07-21] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:47:00 | WinXP | 92.40.179.229 (IKBCC.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sprw.information.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 34 29 of 29 |
98ab4791c1 NEW a12cab51ef [Firefox:1129 hits: 05-01 to 07-21] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| 15:48:00 | Win2K-f | 4.137.8.154 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 34 33 of 34 |
818af0357a NEW 9ae3ac675f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:53:00 | WinXP | 69.221.78.227 (AMERITECH.NET): PPPOX POOL - RBACK8 SFLDMI, ALLEN PARK, MICHIGAN, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:494 hits: 12-31 to 07-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:07:00 | WinXP | 210.175.200.142 (ICN-NET.NE.JP): ICHINOSEKI CABLE NETWORK CO..LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:728 hits: 07-11 to 07-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:16:23:00 | WinXP | 218.169.181.171 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:25:00 | Win2K-f | 72.175.161.249 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:29:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 93dabb5a19 NEW |
none[none] | none:none |
none|none | none | none |
| 16:44:00 | WinXP | 82.154.203.119 (DSL.TELEPAC.PT): TELEPAC - COMUNICACOES INTERACTIVAS SA, FARO, FARO, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:45:00 | WinXP | 82.154.203.119 (DSL.TELEPAC.PT): TELEPAC - COMUNICACOES INTERACTIVAS SA, FARO, FARO, PT. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:45:00 | WinXP | 71.106.193.48 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MONICA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:03:00 | Win2K-f | 72.234.8.197 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HONOLULU, HAWAII, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:05:00 | WinXP | 166.165.204.69 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.220.124:80 US:205.128.79.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:17 hits: 06-25 to 07-21] 7f6e032fc0 [Firefox:17 hits: 06-25 to 07-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:15:00 | WinXP | 116.59.141.220 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 8e4e9c46a1 [Firefox: 3 hits: 07-13 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:17:27:00 | WinXP | 70.165.19.46 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:207.123.37.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] a08f3b74a4 [Firefox:265 hits: 06-18 to 07-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:43:00 | WinXP | 216.81.98.126 (ACCESSATC.NET): ALMA TELEPHONE, ALMA, GEORGIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1434 hits: 12-31 to 07-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:00:00 | Win2K-f | 24.78.39.17 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:204.160.126.124:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 25 of 34 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] b6cf789b7d NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:18:11:00 | Win2K-f | 211.52.164.94 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 32 |
168aab35a3 [Firefox:61 hits: 06-17 to 07-21] 4c3df24b32 [Firefox:105 hits: 06-17 to 07-21] b5919931fe [Firefox:142 hits: 06-20 to 07-21] |
none[4] 4c3df24b32[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:18:13:00 | WinXP | 216.78.120.51 (BELLSOUTH.NET): BELLSOUTH.NET INC, SAVANNAH, GEORGIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1434 hits: 12-31 to 07-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:31:00 | WinXP | 66.69.78.123 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. (100Mbps) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | e321efdb3f [Firefox:10 hits: 05-07 to 07-14] |
none[none] | none:none |
none|none | none | none |
| T:18:31:00 | Win2K-f | 209.214.48.144 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATHENS, TENNESSEE, US. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
irc http 47 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 33 30 of 33 |
897d59617c [Firefox:51 hits: 06-28 to 07-19] ab47e4577c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:51:00 | Win2K-f | 4.137.73.200 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHARLOTTE, NORTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 | 1f5e79b151 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:26:00 | WinXP | 216.76.236.53 (BELLSOUTH.NET): BELLSOUTH.NET INC, FLORENCE, ALABAMA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | 917f99560a NEW |
none[none] | none:none |
none|none | none | none |
| 19:31:00 | WinXP | 172.190.129.9 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.46.125:80 US:207.123.47.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 34 |
0fd0b81a16 NEW 62b232a611 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:33:00 | Win2K-f | 24.66.232.219 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:41:00 | WinXP | 76.184.92.169 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. (100Mbps) |
n/a | DE:siliconfireware.ru DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:1129 hits: 05-01 to 07-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:01:00 | WinXP | 118.20.87.207 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:17:00 | WinXP | 122.16.90.34 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:189 hits: 09-28 to 07-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:23:00 | Win2K-f | 124.61.34.217 (-): POWERCOM, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
irc http 173 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 25 of 33 30 of 33 30 of 33 |
6eddc8716c [Firefox: 3 hits: 06-17 to 07-02] 897d59617c [Firefox:51 hits: 06-28 to 07-19] aa6a25b2d8 [Firefox: 2 hits: 06-25 to 07-02] ab47e4577c NEW |
none[4] none [none] none [none] none [none] |
none:none none:none none:none none:none |
tElock| none|none none|none none|none |
none none none none |
trace none none none |
| T:20:30:00 | WinXP | 190.189.220.40 (NET.AR): PRIMA S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:31:00 | WinXP | 190.189.220.40 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:33:00 | Win2K-f | 68.149.226.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:45:00 | WinXP | 118.20.87.207 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:53:00 | WinXP | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] |
none[4] | none:none |
tElock| | none | trace |
| T:21:03:00 | WinXP | 199.37.173.206 (ATT.NET): AT&T WORLDNET SERVICES, MIDDLETOWN, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] b7082104e4 [Firefox:54 hits: 06-18 to 07-20] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:21:14:00 | Win2K-f | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 57ce4acac2 [Firefox:68 hits: 06-17 to 07-21] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:25:00 | Win2K-f | 24.67.21.94 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:29:00 | WinXP | 118.165.12.95 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 [Firefox: 9 hits: 07-09 to 07-20] |
none[none] | none:none |
none|none | none | none |
| T:21:46:00 | WinXP | 68.146.140.63 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | 917f99560a NEW |
none[none] | none:none |
none|none | none | none |
| 21:46:00 | WinXP | 68.146.140.63 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | 917f99560a NEW |
none[none] | none:none |
none|none | none | none | |
| 21:48:00 | WinXP | 218.164.121.248 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 2b8c0ae381 [Firefox: 2 hits: 07-13 to 07-17] |
none[none] | none:none |
none|none | none | none | |
| 21:53:00 | Win2K-f | 24.84.52.42 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:204.160.126.124:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
1a3a423319 [Firefox: 3 hits: 06-26 to 07-18] d4c7af762e [Firefox: 3 hits: 06-26 to 07-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:00:00 | Win2K-f | 71.102.246.168 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MARIA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.124:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:01:00 | Win2K-f | 24.82.158.44 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, PORTAGE, MANITOBA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:15:00 | WinXP | 121.115.108.67 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:728 hits: 07-11 to 07-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:23:00 | WinXP | 70.241.197.186 (SWBELL.NET): PPPOX POOL - BRAS1 STLSM, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | EU:siliconfireware.ru SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org :marsho.dk :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.194.210.198:80 69.64.145.229:80 US:72.29.65.216:80 EU:78.47.200.154:80 FI:80.81.183.162:80 SE:88.80.5.157:80 SE:88.80.5.15:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:57 hits: 05-10 to 07-06] |
none[3] | none:none |
ASPack| | none | trace |
| 22:39:00 | WinXP | 117.99.56.245 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
18 of 29 | 0f033f7f3a [Firefox: 2 hits: 11-02 to 05-10] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:22:39:00 | WinXP | 117.99.56.245 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:1434 hits: 12-31 to 07-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:41:00 | WinXP | 84.237.151.224 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 34 | 9f5e2a4b42 NEW |
none[none] | none:none |
none|none | none | none |
| 22:44:00 | Win2K-f | 61.34.136.45 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:68 hits: 06-17 to 07-21] 83f26f5044 [Firefox:11 hits: 06-20 to 07-21] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:22:49:00 | Win2K-f | 70.61.108.121 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:815 hits: 06-17 to 07-21] 73f1082158 [Firefox:403 hits: 06-18 to 07-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:51:00 | WinXP | 61.37.212.58 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:68 hits: 06-17 to 07-21] 83f26f5044 [Firefox:11 hits: 06-20 to 07-21] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 22:57:00 | WinXP | 12.73.153.5 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:57:00 | WinXP | 12.73.153.5 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:3228 hits: 12-31 to 07-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:18:00 | Win2K-f | 211.52.163.211 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:206.33.45.125:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 1 of 33 |
52be1ae46f NEW d206332505 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:30:00 | WinXP | 12.78.7.13 (ATT.NET): AT&T WORLDNET SERVICES, MIAMI, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:494 hits: 12-31 to 07-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:39:00 | WinXP | 61.215.135.191 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, TOKYO, TOKYO, JP. (DSL) |
n/a | DE:siliconfireware.ru :www.proxy-socks.net :wpad RU:www.bbin.ru RU:195.200.213.52:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:33 hits: 05-17 to 07-21] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 23:46:00 | WinXP | 116.122.203.139 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
1509c8d024 [Firefox: 8 hits: 06-17 to 07-15] bd3f6e4ea3 [Firefox: 2 hits: 07-07 to 07-15] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |