|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:09:00 | WinXP | 195.174.17.22 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 883ebad119 [Firefox: 4 hits: 03-26 to 07-29] |
11cb10abde [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:21:00 | WinXP | 76.171.226.161 (RR.COM): ROAD RUNNER HOLDCO LLC, HERMOSA BEACH, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:49:00 | WinXP | 24.78.238.49 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SQUAMISH, BRITISH COLUMBIA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 33 of 36 0 of 33 |
45900d6d85 NEW c68521cfa6 NEW e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 00:59:00 | WinXP | 62.11.117.196 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:199 hits: 01-01 to 08-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 01:09:00 | Win2K-f | 216.198.162.113 (MCLOUDTELECO.COM): INTELLEQ COMMUNICATIONS CORPORATION, NEWALLA, OKLAHOMA, US. (DSL) |
72.10.172.218:2938 | HK:proxima.ircgalaxy.pl CA:japan.youngpeyatech.info HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc 646 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 7a1bcbbe62 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:10:00 | WinXP | 114.120.30.229 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 6 hits: 07-28 to 08-07] |
none[none] | none:none |
none|none | none | none |
| 01:42:00 | WinXP | 24.83.122.161 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 502 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | c78281a815 [Firefox: 4 hits: 06-20 to 07-16] |
none[4] | none:none |
PolyEnE| | none | trace | |
| T:01:48:00 | WinXP | 62.11.30.113 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, NAPOLI, CAMPANIA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com EU:ebookfinaltrash.ru US:spi.domainsponsor.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 36 | 1501ca09e5 NEW |
none[none] | none:none |
none|none | none | none |
| 02:15:00 | Win2K-f | 72.186.191.45 (RR.COM): ROAD RUNNER HOLDCO LLC, HOMOSASSA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a08f3b74a4 [Firefox:407 hits: 06-18 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:02:21:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a08f3b74a4 [Firefox:407 hits: 06-18 to 08-07] e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:02:28:00 | WinXP | 62.11.117.196 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:199 hits: 01-01 to 08-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 02:50:00 | WinXP | 78.84.187.190 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 69c9084fdb NEW |
none[none] | none:none |
none|none | none | none |
| T:02:50:00 | WinXP | 78.84.187.190 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 69c9084fdb NEW |
none[none] | none:none |
none|none | none | none |
| 02:53:00 | Win2K-f | 219.71.114.187 (NVWTV.COM.TW): HOSHIN GIGAMEDIA CENTER INC, TW. (DSL) |
n/a | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 64 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b4b2ce01ca NEW |
none[none] | none:none |
none|none | none | none |
| 03:16:00 | Win2K-f | 61.215.231.64 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOYAMA, TOYAMA, JP. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 24 of 33 |
01ef605039 NEW ab3b3379d1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:16:00 | Win2K-f | 170.51.147.252 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 04:22:00 | WinXP | 86.129.237.161 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:299 hits: 12-31 to 08-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:34:00 | Win2K-f | 220.57.120.4 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:41:00 | WinXP | 114.120.1.138 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 6 hits: 07-28 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:04:59:00 | WinXP | 117.99.62.60 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9dab636a01 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:08:00 | WinXP | 130.13.42.17 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info | 135 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:09:00 | Win2K-f | 200.97.241.184 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:05:14:00 | WinXP | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
72.10.172.218:2938 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef NEW dc92683d9a [Firefox: 7 hits: 06-19 to 08-01] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:05:22:00 | WinXP | 66.72.68.114 (AMERITECH.NET): AT&T INTERNET SERVICES, BLOOMINGTON, INDIANA, US. (DIAL) |
n/a | RU:moscow-advokat.ru US:lia.zanet.net SE:ced.dal.net SE:qis.md.us.dal.net NL:diemen.nl.eu.undernet.org SE:viking.dal.net :los-angeles.ca.us.undernet.org :brussels.be.eu.undernet.org SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:413 hits: 12-31 to 08-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:38:00 | WinXP | 211.215.75.108 (HANANET.NET): HANARO TELECOM INC, PUSAN, PUSAN-GWANGYOKSI, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 0 of 33 |
8a75955033 [Firefox:17 hits: 06-20 to 08-05] 9276c8b36b [Firefox:17 hits: 06-20 to 08-05] e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[4] 9276c8b36b[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:06:12:00 | Win2K-f | 24.68.242.36 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 1 of 33 0 of 32 |
48f8b1a711 [Firefox:10 hits: 06-19 to 08-07] aecf2a5fc9 [Firefox: 8 hits: 06-19 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[4] aecf2a5fc9[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
PolyEnE| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:17:00 | WinXP | 210.199.100.172 (ENJOY.NE.JP): DEODEO INTERNET SERVICE(DEODEO CORPORATION), HIROSHIMA, HIROSHIMA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:247 hits: 01-05 to 08-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:31:00 | WinXP | 190.176.160.65 (-): . |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 06:34:00 | WinXP | 210.196.11.48 (DION.NE.JP): DION (KDDI CORPORATION), TOKYO, TOKYO, JP. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 2f8bd7bad0 NEW |
none[none] | none:none |
none|none | none | none |
| 06:46:00 | WinXP | 86.97.42.85 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 9e9916a2b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:59:00 | WinXP | 210.192.215.190 (TTN.NET): TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 001b6f7107 [Firefox: 3 hits: 07-29 to 08-02] |
none[none] | none:none |
none|none | none | none |
| 07:13:00 | WinXP | 218.168.64.134 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox:14 hits: 07-13 to 08-07] |
none[none] | none:none |
none|none | none | none | |
| 07:27:00 | WinXP | 172.130.27.236 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a08f3b74a4 [Firefox:407 hits: 06-18 to 08-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:44:00 | WinXP | 221.240.88.165 (UCOM.NE.JP): UCOM CORP, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 55d0af189c [Firefox: 2 hits: 07-11 to 07-29] |
none[none] | none:none |
none|none | none | none |
| T:07:56:00 | WinXP | 4.152.195.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND, VIRGINIA, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:120 hits: 01-01 to 08-06] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:08:01:00 | Win2K-f | 209.124.53.244 (INTOUCHMI.COM): INTOUCH INTERNET INC, DETROIT, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 209 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 35 of 36 |
2e235a1c0e NEW 8ff288ba5a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:02:00 | Win2K-f | 222.233.182.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.220.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:16 hits: 06-17 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] f23b040440 [Firefox: 7 hits: 06-22 to 08-07] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| 08:13:00 | WinXP | 24.87.46.107 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:9928 | CA:dong.nagitiriheiwu.net CA:done.blacktiehsbdcs.com CA:teek.ihshsd8.com CA:72.10.169.26:2293 CA:72.10.169.26:3938 |
135 | pcap | raw alerts ruleset |
irc 624 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | e3d90a3753 [Firefox: 3 hits: 07-20 to 08-05] |
none[none] | none:none |
none|none | none | none |
| 08:24:00 | WinXP | 219.97.168.30 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:247 hits: 01-05 to 08-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:25:00 | Win2K-f | 74.75.3.142 (RR.COM): ROAD RUNNER HOLDCO LLC, PITTSFIELD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:131 hits: 06-17 to 08-07] 53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:08:25:00 | Win2K-f | 74.75.3.142 (RR.COM): ROAD RUNNER HOLDCO LLC, PITTSFIELD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 32 |
4c3df24b32 [Firefox:131 hits: 06-17 to 08-07] 53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 08:26:00 | Win2K-f | 92.96.69.139 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com IL:ksn.a1001186.wrs.mcboo.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
irc http 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 |
37f41fd8ab [Firefox:41 hits: 07-24 to 08-07] 5ab0a45f63 [Firefox:52 hits: 07-24 to 08-07] 8d7113c2ce [Firefox:31 hits: 08-01 to 08-07] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:08:32:00 | Win2K-f | 66.61.16.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ALEXANDRIA, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:34:00 | Win2K-f | 208.105.172.35 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:34:00 | Win2K-f | 170.51.173.40 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:59:00 | WinXP | 200.125.35.58 (ANTELDATA.NET.UY): ADMINISTRACION NACIONAL DE TELECOMUNICACIONES, MONTEVIDEO, MONTEVIDEO, UY. (DIAL) |
213.239.192.125:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:09:08:00 | Win2K-f | 118.218.131.167 (-): . |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com IL:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com IL:wr.mcboo.com IL:dl.mcboo.com US:b148.mcboo.com :berlinads3.com US:192.221.110.126:80 US:204.160.126.124:80 US:207.123.37.125:80 76.9.9.190:80 |
135 | pcap | raw alerts ruleset |
irc http 586 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 35 17 of 35 30 of 33 29 of 33 20 of 36 |
37f41fd8ab [Firefox:41 hits: 07-24 to 08-07] 5ab0a45f63 [Firefox:52 hits: 07-24 to 08-07] 6ec2a8994b [Firefox:10 hits: 06-18 to 08-07] 857b781ca9 [Firefox: 7 hits: 06-18 to 07-29] 8d7113c2ce [Firefox:31 hits: 08-01 to 08-07] |
none[none] none [none] none [4] 857b781ca9[1] none [none] |
none:none none:none none:none ASM:Graph none:none |
none|none none|none tElock| Armadillo| none|none |
none none none lines=82 none |
none none trace trace none |
| T:09:20:00 | WinXP | 118.174.210.167 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:120 hits: 01-01 to 08-06] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:09:22:00 | Win2K-f | 67.52.99.198 (RR.COM): ROAD RUNNER HOLDCO LLC, ENCINO, CALIFORNIA, US. |
n/a | :zredirector.com :berlinads3.com IL:dl.mcboo.com US:dl.targetsaver.com US:a.targetsaver.com US:csx.adservs.com US:b103.mcboo.com US:216.133.246.157:80 |
135 | pcap | raw alerts ruleset |
irc http http http http http http 36 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 25 of 33 17 of 33 |
19459b6d9a NEW 215317b391 [Firefox: 2 hits: 06-28 to 07-19] c4cbb2e5e5 [Firefox: 2 hits: 06-28 to 07-19] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:09:37:00 | Win2K-f | 218.167.97.133 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:ksn.a1001186.wrs.mcboo.com :zredirector.com |
445 | pcap | raw alerts ruleset |
http irc 193 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 35 17 of 35 20 of 36 |
37f41fd8ab [Firefox:41 hits: 07-24 to 08-07] 5ab0a45f63 [Firefox:52 hits: 07-24 to 08-07] 8d7113c2ce [Firefox:31 hits: 08-01 to 08-07] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:09:42:00 | WinXP | 170.51.175.185 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:51:00 | WinXP | 218.162.127.33 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox: 6 hits: 07-28 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:09:52:00 | WinXP | 208.105.186.90 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.201.126:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:57:00 | WinXP | 61.94.125.166 (TELKOM.NET.ID): PT TELKOM INDONESIA, SURABAYA, JAWA TIMUR (DJAWA TIMUR), ID. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:923 hits: 12-31 to 08-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:57:00 | WinXP | 200.100.90.87 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 93afd0b12c NEW |
none[none] | none:none |
none|none | none | none |
| 09:58:00 | Win2K-f | 4.228.186.141 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DURANGO, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:4.23.60.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:28:00 | WinXP | 62.180.144.123 (IGNITE.NET): BT-IGNITE-FREESURF-DIALPORTS, DE. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 35 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:199 hits: 01-01 to 08-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:10:48:00 | Win2K-f | 12.198.30.48 (-): JOYCE MEDIA INC, ACTON, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:50:00 | WinXP | 130.13.242.180 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | 2098aa9ef9 NEW |
none[none] | none:none |
none|none | none | none |
| 10:50:00 | WinXP | 130.13.242.180 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | 2098aa9ef9 NEW |
none[none] | none:none |
none|none | none | none |
| 11:02:00 | Win2K-f | 217.37.43.137 (BTOPENWORLD.COM): JANE-CANNON, BICESTER, ENGLAND, UK. (100Mbps) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.126:80 US:205.128.66.124:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 36 |
7452c8448d [Firefox: 9 hits: 06-17 to 08-04] b08a2fea36 NEW |
none[4] none [none] |
none:none none:none |
PolyEnE| none|none |
none none |
trace none |
| 11:10:00 | WinXP | 66.65.188.140 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:14:00 | WinXP | 99.163.50.87 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:76 hits: 01-08 to 08-07] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:11:17:00 | Win2K-f | 189.51.226.235 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 11:26:00 | Win2K-f | 71.14.32.228 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 317 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 29 of 33 |
378a4bac36 [Firefox: 4 hits: 07-01 to 07-26] b5919931fe [Firefox:255 hits: 06-20 to 08-07] d11b4c2e19 [Firefox: 4 hits: 07-01 to 07-26] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:11:54:00 | WinXP | 70.250.185.227 (SWBELL.NET): PPPOX POOL - BRAS17.RCSNTX.052105-1419, FT. WORTH, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:299 hits: 12-31 to 08-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:56:00 | Win2K-f | 24.87.204.19 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 892 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 35 | f18b228c5d NEW |
none[none] | none:none |
none|none | none | none | |
| 12:06:00 | Win2K-f | 24.66.226.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | c91ee8dcc5 NEW |
none[none] | none:none |
none|none | none | none | |
| 12:08:00 | WinXP | 66.19.116.95 (USLEC.NET): USLEC CORP, SUMNER, WASHINGTON, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:413 hits: 12-31 to 08-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:08:00 | WinXP | 66.61.144.220 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:192.221.110.125:80 US:204.160.126.124:80 US:207.123.46.126:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a86bdb31d3 [Firefox: 3 hits: 07-03 to 08-06] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:12:21:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:34:00 | Win2K-f | 209.29.91.197 (TELUS.COM): TELUS COMMUNICATIONS INC, NEPEAN, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:50:00 | WinXP | 201.255.110.45 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 062635b70e NEW |
none[none] | none:none |
none|none | none | none |
| 12:58:00 | WinXP | 200.164.25.243 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:12:00 | Win2K-f | 61.32.176.103 (BORA.NET): DACOM CORP, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.220.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:23:00 | WinXP | 76.10.28.74 (PAVLOVMEDIA.COM): VILLAGE AT CHANDLER CROSSING, EAST LANSING, MICHIGAN, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:923 hits: 12-31 to 08-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:24:00 | WinXP | 76.182.2.6 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 34 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:441 hits: 01-01 to 08-07] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:28:00 | Win2K-f | 96.10.114.12 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.126:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
http 450 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 0 of 32 |
644b2a1105 [Firefox: 2 hits: 08-01 to 08-02] 9c9ab20965 [Firefox: 2 hits: 08-01 to 08-02] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 15:17:00 | WinXP | 77.20.213.36 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b [Firefox: 2 hits: 08-06 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:15:18:00 | WinXP | 77.20.213.36 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b [Firefox: 2 hits: 08-06 to 08-07] |
none[none] | none:none |
none|none | none | none |
| 15:18:00 | WinXP | 4.254.227.50 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CALDWELL, IDAHO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:18:00 | Win2K-f | 218.15.222.251 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a08f3b74a4 [Firefox:407 hits: 06-18 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:20:00 | Win2K-f | 216.199.165.252 (FDN.COM): FDN.COM, JACKSONVILLE, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:30:00 | Win2K-f | 71.136.17.68 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox: 4 hits: 06-18 to 07-03] 79c01ec060 [Firefox:13 hits: 06-18 to 08-05] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 15:31:00 | WinXP | 24.226.202.15 (CGOCABLE.NET): COGECO CABLE CANADA INC, MONTREAL, QUEBEC, CA. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:48 hits: 01-14 to 08-07] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:15:31:00 | WinXP | 24.166.155.151 (RR.COM): ROAD RUNNER HOLDCO LLC, APPLETON, WISCONSIN, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:40:00 | Win2K-f | 61.32.176.103 (BORA.NET): DACOM CORP, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:07:00 | Win2K-f | 71.115.51.117 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALPARAISO, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
04d3700af1 NEW 6b338df2df NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:16:09:00 | Win2K-f | 70.168.6.124 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:10:00 | WinXP | 66.53.220.186 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 92c8e458d8 [Firefox: 2 hits: 02-24 to 06-16] |
4ba645ac3a [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:36:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:09:00 | WinXP | 92.41.90.16 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9a3fb3ba8c NEW |
none[none] | none:none |
none|none | none | none |
| 17:29:00 | Win2K-f | 203.70.174.147 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox: 5 hits: 07-22 to 08-07] 8dfb3b619f [Firefox: 6 hits: 07-22 to 08-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:53:00 | WinXP | 114.120.96.104 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:923 hits: 12-31 to 08-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:56:00 | WinXP | 130.13.190.252 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| T:17:59:00 | WinXP | 130.13.190.252 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| 18:13:00 | Win2K-f | 170.51.209.41 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:18:00 | Win2K-f | 4.183.254.143 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NORTH PORT, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:57:00 | WinXP | 66.68.181.122 (RR.COM): ROAD RUNNER HOLDCO LLC, AUSTIN, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.79.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] b7082104e4 [Firefox:73 hits: 06-18 to 08-07] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 18:58:00 | WinXP | 41.214.190.187 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 25d78144c5 [Firefox: 4 hits: 08-01 to 08-06] |
none[none] | none:none |
none|none | none | none |
| 18:59:00 | WinXP | 70.250.227.161 (SWBELL.NET): PPPOX POOL - RBACK24.HSTNTX 062705 1909, HOUSTON, TEXAS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad GB:new.egg.com |
445 | pcap | raw alerts ruleset |
http http http http http 54 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 35 0 of 36 29 of 29 0 of 36 |
1460b28ea0 NEW 398f61300b NEW a12cab51ef [Firefox:441 hits: 01-01 to 08-07] e251e1eb70 NEW |
none[none] none [none] 40f7f463c4[0] none [none] |
none:none none:none ASM:Graph none:none |
none|none none|none ASPack| none|none |
none none lines=281 embedded dns none |
none none trace none |
| T:19:09:00 | WinXP | 87.57.182.14 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox: 5 hits: 08-02 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:19:17:00 | Win2K-f | 218.210.225.206 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:40:00 | Win2K-f | 130.13.190.111 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
16 of 36 | c1c39e83e2 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:51:00 | Win2K-f | 130.13.190.104 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:51:00 | WinXP | 130.13.190.104 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| 19:52:00 | Win2K-f | 116.127.144.73 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.66.124:80 US:205.128.66.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox:10 hits: 06-18 to 08-07] bcf66a38c8 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 19:54:00 | WinXP | 130.13.222.161 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 35 | 658eedd3de NEW |
none[none] | none:none |
none|none | none | none |
| 19:55:00 | WinXP | 70.45.77.148 (ONELINKPR.NET): SAN JUAN CABLE LLC, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:923 hits: 12-31 to 08-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:59:00 | WinXP | 4.230.27.200 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 36 | 865455fb95 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:00:00 | Win2K-f | 130.13.222.161 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 35 | 658eedd3de NEW |
none[none] | none:none |
none|none | none | none | |
| 20:13:00 | WinXP | 66.68.207.124 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:441 hits: 01-01 to 08-07] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:16:00 | WinXP | 130.13.242.0 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:17:00 | WinXP | 130.13.242.0 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
18 of 36 | 72545efc4f NEW |
none[none] | none:none |
none|none | none | none | |
| 20:30:00 | WinXP | 130.13.42.224 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
64.32.14.92:6915 | HK:proxim.ircgalaxy.pl :ircn3t.cjb.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | c0c2087cb7 NEW |
none[none] | none:none |
none|none | none | none |
| 20:33:00 | Win2K-f | 222.238.201.71 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:207.123.46.125:80 US:207.123.46.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b [Firefox:10 hits: 06-18 to 08-07] 857b781ca9 [Firefox: 7 hits: 06-18 to 07-29] |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:20:37:00 | WinXP | 76.182.2.6 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad GB:new.egg.com RU:www.vtb.ru |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 0 of 36 29 of 29 0 of 34 |
31526418ab NEW 63892cce35 NEW a12cab51ef [Firefox:441 hits: 01-01 to 08-07] bdb0c548c9 NEW |
none[none] none [none] 40f7f463c4[0] none [none] |
none:none none:none ASM:Graph none:none |
none|none none|none ASPack| none|none |
none none lines=281 embedded dns none |
none none trace none |
| T:20:38:00 | Win2K-f | 130.13.42.224 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c0c2087cb7 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:40:00 | WinXP | 70.69.85.16 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:42:00 | WinXP | 114.120.10.40 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | a3f358bd55 [Firefox: 7 hits: 06-10 to 08-07] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:20:43:00 | Win2K-f | 64.183.180.38 (RR.COM): ROAD RUNNER HOLDCO LLC, GARLAND, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:50:00 | WinXP | 61.200.132.52 (DION.NE.JP): KDDI CORPORATION, TOKYO, TOKYO, JP. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
804659ed67 NEW a12cab51ef [Firefox:441 hits: 01-01 to 08-07] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:21:02:00 | WinXP | 118.231.22.213 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru FI:london.uk.eu.undernet.org SE:qis.md.us.dal.net US:lia.zanet.net NL:diemen.nl.eu.undernet.org SE:coins.dal.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 NEW |
none[none] | none:none |
none|none | none | none |
| 21:04:00 | Win2K-f | 70.60.8.179 (RR.COM): ROAD RUNNER HOLDCO LLC, EDISON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.66.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 73f1082158 [Firefox:613 hits: 06-18 to 08-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:14:00 | Win2K-f | 76.215.111.164 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:39:00 | WinXP | 144.139.189.189 (TMNS.NET.AU): TELSTRAINTERNET32, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.53.126:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] b7082104e4 [Firefox:73 hits: 06-18 to 08-07] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:21:59:00 | WinXP | 190.136.132.55 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox: 5 hits: 08-02 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:22:07:00 | Win2K-f | 190.176.138.64 (-): . |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:22:12:00 | WinXP | 12.73.153.176 (ATT.NET): AT&T WORLDNET SERVICES, MILWAUKEE, WISCONSIN, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:923 hits: 12-31 to 08-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:15:00 | WinXP | 218.101.96.252 (CLEAR.NET.NZ): TELSTRACLEAR LTD, CHRISTCHURCH, CANTERBURY, NZ. (DIAL) |
n/a | RU:moscow-advokat.ru :flanders.be.eu.undernet.org SE:ced.dal.net :caen.fr.eu.undernet.org SE:viking.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:413 hits: 12-31 to 08-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:26:00 | WinXP | 71.165.158.101 (VERIZON.NET): VERIZON INTERNET SERVICES INC, NORTH HILLS, CALIFORNIA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 33 |
0dbe638eb4 NEW 2765878b0a NEW e07c29c4ae [Firefox:186 hits: 06-19 to 08-07] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 22:29:00 | Win2K-f | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] 57ce4acac2 [Firefox:100 hits: 06-17 to 08-07] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:57:00 | Win2K-f | 190.176.138.64 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:99 hits: 05-22 to 08-07] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 23:02:00 | Win2K-f | 210.68.130.216 (MYSON.COM.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:204.160.126.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
177159de26 NEW 9c50aa3c45 NEW b5919931fe [Firefox:255 hits: 06-20 to 08-07] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:23:12:00 | WinXP | 218.168.69.130 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | 7f6ea12654 [Firefox:14 hits: 07-13 to 08-07] |
none[none] | none:none |
none|none | none | none |
| T:23:37:00 | Win2K-f | 68.183.233.158 (DSLEXTREME.COM): DSL EXTREME, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.66.124:80 US:206.33.43.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1217 hits: 06-17 to 08-07] a08f3b74a4 [Firefox:407 hits: 06-18 to 08-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:40:00 | WinXP | 70.168.9.104 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.66.124:80 US:206.33.43.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox: 2 hits: 08-05 to 08-05] f685f8e027 [Firefox: 6 hits: 06-18 to 08-05] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:23:52:00 | WinXP | 87.60.4.42 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad US:sptc01.information.com US:208.73.210.71:80 |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:199 hits: 01-01 to 08-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |