|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:13:00 | WinXP | 86.129.241.33 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:288 hits: 12-31 to 08-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:00:14:00 | WinXP | 218.160.67.102 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | ba4da2e65e [Firefox: 3 hits: 07-29 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:00:31:00 | WinXP | 117.99.8.57 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 00:43:00 | Win2K-f | 78.29.95.180 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:44:00 | WinXP | 89.137.206.122 (-): ASTRAL ROMAN DOCSIS NETWORK, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:44:00 | Win2K-f | 118.169.1.229 (-): . |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:44:00 | WinXP | 89.136.11.253 (-): ASTRAL BUZAU DOCSIS NETWORK, GALATI, GALATI, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:45:00 | WinXP | 89.137.59.193 (UPCNET.RO): ASTRAL-UPC ROMAN, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:47:00 | Win2K-f | 78.96.218.37 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:48:00 | Win2K-f | 78.96.186.96 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:50:00 | WinXP | 91.65.103.34 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:51:00 | WinXP | 77.109.16.203 (-): PEOPLENET USERS DNEPR, UA. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:52:00 | Win2K-f | 85.186.112.204 (-): ASTRAL HR GHEORGHIENI, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:00:53:00 | WinXP | 24.24.213.219 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTMINSTER, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.149:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:58:00 | WinXP | 89.136.11.253 (-): ASTRAL BUZAU DOCSIS NETWORK, GALATI, GALATI, RO. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 00:58:00 | Win2K-f | 78.107.156.134 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:00:00 | WinXP | 78.107.156.134 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:01:00 | Win2K-f | 125.230.70.227 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:03:00 | Win2K-f | 218.169.200.69 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:03:00 | WinXP | 91.64.195.98 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:04:00 | WinXP | 77.76.164.195 (-): OPTILINK, BG. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:10:00 | WinXP | 118.166.195.243 (-): . |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:12:00 | Win2K-f | 78.97.59.124 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.90:9890 | :f.unicat.org FR:www.members.lycos.co.uk 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 01:16:00 | WinXP | 122.122.219.29 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:17:00 | Win2K-f | 82.246.205.235 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
69.42.216.90:9890 | :f.unicat.org 69.42.216.90:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:01:28:00 | Win2K-f | 123.212.181.118 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:43:00 | WinXP | 207.102.64.77 (STOCKWATCH.COM): TELUS COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:56:00 | WinXP | 80.121.36.124 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:71 hits: 01-08 to 08-05] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 02:02:00 | WinXP | 78.225.160.21 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f20d2c0b8e [Firefox: 2 hits: 07-24 to 07-24] |
none[none] | none:none |
none|none | none | none |
| T:02:10:00 | Win2K-f | 83.145.64.138 (COMPLETEL.NET): HOTEL-MERIDIEN-ETOILE, PARIS, ILE-DE-FRANCE, FR. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:12:00 | Win2K-f | 211.215.75.211 (HANANET.NET): HANARO TELECOM INC, PUSAN, PUSAN-GWANGYOKSI, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:13:00 | WinXP | 122.53.180.7 (PLDT.NET): IPG, PH. |
210.245.211.11:65520 67.43.236.99:1863 | HK:proxim.ircgalaxy.pl CA:xx.enterhere.biz CA:alwayssam.com CA:zonetech.info IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:130.107.226.152:26569 |
135 | pcap | raw alerts ruleset |
irc http 351 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 17 of 35 14 of 36 15 of 36 14 of 36 33 of 36 |
11768b975d NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] 9b09258622 NEW b6e55274d0 NEW cd0d825f7a NEW ced40b5b13 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| 02:48:00 | WinXP | 117.99.19.224 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 02:52:00 | Win2K-f | 70.61.156.13 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 03:30:00 | WinXP | 157.157.105.210 (SIMNET.IS): ICENET, IS. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:237 hits: 01-05 to 08-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:31:00 | WinXP | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.124:80 US:207.123.42.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:42:00 | WinXP | 193.250.67.149 (ABO.WANADOO.FR): WANADOO, ROTTERDAM, ZUID-HOLLAND, NL. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:71 hits: 01-08 to 08-05] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 04:18:00 | Win2K-f | 216.198.162.113 (MCLOUDTELECO.COM): INTELLEQ COMMUNICATIONS CORPORATION, NEWALLA, OKLAHOMA, US. (DSL) |
72.10.172.218:2938 | HK:proxima.ircgalaxy.pl CA:japan.youngpeyatech.info HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc 646 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 7a1bcbbe62 NEW |
none[none] | none:none |
none|none | none | none |
| 04:19:00 | Win2K-f | 151.33.177.147 (33-151.IOL.IT): ITALIA ONLINE S.P.A, NOVARA, PIEMONTE, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:39:00 | WinXP | 116.126.200.26 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 33 29 of 32 |
e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] f10855e3e1 [Firefox: 3 hits: 06-19 to 08-01] f7f799f818 [Firefox: 4 hits: 06-19 to 08-01] |
e07c29c4ae [1] f10855e3e1[1] none [4] |
ASM:Graph ASM:Graph none:none |
FSG| Armadillo| tElock| |
lines=92 lines=82 none |
trace trace trace |
| 04:42:00 | WinXP | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.66.126:80 US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 [Firefox: 2 hits: 06-18 to 06-24] f0e73c39a8 [Firefox: 3 hits: 06-18 to 07-19] |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:04:48:00 | WinXP | 151.33.81.29 (33-151.IOL.IT): ITALIA ONLINE S.P.A, MILANO, LOMBARDIA, IT. (DIAL) |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 04:53:00 | WinXP | 78.50.65.105 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | ee0d1e2818 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:53:00 | WinXP | 78.50.65.105 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | ee0d1e2818 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:57:00 | Win2K-f | 116.127.167.184 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | IL:bfb89.a1001186.wrs.mcboo.com IL:194.90.224.86:80 |
135 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:06:00 | Win2K-f | 170.51.196.182 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 05:15:00 | Win2K-f | 76.167.57.173 (RR.COM): ROAD RUNNER HOLDCO LLC, LANCASTER, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:17:00 | WinXP | 66.226.36.205 (YADTEL.NET): YADKIN VALLEY TELEPHONE, HAMPTONVILLE, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:28 hits: 01-07 to 07-13] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:05:40:00 | Win2K-f | 151.33.177.147 (33-151.IOL.IT): ITALIA ONLINE S.P.A, NOVARA, PIEMONTE, IT. (DIAL) |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:05:41:00 | WinXP | 59.121.109.173 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 7daef8b318 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:50:00 | WinXP | 201.69.186.23 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru AT:graz.at.eu.undernet.org FI:london.uk.eu.undernet.org :lulea.se.eu.undernet.org :flanders.be.eu.undernet.org SE:viking.dal.net :caen.fr.eu.undernet.org SE:ozbytes.dal.net :gaspode.zanet.org.za :washington.dc.us.undernet.org :brussels.be.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:06:06:00 | WinXP | 218.211.221.115 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 0 of 33 |
58da508e93 NEW b6e3df9fe9 NEW e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:06:12:00 | Win2K-f | 125.4.246.154 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
n/a | US:wr.mcboo.com IL:194.90.224.86:80 |
135 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:14:00 | WinXP | 66.50.89.1 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:916 hits: 12-31 to 08-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:24:00 | Win2K-f | 130.13.145.161 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
92.114.4.2:6667 | :irc.qifort.rr.nu | 445 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 3de9abec19 [Firefox: 5 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:06:53:00 | Win2K-f | 99.170.21.97 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:55:00 | WinXP | 172.129.6.159 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.42.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:13 hits: 07-03 to 08-04] c73f738c30 [Firefox:13 hits: 07-03 to 08-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:57:00 | WinXP | 200.127.255.181 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:07:05:00 | Win2K-f | 24.80.171.205 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:10:00 | WinXP | 122.25.220.99 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:237 hits: 01-05 to 08-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:11:00 | WinXP | 211.52.163.55 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:206.33.43.126:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
06f27eb5cb [Firefox: 4 hits: 07-02 to 07-21] d27dfd506b [Firefox: 4 hits: 07-02 to 07-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:13:00 | Win2K-f | 122.2.150.40 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:206.33.43.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
4b7f0ff270 NEW 777b1c5728 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:17:00 | WinXP | 62.11.116.105 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad GB:new.egg.com |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:197 hits: 01-01 to 08-05] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:07:19:00 | Win2K-f | 71.109.96.24 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CAMARILLO, CALIFORNIA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
277034540e [Firefox: 2 hits: 07-12 to 07-16] ea43badccf [Firefox: 2 hits: 07-12 to 07-16] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:24:00 | Win2K-f | 4.160.84.230 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:25:00 | WinXP | 59.103.42.254 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:34:00 | WinXP | 88.28.224.119 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:237 hits: 01-05 to 08-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:36:00 | WinXP | 119.228.129.186 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:237 hits: 01-05 to 08-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:52:00 | WinXP | 88.168.4.224 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | c707b3f22a NEW |
none[none] | none:none |
none|none | none | none |
| T:08:00:00 | Win2K-f | 4.255.206.9 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, YUKON, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:18:00 | WinXP | 61.251.14.135 (-): DAEJEON TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 0 of 33 |
074325ecbc [Firefox: 6 hits: 07-02 to 08-02] 2a66fc87fa [Firefox: 6 hits: 07-02 to 08-02] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 08:31:00 | WinXP | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 57ce4acac2 [Firefox:98 hits: 06-17 to 08-05] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 08:42:00 | WinXP | 130.13.107.205 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 99625a1ee8 [Firefox: 3 hits: 02-25 to 03-27] |
61b2897eda [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:08:42:00 | WinXP | 130.13.107.205 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 99625a1ee8 [Firefox: 3 hits: 02-25 to 03-27] |
61b2897eda [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| T:08:46:00 | Win2K-f | 219.39.220.70 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:58:00 | WinXP | 117.99.58.170 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 9543d041a7 [Firefox: 6 hits: 02-18 to 07-14] |
49e3eed5c5 [0] | ASM:Graph |
PolyEnE| | lines=77 embedded dns |
trace |
| 09:06:00 | WinXP | 4.230.114.146 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:916 hits: 12-31 to 08-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:43:00 | Win2K-f | 75.85.112.104 (RR.COM): ROAD RUNNER HOLDCO LLC, PLACENTIA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 09:51:00 | Win2K-f | 96.10.122.204 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 0 of 32 |
95a1e56583 [Firefox: 2 hits: 08-02 to 08-04] b39357c344 [Firefox: 2 hits: 08-02 to 08-04] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:10:00:00 | WinXP | 98.141.160.71 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:03:00 | WinXP | 155.239.60.87 (TELKOM-IPNET.CO.ZA): AFRINIC, JOHANNESBURG, GAUTENG, ZA. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
98170bd8d2 NEW a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:10:04:00 | Win2K-f | 69.105.31.245 (PACBELL.NET): PPPOX POOL - RBACK4.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:04:00 | WinXP | 118.240.192.116 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 49 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 10:05:00 | WinXP | 88.168.4.224 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c707b3f22a NEW |
none[none] | none:none |
none|none | none | none |
| T:10:08:00 | WinXP | 118.0.124.153 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 49 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 10:09:00 | Win2K-f | 217.144.222.175 (NET.PL): INTERNET SOLUTIONS ISP, TARNOW, MALOPOLSKIE, PL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 35 | 4dc276c0f2 NEW |
none[none] | none:none |
none|none | none | none | |
| 10:14:00 | WinXP | 88.134.43.134 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. (DSL) |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 59 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | b4a43d2c1c [Firefox: 2 hits: 06-30 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 10:16:00 | Win2K-f | 88.134.176.51 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 80433c452f [Firefox: 4 hits: 06-30 to 07-02] |
none[none] | none:none |
none|none | none | none | |
| T:10:17:00 | Win2K-f | 60.239.8.187 (MESH.AD.JP): NEC CORPORATION, JP. |
118.236.160.101:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 36 | b5a2d54399 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:19:00 | WinXP | 193.250.16.189 (ABO.WANADOO.FR): FRANCE TELECOM, LYON, RHONE-ALPES, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:71 hits: 01-08 to 08-05] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 10:29:00 | WinXP | 81.12.70.203 (-): FARHANG AZMA COMMUNICATIONS, IR. |
n/a | HK:proxim.ircgalaxy.pl DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com UA:vit.ln.ua :baner.vit EU:ebookfinaltrash.ru :wpad HK:210.245.211.11:65520 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 0 of 36 |
53dca88e49 NEW a9f941e6b3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:31:00 | Win2K-f | 78.49.190.0 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:10:32:00 | Win2K-f | 118.19.113.56 (-): . |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 9750d49a0f [Firefox: 3 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:10:36:00 | Win2K-f | 63.163.196.7 (THALES-BM.COM): THALES BROADCAST, WESTFIELD, MASSACHUSETTS, US. |
118.236.160.101:12351 | HK:proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
irc 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:38:00 | Win2K-f | 122.146.240.63 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:39:00 | Win2K-f | 124.98.120.130 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:10:40:00 | WinXP | 118.6.77.116 (-): . |
118.236.160.101:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 68 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 8223c46f18 NEW |
none[none] | none:none |
none|none | none | none |
| 10:43:00 | Win2K-f | 92.5.142.191 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:50:00 | WinXP | 89.41.88.196 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5afacb4db2 NEW |
none[none] | none:none |
none|none | none | none |
| 10:53:00 | WinXP | 118.0.124.153 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 72 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | Win2K-f | 130.13.220.24 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 185 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 35 | d190f1f6c6 [Firefox: 9 hits: 07-29 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:10:56:00 | WinXP | 207.144.75.217 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, MYRTLE BEACH, SOUTH CAROLINA, US. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:10:57:00 | WinXP | 124.98.120.130 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 50 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:11:01:00 | Win2K-f | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:03:00 | WinXP | 86.133.243.48 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWINDON, ENGLAND, UK. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 64 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:11:05:00 | WinXP | 211.92.206.246 (CNUNINET.NET): CHINA UNITED TELECOMMUNICATIONS CORPORATION, CN. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info CN:a.ahdjejgf.com US:130.107.227.145:25225 |
135 | pcap | raw alerts ruleset |
irc http 317 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 29 of 36 14 of 36 15 of 36 14 of 36 |
11768b975d NEW 60d1578a9e NEW 9b09258622 NEW b6e55274d0 NEW cd0d825f7a NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:11:15:00 | WinXP | 190.138.144.243 (NET.AR): TELECOM ARGENTINA S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:46 hits: 01-14 to 08-02] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 11:15:00 | WinXP | 76.168.73.62 (RR.COM): ROAD RUNNER HOLDCO LLC, VENICE, CALIFORNIA, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:288 hits: 12-31 to 08-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:19:00 | Win2K-f | 120.75.29.115 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:11:19:00 | Win2K-f | 70.184.80.9 (COX.NET): COX COMMUNICATIONS, TEMPE, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 0 of 32 32 of 36 |
6d0afb2b54 NEW b5919931fe [Firefox:240 hits: 06-20 to 08-05] fbd87f4eaa NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 11:23:00 | WinXP | 65.191.191.140 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:118 hits: 01-01 to 08-01] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 11:24:00 | Win2K-f | 122.16.71.58 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 33 | a793802e3c [Firefox: 5 hits: 06-28 to 08-04] |
none[none] | none:none |
none|none | none | none |
| T:11:27:00 | WinXP | 82.141.80.34 (KOTINET.COM): POHJANMAAN PPO OY, YLIVIESKA, OULUN LAANI, FI. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.8 profile |
none | summary tarball |
18 of 36 | e4d3794f7a NEW |
none[none] | none:none |
none|none | none | none |
| 11:37:00 | Win2K-f | 82.141.80.34 (KOTINET.COM): POHJANMAAN PPO OY, YLIVIESKA, OULUN LAANI, FI. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 39 lines |
Yeah : 1.8 profile |
none | summary tarball |
18 of 36 | e4d3794f7a NEW |
none[none] | none:none |
none|none | none | none |
| 11:39:00 | WinXP | 221.126.100.5 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
118.236.160.101:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 69 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | 514dd25ab3 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:40:00 | WinXP | 89.45.120.182 (CLAX.RO): ISP, TIMISOARA, TIMIS, RO. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:14 hits: 07-25 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 11:43:00 | WinXP | 66.226.35.117 (YADTEL.NET): YADKIN VALLEY TELEPHONE, HAMPTONVILLE, NORTH CAROLINA, US. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:kidos-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 654e02c09c NEW |
none[none] | none:none |
none|none | none | none |
| T:11:50:00 | WinXP | 120.75.29.115 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 11:51:00 | Win2K-f | 89.137.182.81 (-): ASTRAL PLOIESTI DOCSIS NETWORK, PLOIESTI, PRAHOVA, RO. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:11:55:00 | WinXP | 61.203.21.34 (MESH.AD.JP): NEC CORPORATION, TOKYO, TOKYO, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:11:56:00 | Win2K-f | 119.72.89.185 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 | eed6a50223 NEW |
none[none] | none:none |
none|none | none | none |
| 12:00:00 | WinXP | 122.29.52.223 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 44 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 12:01:00 | WinXP | 220.104.112.248 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 50 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:12:05:00 | Win2K-f | 82.56.128.253 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IMPERIA, LIGURIA, IT. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 12:06:00 | Win2K-f | 75.85.112.104 (RR.COM): ROAD RUNNER HOLDCO LLC, PLACENTIA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:09:00 | WinXP | 4.242.57.49 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, EVERETT, WASHINGTON, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:09:00 | Win2K-f | 217.144.3.45 (-): NETWORK EXCHANGE TECHNOLOGY, AMMAN, 'AMMAN, JO. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| 12:10:00 | Win2K-f | 83.11.64.190 (TPNET.PL): NEOSTRADA PLUS, PL. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 8d51183047 [Firefox: 3 hits: 06-29 to 08-02] |
none[none] | none:none |
none|none | none | none | |
| T:12:11:00 | WinXP | 89.51.159.144 (PPPOOL.DE): FREENET CITYLINE GMBH, 'S-HERTOGENBOSCH, NOORD-BRABANT, NL. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:spi.domainsponsor.com DE:ebookfinaltrash.ru |
445 | pcap | raw alerts ruleset |
http http http http 32 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
873e393f89 NEW a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:12:16:00 | WinXP | 68.145.73.155 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 25d78144c5 NEW |
none[none] | none:none |
none|none | none | none |
| 12:18:00 | WinXP | 83.97.250.168 (CM-83-97-244-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru BE:london.uk.eu.undernet.org :brussels.be.eu.undernet.org :washington.dc.us.undernet.org AT:graz.at.eu.undernet.org SE:broadway.ny.us.dal.net SE:coins.dal.net :los-angeles.ca.us.undernet.org SE:vancouver.dal.net SE:viking.dal.net SE:ced.dal.net NL:diemen.nl.eu.undernet.org SE:ozbytes.dal.net :caen.fr.eu.undernet.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c9d01112a8 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | Win2K-f | 92.21.168.6 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 00dd9f9a73 NEW |
none[none] | none:none |
none|none | none | none |
| 12:22:00 | WinXP | 67.150.18.184 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru EU:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:916 hits: 12-31 to 08-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:26:00 | WinXP | 92.5.142.191 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:30:00 | WinXP | 63.18.157.65 (UU.NET): UUNET TECHNOLOGIES INC, CONNERSVILLE, INDIANA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 28 of 32 |
4d80398b09 NEW 9bc67c754e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:32:00 | Win2K-f | 170.51.115.42 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 12:33:00 | Win2K-f | 222.149.26.201 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 35 | b13b669243 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:39:00 | WinXP | 76.168.102.104 (RR.COM): ROAD RUNNER HOLDCO LLC, SYLMAR, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 12:41:00 | WinXP | 84.100.221.105 (GAOLAND.NET): DYNAMIC POOLS, FR. |
118.236.160.101:13001 | HK:proxim.ircgalaxy.pl :chat-shqip.org HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 50 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | 760857f826 NEW |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | WinXP | 41.214.177.8 (-): . |
n/a | UA:citi-bank.ru DE:kidos-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | a483ba8aa1 [Firefox:12 hits: 07-09 to 07-27] |
none[none] | none:none |
none|none | none | none |
| 12:47:00 | WinXP | 87.205.95.100 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru US:adult-empire.com UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:14 hits: 07-25 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:12:47:00 | WinXP | 87.205.95.100 (INETIA.PL): INTERNETIA, PL. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 509b3029f8 [Firefox:14 hits: 07-25 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:12:50:00 | WinXP | 86.55.161.22 (EVOLVATELECOM.NET): EVOLVA TELECOM S.R.L, RO. |
n/a | RU:moscow-advokat.ru RU:irc.tsk.ru :gaspode.zanet.org.za RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:10 hits: 01-01 to 08-01] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| T:13:03:00 | Win2K-f | 85.180.191.64 (ALICEDSL.DE): HANSENET-ADSL, FRANKFURT, HESSEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| 13:04:00 | WinXP | 86.96.24.171 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 790dcb2cfc NEW |
none[none] | none:none |
none|none | none | none |
| T:13:08:00 | Win2K-f | 58.88.42.73 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| 13:09:00 | WinXP | 201.69.222.164 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 93afd0b12c NEW |
none[none] | none:none |
none|none | none | none |
| 13:10:00 | Win2K-f | 85.250.23.65 (NETVISION.NET.IL): BROADBAND-PT, TEL AVIV, TEL AVIV, IL. |
69.42.216.90:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 41 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:376 hits: 03-31 to 08-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 13:11:00 | Win2K-f | 85.23.23.86 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 35 lines |
Yeah : 1.8 profile |
none | summary tarball |
14 of 36 | 90c4c142d5 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:22:00 | Win2K-f | 122.16.111.229 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:13:22:00 | Win2K-f | 208.127.234.61 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 0 of 32 30 of 33 |
2ef2f78792 [Firefox:10 hits: 06-21 to 08-02] b5919931fe [Firefox:240 hits: 06-20 to 08-05] b7a332eb7c [Firefox:10 hits: 06-21 to 08-02] |
2ef2f78792 [1] b5919931fe[1] none [4] |
ASM:Graph ASM:Graph none:none |
Armadillo| ASProtect| tElock| |
lines=82 lines=90 none |
trace trace trace |
| 13:32:00 | WinXP | 118.9.219.130 (-): . |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
12 of 32 | 91653172e0 [Firefox: 3 hits: 06-29 to 08-04] |
none[none] | none:none |
none|none | none | none |
| T:13:39:00 | WinXP | 66.2.141.220 (ALGX.NET): XO COMMUNICATIONS, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox: 3 hits: 02-16 to 06-25] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 13:45:00 | WinXP | 170.51.95.194 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:48:00 | WinXP | 98.141.161.175 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:48:00 | WinXP | 77.232.120.176 (-): INTERNATIONAL COMPUTER COMPANY LTD, JEDDAH, MAKKAH, SA. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f8763e5dea NEW |
none[none] | none:none |
none|none | none | none |
| 13:50:00 | Win2K-f | 220.105.162.54 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | dd1195e952 [Firefox: 3 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none | |
| 13:50:00 | WinXP | 83.92.188.254 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad CA:www.cibc.com |
445 | pcap | raw alerts ruleset |
http http http http 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:50:00 | Win2K-f | 124.87.252.142 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.8 profile |
none | summary tarball |
10 of 33 | d2c26e07fd [Firefox:249 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:13:54:00 | Win2K-f | 208.68.98.59 (HTCPLUS.COM): HOME TOWN TELEPHONE LLC, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:58:00 | WinXP | 80.223.98.22 (INET.FI): BROADBAND ACCESS POOL, HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 78b29f38ed [Firefox: 5 hits: 06-29 to 06-30] |
none[none] | none:none |
none|none | none | none |
| 13:59:00 | WinXP | 96.13.248.30 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 184 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 0 of 33 |
6d86a1ff5a [Firefox:26 hits: 06-25 to 08-05] 7f6e032fc0 [Firefox:26 hits: 06-25 to 08-05] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 14:03:00 | Win2K-f | 71.98.248.129 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SARASOTA, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:09:00 | Win2K-f | 69.105.31.245 (PACBELL.NET): PPPOX POOL - RBACK4.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:22:00 | Win2K-f | 92.0.119.210 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 | 60a065f793 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:43:00 | Win2K-f | 170.51.163.62 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:14:45:00 | WinXP | 219.44.12.25 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:46:00 | WinXP | 170.51.201.7 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:48:00 | WinXP | 63.28.11.210 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:51:00 | Win2K-f | 122.16.71.58 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
118.236.160.101:13001 | :chat-shqip.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 33 | a793802e3c [Firefox: 5 hits: 06-28 to 08-04] |
none[none] | none:none |
none|none | none | none |
| 15:11:00 | Win2K-f | 76.168.102.104 (RR.COM): ROAD RUNNER HOLDCO LLC, SYLMAR, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:16:00 | WinXP | 170.51.176.39 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 92074072cc NEW |
none[none] | none:none |
none|none | none | none |
| 15:22:00 | Win2K-f | 208.84.203.85 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:32:00 | Win2K-f | 66.61.144.222 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.115:80 US:208.111.148.137:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a86bdb31d3 [Firefox: 2 hits: 07-03 to 07-25] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 15:33:00 | Win2K-f | 122.17.207.223 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:15:39:00 | Win2K-f | 170.51.163.62 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:15:48:00 | Win2K-f | 213.25.120.147 (-): TELEWIZJA KABLOWA SWIDNIK SP. Z O.O, PL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 33 | ca15c09536 [Firefox:277 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| T:15:51:00 | WinXP | 66.220.226.17 (VERMONTEL.NET): VERMONT TELEPHONE COMPANY INC, CHESTER, VERMONT, US. |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru US:www.worldbank.org DE:kavkaz.co.uk :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru SE:kavkaz.tv :pnlkria.ru :kargai.ru RU:alfabank.ru :kfwfceki.ru US:crime-research.ru :nhuwxyuw.ru :udluzuq.ru :fiazpvnne.ru GB:www.candidateverifier.com NL:www.viruslist.com :ppxuub.ru :lvwgdhwlj.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:19 hits: 04-18 to 07-17] |
none[3] | none:none |
tElock| | none | trace |
| 15:57:00 | Win2K-f | 211.59.72.105 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 |
4c3df24b32 [Firefox:129 hits: 06-17 to 08-05] 8390780c27 [Firefox:31 hits: 06-18 to 08-04] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:16:05:00 | Win2K-f | 68.144.71.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
0c1c51204b [Firefox: 4 hits: 06-18 to 08-02] 3d293743d8 [Firefox: 4 hits: 06-18 to 08-02] |
0c1c51204b [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 16:09:00 | WinXP | 125.197.8.186 (MESH.AD.JP): NEC CORPORATION, JP. |
118.236.160.101:13001 | :chat-shqip.org :w3bs.chat-shqip.org 118.236.160.101:12351 118.236.160.101:13001 |
445 | pcap | raw alerts ruleset |
ftp irc 37 lines |
Yeah : 1.8 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 16:10:00 | Win2K-f | 77.54.190.163 (REV.VODAFONE.PT): VODAFONE TELECEL COMUNICACOES PESSOAIS SA, PT. |
118.236.160.101:13001 | :chat-shqip.org HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.8 profile |
none | summary tarball |
18 of 36 | eaf420319d NEW |
none[none] | none:none |
none|none | none | none |
| 16:11:00 | Win2K-f | 75.119.18.41 (LDMI.COM): TALK AMERICA, RESTON, VIRGINIA, US. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:12:00 | WinXP | 70.254.2.54 (SWBELL.NET): PPPOX POOL - RBACK24.HSTNTX, HOUSTON, TEXAS, US. (DIAL) |
n/a | DE:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru :wpad US:searchportal.information.com DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 46 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:24:00 | Win2K-f | 125.200.92.220 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 33 | 17739a55ad [Firefox:275 hits: 06-27 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| 16:25:00 | WinXP | 221.184.227.44 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :chat-shqip.org :w3bs.chat-shqip.org 118.236.160.101:12351 118.236.160.101:13001 |
445 | pcap | raw alerts ruleset |
ftp 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | dd1195e952 [Firefox: 3 hits: 06-28 to 07-01] |
none[none] | none:none |
none|none | none | none |
| 16:31:00 | Win2K-f | 99.155.231.245 (-): . |
n/a | HK:proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:40:00 | Win2K-f | 218.237.185.45 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 31 of 33 0 of 32 |
8390780c27 [Firefox:31 hits: 06-18 to 08-04] af88ae89f8 [Firefox: 4 hits: 06-18 to 07-24] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] af88ae89f8[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| 16:42:00 | WinXP | 213.240.13.71 (ISTRA.CO.YU): YUNET INTERNATIONAL, CS. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com :www.proxy-socks.net |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:48:00 | WinXP | 116.127.229.56 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 3 of 35 0 of 33 |
4b1e5a8e77 [Firefox: 3 hits: 07-05 to 07-26] 9a62aaacc0 [Firefox: 2 hits: 07-25 to 07-26] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 16:56:00 | Win2K-f | 118.1.228.27 (-): . |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | a4fbe49195 [Firefox: 3 hits: 06-27 to 07-01] |
none[none] | none:none |
none|none | none | none |
| T:17:08:00 | WinXP | 201.69.190.144 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:15:00 | Win2K-f | 130.13.205.40 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 36 | 3de9abec19 [Firefox: 5 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none | |
| 17:15:00 | WinXP | 130.13.205.40 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
92.114.4.2:6667 | :irc.qifort.rr.nu | 445 | pcap | raw alerts ruleset |
ftp irc 46 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 3de9abec19 [Firefox: 5 hits: 08-02 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:17:18:00 | Win2K-f | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:21:00 | WinXP | 170.51.141.239 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:17:30:00 | WinXP | 77.20.213.148 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru :washington.dc.us.undernet.org SE:vancouver.dal.net US:lia.zanet.net :gaspode.zanet.org.za NL:london.uk.eu.undernet.org AT:graz.at.eu.undernet.org :flanders.be.eu.undernet.org SE:ozbytes.dal.net SE:broadway.ny.us.dal.net :los-angeles.ca.us.undernet.org SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b NEW |
none[none] | none:none |
none|none | none | none |
| 17:34:00 | WinXP | 222.15.161.79 (DION.NE.JP): DION (KDDI CORPORATION), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:237 hits: 01-05 to 08-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:17:37:00 | Win2K-f | 151.118.162.81 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:37:00 | WinXP | 66.6.177.176 (DIALASSURANCE.COM): DIAL ASSURANCE INC, STAMFORD, CONNECTICUT, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:118 hits: 01-01 to 08-01] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 17:39:00 | Win2K-f | 24.108.18.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
a1d14d421e NEW f687d42b18 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:50:00 | WinXP | 130.13.114.228 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 194 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 34 | 07ad6afc45 [Firefox: 5 hits: 07-27 to 08-01] |
none[none] | none:none |
none|none | none | none |
| 17:51:00 | Win2K-f | 84.187.97.207 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, DE. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
ftp 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4db283bb0f [Firefox: 2 hits: 08-04 to 08-05] |
none[none] | none:none |
none|none | none | none |
| T:18:09:00 | WinXP | 71.98.248.129 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SARASOTA, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 18:33:00 | Win2K-f | 4.184.86.241 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAKEWOOD, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 44 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | c053841f79 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:34:00 | WinXP | 190.18.27.72 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:34:00 | WinXP | 190.18.27.72 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:37:00 | WinXP | 24.95.243.180 (RR.COM): ROAD RUNNER HOLDCO LLC, ORANGE CITY, FLORIDA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:42:00 | WinXP | 211.21.186.122 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | :xx.nadnadzz.info | 135 | pcap | raw alerts ruleset |
other 346 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | 98cd9b1699 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:51:00 | Win2K-f | 98.141.163.233 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:54:00 | WinXP | 4.226.66.222 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ARLINGTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 168 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] e07c29c4ae [Firefox:168 hits: 06-19 to 08-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 19:19:00 | WinXP | 96.15.233.153 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.79.124:80 US:206.33.45.125:80 US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:26 hits: 06-25 to 08-05] 7f6e032fc0 [Firefox:26 hits: 06-25 to 08-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:23:00 | WinXP | 170.51.73.170 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 19:30:00 | Win2K-f | 24.77.205.226 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info US:130.107.250.214:34462 CA:72.10.166.195:80 CA:72.10.167.74:80 |
135 | pcap | raw alerts ruleset |
irc http 289 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 14 of 36 |
954a98c971 [Firefox: 6 hits: 06-09 to 08-04] 9b09258622 NEW |
none[4] none [none] |
none:none none:none |
FSG| none|none |
none none |
trace none |
| 19:48:00 | WinXP | 201.250.172.7 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 25d78144c5 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:49:00 | WinXP | 201.250.172.7 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 25d78144c5 NEW |
none[none] | none:none |
none|none | none | none |
| 19:54:00 | Win2K-f | 170.51.93.22 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 20:01:00 | WinXP | 151.118.169.210 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
irc http 134 lines |
Yeah : 1.8 profile |
none | summary tarball |
8 of 36 17 of 35 32 of 33 29 of 32 |
4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] 7f66e51c85 [Firefox: 6 hits: 07-11 to 08-05] 9d12fe9d3b [Firefox: 7 hits: 07-11 to 08-05] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 20:02:00 | WinXP | 70.79.234.117 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com IL:dl.mcboo.com US:192.221.110.125:80 US:198.78.201.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
irc http 390 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 36 17 of 35 31 of 33 29 of 33 |
4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] 81264c16dd [Firefox: 6 hits: 07-03 to 08-02] 9a91743938 [Firefox: 7 hits: 07-03 to 08-02] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 20:04:00 | WinXP | 216.8.148.34 (MNSI.NET): MANAGED NETWORK SYSTEMS INC, DETROIT, MICHIGAN, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:288 hits: 12-31 to 08-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:20:21:00 | Win2K-f | 4.226.105.60 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | :speed-runner.com :www.speed-runner.com US:4.226.105.60:707 |
135 | pcap | raw alerts ruleset |
http http http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:25:00 | WinXP | 116.127.232.15 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com US:wr.mcboo.com US:198.78.201.126:80 US:198.78.220.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
irc http 136 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 33 8 of 36 17 of 35 31 of 33 |
06f27eb5cb [Firefox: 4 hits: 07-02 to 07-21] 4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] d27dfd506b [Firefox: 4 hits: 07-02 to 07-21] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 20:32:00 | Win2K-f | 170.51.160.113 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:84 hits: 05-22 to 08-05] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 20:33:00 | WinXP | 69.108.119.227 (PACBELL.NET): IRVNCA INTERNAL, LOS ANGELES, CALIFORNIA, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:157 hits: 01-01 to 08-04] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 20:58:00 | Win2K-f | 65.68.19.187 (-): POPLAR PCS, JONESBORO, ARKANSAS, US. (100Mbps) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
irc http 139 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 8 of 36 17 of 35 28 of 32 |
3f0a5b2ebe [Firefox: 8 hits: 06-18 to 07-26] 4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] c6bfb5f0f2 [Firefox: 8 hits: 06-18 to 07-26] |
none[4] none [none] none [none] c6bfb5f0f2[1] |
none:none none:none none:none ASM:Graph |
PolyEnE| none|none none|none Armadillo| |
none none none lines=81 |
trace none none trace |
| T:21:21:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:27:00 | Win2K-f | 4.225.143.127 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] 73f1082158 [Firefox:580 hits: 06-18 to 08-05] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 21:31:00 | Win2K-f | 68.144.71.83 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com IL:dl.mcboo.com US:192.221.99.124:80 US:199.93.44.124:80 US:205.128.79.124:80 |
135 | pcap | raw alerts ruleset |
irc http 135 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 32 of 33 8 of 36 17 of 35 |
0c1c51204b [Firefox: 4 hits: 06-18 to 08-02] 3d293743d8 [Firefox: 4 hits: 06-18 to 08-02] 4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] |
0c1c51204b [1] none [4] none [none] none [none] |
ASM:Graph none:none none:none none:none |
Armadillo| PolyEnE| none|none none|none |
lines=82 none none none |
trace trace none none |
| 21:35:00 | WinXP | 172.170.13.224 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:13 hits: 07-03 to 08-04] c73f738c30 [Firefox:13 hits: 07-03 to 08-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:47:00 | Win2K-f | 118.220.60.128 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com US:wr.mcboo.com |
135 | pcap | raw alerts ruleset |
irc http 119 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 8 of 36 17 of 35 31 of 33 |
168aab35a3 [Firefox:82 hits: 06-17 to 08-05] 4dd0e73906 NEW 5ab0a45f63 [Firefox:43 hits: 07-24 to 08-04] 667f0c59f3 [Firefox:11 hits: 07-04 to 08-05] |
none[4] none [none] none [none] none [none] |
none:none none:none none:none none:none |
tElock| none|none none|none none|none |
none none none none |
trace none none none |
| T:21:55:00 | WinXP | 74.215.19.36 (FUSE.NET): FUSE INTERNET ACCESS, CINCINNATI, OHIO, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:916 hits: 12-31 to 08-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:59:00 | WinXP | 190.137.85.212 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:397 hits: 12-31 to 08-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:20:00 | WinXP | 124.195.153.165 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:46:00 | WinXP | 72.191.153.20 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
88d3615831 NEW a12cab51ef [Firefox:429 hits: 01-01 to 08-05] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:22:50:00 | Win2K-f | 98.141.161.175 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:12:00 | WinXP | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:22:00 | Win2K-f | 122.52.75.200 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:26 hits: 06-18 to 08-04] 76ee340669 [Firefox:26 hits: 06-18 to 08-04] b5919931fe [Firefox:240 hits: 06-20 to 08-05] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| T:23:51:00 | Win2K-f | 70.241.137.137 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1155 hits: 06-17 to 08-05] a08f3b74a4 [Firefox:386 hits: 06-18 to 08-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:54:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 NEW 76f2c59ef8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |