|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:10:00 | WinXP | 68.205.126.99 (RR.COM): ROAD RUNNER HOLDCO LLC, ORMOND BEACH, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:15:00 | WinXP | 122.146.225.231 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 36 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] e409a8207b NEW |
none[4] 73f1082158[1] none [none] |
none:none ASM:Graph none:none |
tElock| Armadillo| none|none |
none lines=81 none |
trace trace none |
| 00:20:00 | WinXP | 203.97.123.139 (TELSTRACLEAR.NET): TELSTRACLEAR CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:00:36:00 | WinXP | 98.135.155.215 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:995 hits: 12-31 to 08-19] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 00:51:00 | Win2K-f | 218.36.66.120 (KRLINE.NET): KRLINE INTERNET SERVICE INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 132 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 34 of 36 31 of 33 |
b5919931fe [Firefox:412 hits: 06-20 to 08-19] b6dd987421 NEW d789c8d157 [Firefox: 2 hits: 07-05 to 07-19] |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| T:01:02:00 | WinXP | 86.96.64.40 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | e83e9371b0 NEW |
none[none] | none:none |
none|none | none | none |
| 01:11:00 | Win2K-f | 79.148.217.212 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.54:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:48:00 | WinXP | 89.165.25.110 (-): NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK, IR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 32 | f190da6fbe [Firefox:24 hits: 01-02 to 06-30] |
d8dc6af14c [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:33:00 | WinXP | 219.107.244.155 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:305 hits: 01-05 to 08-19] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:36:00 | WinXP | 41.214.182.13 (-): . |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:18 hits: 07-28 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:02:36:00 | WinXP | 41.214.182.13 (-): . |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:18 hits: 07-28 to 08-18] |
none[none] | none:none |
none|none | none | none |
| 02:36:00 | Win2K-f | 66.16.121.130 (CAVTEL.NET): CAVALIER TELEPHONE, BALTIMORE, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:43:00 | WinXP | 61.35.90.131 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] 83f26f5044 [Firefox:19 hits: 06-20 to 08-17] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 02:44:00 | WinXP | 116.45.118.51 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn US:ksn.a1001186.wrs.mcboo.com :lolika.cn :www.upononjob.cn :mulfika.cn US:windowsupdate.microsoft.com EU:antivirus-xp-08.net EU:stat.antivirus-xp-08.net US:208.111.148.152:80 HK:210.245.211.11:65520 EU:77.244.220.134:80 |
135 | pcap | raw alerts ruleset |
irc http 1559 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 35 34 of 36 27 of 36 1 of 36 14 of 36 0 of 33 35 of 36 |
5ab0a45f63 [Firefox:139 hits: 07-24 to 08-19] 5c5ed7bbfb NEW 664857e986 [Firefox:22 hits: 08-17 to 08-19] 7f039bf4de NEW d9224e665e NEW e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] f5d5655586 NEW |
none[none] none [none] none [none] none [none] none [none] e07c29c4ae[1] none [none] |
none:none none:none none:none none:none none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none FSG| none|none |
none none none none none lines=92 none |
none none none none none trace none |
| T:02:53:00 | Win2K-f | 118.218.115.190 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:106 hits: 06-17 to 08-19] 667f0c59f3 [Firefox:17 hits: 07-04 to 08-19] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 02:58:00 | Win2K-f | 218.210.80.111 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:05:00 | WinXP | 195.174.17.22 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 883ebad119 [Firefox: 5 hits: 03-26 to 08-08] |
11cb10abde [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:18:00 | WinXP | 211.52.164.88 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 149 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:106 hits: 06-17 to 08-19] 4c3df24b32 [Firefox:160 hits: 06-17 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:28:00 | Win2K-f | 89.207.69.38 (-): JOINT STOCK COMPANY SVYAZIST, RU. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:35:00 | Win2K-f | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:37:00 | WinXP | 122.25.122.79 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:495 hits: 01-01 to 08-19] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 03:38:00 | Win2K-f | 66.63.81.104 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:26:00 | Win2K-f | 122.53.98.113 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:50:00 | WinXP | 216.10.170.150 (WISPNET.NET): WISPNET LLC, WILSON, NORTH CAROLINA, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:219 hits: 01-01 to 08-19] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 04:59:00 | Win2K-f | 75.179.35.8 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 05:03:00 | WinXP | 203.91.165.254 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 05:06:00 | WinXP | 70.182.79.231 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] bea8cb1865 [Firefox: 4 hits: 08-11 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 05:16:00 | WinXP | 80.164.102.177 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, GLOSTRUP, COPENHAGEN, DK. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru :brussels.be.eu.undernet.org :caen.fr.eu.undernet.org :los-angeles.ca.us.undernet.org RU:irc.tsk.ru NL:london.uk.eu.undernet.org :flanders.be.eu.undernet.org US:lia.zanet.net :gaspode.zanet.org.za HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8e4e1ec135 NEW |
none[none] | none:none |
none|none | none | none |
| 05:34:00 | WinXP | 216.139.96.35 (GRM.NET): GRAND RIVER MUTUAL TELEPHONE CORPORATION, PRINCETON, MISSOURI, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox: 7 hits: 08-08 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:05:43:00 | WinXP | 218.210.80.111 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 05:48:00 | WinXP | 87.61.170.110 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:29 hits: 01-07 to 08-06] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:05:55:00 | Win2K-f | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:56:00 | WinXP | 71.111.12.71 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GRESHAM, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:10:00 | Win2K-f | 24.80.235.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 377 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | cfe42c471f NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:29:00 | Win2K-f | 70.119.123.253 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:06:31:00 | WinXP | 43.244.9.151 (AP.LIVEDOOR.JP): JAPAN INET, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:305 hits: 01-05 to 08-19] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:50:00 | WinXP | 124.85.13.226 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 996e09cd66 [Firefox: 4 hits: 08-01 to 08-17] |
none[none] | none:none |
none|none | none | none |
| T:06:53:00 | Win2K-f | 121.73.85.95 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
7f89b38665 [Firefox: 7 hits: 08-02 to 08-19] a51a50404e [Firefox: 7 hits: 08-02 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 06:56:00 | Win2K-f | 118.217.125.194 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:106 hits: 06-17 to 08-19] 61426996c3 [Firefox: 9 hits: 06-20 to 08-19] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:06:59:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 07:02:00 | Win2K-f | 192.203.2.145 (AF.MIL): ENGINEERING ANALYSIS AF, SAN ANTONIO, TEXAS, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 32 of 35 |
2d76ff4e53 [Firefox: 4 hits: 07-23 to 08-02] 7df1377ee3 [Firefox: 4 hits: 07-23 to 08-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:05:00 | WinXP | 4.233.194.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 36 | 2142bffaa1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:11:00 | Win2K-f | 4.171.135.124 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, JACKSONVILLE, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 07:12:00 | Win2K-f | 93.81.85.202 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:28:00 | Win2K-f | 219.255.6.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:31:00 | WinXP | 172.163.30.252 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:18 hits: 07-03 to 08-17] c73f738c30 [Firefox:18 hits: 07-03 to 08-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:42:00 | WinXP | 67.0.10.186 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org :daymohk.info :chripress.org :marsho.dk FI:imgs2.kavkazcenter.com GB:www.chechenpress.co.uk :www.google.com FI:static.kavkazchat.com :www.islamicfinder.org US:216.52.184.243:80 67.210.105.112:80 |
445 | pcap | raw alerts ruleset |
http http 123 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
1dd03e2f5b NEW ab5e47bf8d [Firefox:37 hits: 01-02 to 08-15] |
none[none] none [3] |
none:none none:none |
none|none ASPack| |
none none |
none trace |
| T:07:48:00 | WinXP | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:48:00 | Win2K-f | 87.19.108.169 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:59:00 | WinXP | 12.219.244.12 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| 08:09:00 | Win2K-f | 71.113.157.136 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BLOOMINGTON, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:17:00 | WinXP | 86.96.54.180 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 | 3f5ec58a6b [Firefox:34 hits: 04-24 to 07-20] |
4a77430a59 [0] | ASM:Graph |
PolyEnE| | lines=70 | trace |
| 08:20:00 | WinXP | 116.123.138.196 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 32 of 33 0 of 33 |
0a2b1894da [Firefox: 3 hits: 06-26 to 08-17] 414b95a784 [Firefox: 3 hits: 06-26 to 08-17] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 08:25:00 | Win2K-f | 116.127.237.60 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:206.33.45.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0c3d1ec2df NEW 8de905030e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:41:00 | WinXP | 24.195.233.174 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:08:49:00 | Win2K-f | 98.140.229.237 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:54:00 | WinXP | 12.64.18.80 (PRSERV.NET): AT&T GLOBAL SERVICES, CHICAGO, ILLINOIS, US. |
n/a | US:www.yahoo.com US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:22 hits: 04-18 to 08-19] |
none[3] | none:none |
tElock| | none | trace |
| T:09:00:00 | WinXP | 98.140.228.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:32:00 | WinXP | 208.81.160.189 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 37 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | af1ff397ee NEW |
none[none] | none:none |
none|none | none | none | |
| 10:05:00 | Win2K-f | 63.17.131.158 (UU.NET): UUNET TECHNOLOGIES INC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:08:00 | WinXP | 84.73.169.210 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | da49bd31a9 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:09:00 | WinXP | 69.110.85.225 (-): JAY KWON, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.220.124:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 118 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox: 4 hits: 08-01 to 08-18] dc92683d9a [Firefox:11 hits: 06-19 to 08-18] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:10:10:00 | WinXP | 116.127.229.51 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 153 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 30 of 33 0 of 33 |
69be040d0b [Firefox: 4 hits: 06-21 to 07-13] 81bbbeac34 [Firefox: 4 hits: 06-21 to 07-13] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 81bbbeac34[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 10:18:00 | WinXP | 65.68.19.187 (-): POPLAR PCS, JONESBORO, ARKANSAS, US. (100Mbps) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox:12 hits: 06-18 to 08-13] c6bfb5f0f2 [Firefox:12 hits: 06-18 to 08-13] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 10:27:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:39:00 | WinXP | 4.233.194.131 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:342 hits: 12-31 to 08-19] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:40:00 | WinXP | 130.13.34.67 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:342 hits: 12-31 to 08-19] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:41:00 | WinXP | 77.20.9.9 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 1293ea9db8 NEW |
none[none] | none:none |
none|none | none | none |
| 10:55:00 | Win2K-f | 219.44.12.6 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:00:00 | Win2K-f | 68.148.142.204 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:26:00 | WinXP | 71.101.195.87 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PALMETTO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:27:00 | WinXP | 86.99.211.207 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:18 hits: 07-28 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:11:35:00 | WinXP | 93.163.56.189 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 0 of 36 |
df17a625ee [Firefox:219 hits: 01-01 to 08-19] eac856a18e NEW |
9bbdd086c5 [0] none [none] |
ASM:Graph none:none |
ASPack| none|none |
lines=186 embedded dns none |
trace none |
| 11:39:00 | WinXP | 208.82.41.70 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 215 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox: 9 hits: 07-15 to 08-19] |
none[none] | none:none |
none|none | none | none | |
| T:11:41:00 | WinXP | 12.64.90.19 (PRSERV.NET): AT&T GLOBAL SERVICES, CHICAGO, ILLINOIS, US. |
n/a | US:www.altavista.com :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:22 hits: 04-18 to 08-19] |
none[3] | none:none |
tElock| | none | trace |
| 11:41:00 | WinXP | 12.64.90.19 (PRSERV.NET): AT&T GLOBAL SERVICES, CHICAGO, ILLINOIS, US. |
n/a | US:www.yahoo.com US:www.altavista.com :jbeegvia.ru US:prodexteam.net US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru SE:www.kavkazcenter.com :pnlkria.ru :kargai.ru RU:alfabank.ru :kfwfceki.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:22 hits: 04-18 to 08-19] |
none[3] | none:none |
tElock| | none | trace |
| T:11:41:00 | Win2K-f | 98.141.161.7 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:50:00 | WinXP | 117.99.6.140 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | 1bfe8d6e3f NEW |
none[none] | none:none |
none|none | none | none |
| 12:09:00 | Win2K-f | 207.235.20.6 (ZEECON.COM): ZEECON WIRELESS INTERNET L.L.C, AUSTIN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:13:00 | WinXP | 4.129.71.75 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RESACA, GEORGIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:206.33.43.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:14:00 | WinXP | 78.34.20.159 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:995 hits: 12-31 to 08-19] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:28:00 | WinXP | 76.215.109.182 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:30:00 | Win2K-f | 70.183.165.30 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:45:00 | Win2K-f | 67.1.49.81 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, MEDFORD, OREGON, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 77a7510f93 NEW |
none[none] | none:none |
none|none | none | none | |
| T:13:14:00 | WinXP | 92.40.114.173 (IKBCC.COM): EU-ZZ, UK. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:20:00 | Win2K-f | 121.254.74.113 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:21:00 | Win2K-f | 70.126.0.152 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:31:00 | Win2K-f | 66.61.157.40 (RR.COM): ROAD RUNNER HOLDCO LLC, MELBOURNE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:208.111.148.226:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 770 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 29 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a86bdb31d3 [Firefox: 5 hits: 07-03 to 08-18] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| none|none ASProtect| |
none none lines=90 |
trace none trace |
| T:13:39:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:209.84.20.126:80 US:8.12.202.125:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 138 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 0 of 32 29 of 33 |
1f59c01aef [Firefox: 4 hits: 08-01 to 08-18] b5919931fe [Firefox:412 hits: 06-20 to 08-19] dc92683d9a [Firefox:11 hits: 06-19 to 08-18] |
none[none] b5919931fe[1] dc92683d9a[1] |
none:none ASM:Graph ASM:Graph |
none|none ASProtect| Armadillo| |
none lines=90 lines=82 |
none trace trace |
| 13:44:00 | WinXP | 130.13.190.71 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a7109d9d87 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:52:00 | WinXP | 190.138.162.79 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:65 hits: 01-14 to 08-18] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:13:59:00 | WinXP | 80.63.230.66 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | bce12aa21f [Firefox:28 hits: 05-12 to 08-04] |
none[4] | none:none |
PolyEnE| | none | trace |
| 14:01:00 | Win2K-f | 202.150.118.51 (-): KOL-DIAL, AUCKLAND, AUCKLAND, NZ. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 34 of 36 32 of 36 |
b5919931fe [Firefox:412 hits: 06-20 to 08-19] cd27d6cbab NEW dc23a7f90d NEW |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| T:14:10:00 | Win2K-f | 130.13.202.147 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
63.173.172.98:7000 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 9824b60bec [Firefox: 4 hits: 08-18 to 08-19] |
none[none] | none:none |
none|none | none | none | |
| T:14:14:00 | WinXP | 130.13.190.71 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:23:00 | Win2K-f | 75.80.252.122 (RR.COM): ROAD RUNNER HOLDCO LLC, PALM DESERT, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:24:00 | WinXP | 70.168.9.104 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox: 7 hits: 08-05 to 08-17] f685f8e027 [Firefox:11 hits: 06-18 to 08-17] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:14:39:00 | Win2K-f | 75.80.252.122 (RR.COM): ROAD RUNNER HOLDCO LLC, PALM DESERT, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:01:00 | WinXP | 61.219.208.75 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:15:00 | WinXP | 4.233.194.74 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:95 hits: 01-08 to 08-19] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 15:18:00 | Win2K-f | 218.249.149.203 (IAPCM.AC.CN): BEIJING TELETRON TELECOM ENGINEERING CO. LTD, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
79c01ec060 [Firefox:23 hits: 06-18 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:28:00 | Win2K-f | 71.99.43.68 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:34:00 | Win2K-f | 64.201.94.118 (80-LHTOT.COM): LAUREL HIGHLAND TELEPHONE COMPANY, STAHLSTOWN, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:41:00 | Win2K-f | 125.181.167.43 (-): POWC-211, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 32 of 33 |
1d569ef2a7 [Firefox: 3 hits: 07-27 to 08-09] 58408136a4 [Firefox:14 hits: 06-28 to 08-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:42:00 | WinXP | 24.95.241.72 (RR.COM): ROAD RUNNER HOLDCO LLC, KISSIMMEE, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:474 hits: 12-31 to 08-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:42:00 | WinXP | 24.95.241.72 (RR.COM): ROAD RUNNER HOLDCO LLC, KISSIMMEE, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:474 hits: 12-31 to 08-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:45:00 | WinXP | 24.74.19.90 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:342 hits: 12-31 to 08-19] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:50:00 | Win2K-f | 98.134.205.247 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 |
6d86a1ff5a [Firefox:33 hits: 06-25 to 08-15] 7f6e032fc0 [Firefox:33 hits: 06-25 to 08-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 15:53:00 | WinXP | 71.76.3.113 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | EU:siliconfireware.ru GB:welcome3.smile.co.uk :wpad |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:480 hits: 01-01 to 08-19] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 15:57:00 | WinXP | 88.181.103.121 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:qis.md.us.dal.net SE:viking.dal.net :flanders.be.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:ozbytes.dal.net SE:ced.dal.net US:lia.zanet.net :lulea.se.eu.undernet.org :washington.dc.us.undernet.org SE:coins.dal.net :gaspode.zanet.org.za NO:london.uk.eu.undernet.org RU:194.6.222.11:6667 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9e4ccec7e5 NEW |
none[none] | none:none |
none|none | none | none |
| 15:59:00 | WinXP | 67.45.195.78 (DIRECPC.COM): HUGHES NETWORK SYSTEMS, GERMANTOWN, MARYLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:06:00 | WinXP | 66.188.67.227 (CHARTER.COM): CHARTER COMMUNICATIONS, LAWRENCEVILLE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:29 hits: 01-07 to 08-06] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 16:23:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:23:00 | Win2K-f | 207.5.163.123 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:42:00 | Win2K-f | 67.62.174.17 (CAVTEL.NET): CAVALIER, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:54:00 | WinXP | 68.145.59.4 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:995 hits: 12-31 to 08-19] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:56:00 | WinXP | 118.237.51.150 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:16 hits: 06-20 to 08-17] |
none[4] | none:none |
none|none | none | trace | |
| 17:01:00 | Win2K-f | 92.41.81.137 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 290 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ff5a1c73d9 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:05:00 | WinXP | 116.126.249.246 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 2 of 35 0 of 33 |
6ec2a8994b [Firefox:15 hits: 06-18 to 08-16] bcf66a38c8 [Firefox: 2 hits: 07-30 to 08-08] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 17:13:00 | WinXP | 208.84.203.85 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:16:00 | Win2K-f | 118.219.44.54 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 71 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | 58c343a8d8 [Firefox:19 hits: 06-21 to 08-19] |
58c343a8d8 [1] | ASM:Graph |
Armadillo| | lines=82 | trace | |
| T:17:21:00 | WinXP | 24.85.84.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:22:00 | WinXP | 172.129.227.20 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 184 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| T:17:30:00 | Win2K-f | 70.65.17.97 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:33:00 | WinXP | 119.72.59.236 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox: 7 hits: 08-08 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:17:34:00 | WinXP | 63.245.41.103 (FLAMINGOTV.NET): FLAMINGO TELEVISION BONAIRE, AN. |
n/a | 135 | pcap | raw alerts ruleset |
other 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:57:00 | WinXP | 74.137.231.116 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, EVANSVILLE, INDIANA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 | b7082104e4 [Firefox:101 hits: 06-18 to 08-19] |
none[4] | none:none |
tElock| | none | trace | |
| T:18:12:00 | WinXP | 24.80.178.42 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:25:00 | Win2K-f | 75.45.241.197 (SBCGLOBAL.NET): PPPOX POOL RBACK11.SFLDMI, WATERFORD, MICHIGAN, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:18:46:00 | WinXP | 71.131.139.132 (SBCGLOBAL.NET): DOMINO'S PIZZA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 19:03:00 | WinXP | 63.18.109.43 (UU.NET): UUNET TECHNOLOGIES INC, AULT, COLORADO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:03:00 | WinXP | 201.213.239.51 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:474 hits: 12-31 to 08-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:11:00 | WinXP | 196.201.95.185 (ADSL-213-136-127-10.AVISO.CI): COTE D'IVOIRE TELECOM, CI. |
n/a | DE:siliconfireware.ru :wpad DE:ebookfinaltrash.ru EU:crutop.nu DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 330eaa2da2 [Firefox:16 hits: 01-28 to 08-13] |
none[3] | none:none |
ASPack| | none | trace |
| T:19:13:00 | WinXP | 130.13.190.172 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:14:00 | Win2K-f | 70.182.92.124 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:16:00 | WinXP | 116.123.80.139 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:106 hits: 06-17 to 08-19] 4c3df24b32 [Firefox:160 hits: 06-17 to 08-19] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:22:00 | Win2K-f | 204.116.18.97 (BDSHOME.COM): INFO AVENUE INTERNET SERVICES LLC, MT. AIRY, NORTH CAROLINA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.220.124:80 US:204.160.126.124:80 US:207.123.37.125:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 144 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 33 |
dfbaaf577c [Firefox: 8 hits: 06-18 to 07-08] f504b4af20 [Firefox: 8 hits: 06-18 to 07-08] |
none[4] f504b4af20[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 19:25:00 | Win2K-f | 70.182.92.124 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:33:00 | WinXP | 66.217.46.40 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net :flanders.be.eu.undernet.org FI:london.uk.eu.undernet.org :brussels.be.eu.undernet.org :los-angeles.ca.us.undernet.org SE:viking.dal.net :washington.dc.us.undernet.org US:lia.zanet.net SE:coins.dal.net SE:qis.md.us.dal.net SE:broadway.ny.us.dal.net NL:diemen.nl.eu.undernet.org :caen.fr.eu.undernet.org SE:ced.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:474 hits: 12-31 to 08-19] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 19:34:00 | WinXP | 70.248.127.208 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:34:00 | Win2K-f | 70.61.156.13 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:44:00 | WinXP | 75.17.13.137 (SBCGLOBAL.NET): RBACK34B.IRVNCA, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:19:46:00 | WinXP | 64.49.47.76 (DIXIE-NET.COM): AYRIX TECHNOLOGIES INC, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad EU:ebookfinaltrash.ru |
445 | pcap | raw alerts ruleset |
http http http http 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 0 of 36 0 of 36 |
5613d89378 NEW a10d63b335 NEW b57cec29de NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:19:48:00 | Win2K-f | 98.112.89.27 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 19:58:00 | WinXP | 70.105.112.79 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:95 hits: 01-08 to 08-19] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:20:07:00 | Win2K-f | 75.82.147.241 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:20:26:00 | WinXP | 201.69.194.26 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | e253fef35b [Firefox: 3 hits: 08-10 to 08-14] |
none[none] | none:none |
none|none | none | none |
| 20:29:00 | Win2K-f | 211.186.36.108 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:ksn.a1001186.wrs.mcboo.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn IL:wr.kastora.com IL:194.90.224.86:80 US:208.111.148.254:80 US:208.111.153.215:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 484 lines |
Yeah : 1.8 profile |
none | summary tarball |
3 of 36 17 of 35 14 of 36 29 of 32 28 of 32 29 of 36 |
55267a7e88 NEW 5ab0a45f63 [Firefox:139 hits: 07-24 to 08-19] 75d013e972 NEW 8a75955033 [Firefox:26 hits: 06-20 to 08-18] 9276c8b36b [Firefox:26 hits: 06-20 to 08-18] fec5a29df3 NEW |
none[none] none [none] none [none] none [4] 9276c8b36b[1] none [none] |
none:none none:none none:none none:none ASM:Graph none:none |
none|none none|none none|none tElock| Armadillo| none|none |
none none none none lines=81 none |
none none none trace trace none |
| 20:37:00 | Win2K-f | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:38:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:46:00 | Win2K-f | 124.195.153.173 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:48:00 | Win2K-f | 72.74.107.55 (VERIZON.NET): VERIZON INTERNET SERVICES INC, WORCESTER, MASSACHUSETTS, US. (100Mbps) |
210.245.211.11:65520 | US:ksn.a1001186.wrs.mcboo.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn IL:wr.kastora.com HK:proxim.ircgalaxy.pl |
445 | pcap | raw alerts ruleset |
irc http 288 lines |
Yeah : 1.3 profile |
none | summary tarball |
17 of 35 14 of 36 29 of 36 |
5ab0a45f63 [Firefox:139 hits: 07-24 to 08-19] 75d013e972 NEW fec5a29df3 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 20:56:00 | WinXP | 210.68.130.216 (MYSON.COM.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
210.245.211.11:65520 216.255.188.106:80 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn US:ksn.a1001186.wrs.mcboo.com :www.upononjob.cn :mulfika.cn EU:updatecube.com US:statsboat.com IL:wr.kastora.com |
135 | pcap | raw alerts ruleset |
http irc 1567 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 3 of 36 17 of 35 14 of 36 34 of 36 0 of 33 29 of 36 |
177159de26 [Firefox: 2 hits: 08-08 to 08-18] 392cb28388 NEW 447210a4fd NEW 5ab0a45f63 [Firefox:139 hits: 07-24 to 08-19] 75d013e972 NEW 9c50aa3c45 [Firefox: 2 hits: 08-08 to 08-18] e07c29c4ae [Firefox:318 hits: 06-19 to 08-19] fec5a29df3 NEW |
none[none] none [none] none [none] none [none] none [none] none [none] e07c29c4ae[1] none [none] |
none:none none:none none:none none:none none:none none:none ASM:Graph none:none |
none|none none|none none|none none|none none|none none|none FSG| none|none |
none none none none none none lines=92 none |
none none none none none none trace none |
| 21:09:00 | Win2K-f | 65.47.38.234 (XO.NET): XO COMMUNICATIONS, MIAMI, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:21:14:00 | Win2K-f | 207.5.239.134 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] a08f3b74a4 [Firefox:532 hits: 06-18 to 08-19] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:33:00 | Win2K-f | 66.65.188.140 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:34:00 | WinXP | 70.251.7.229 (SWBELL.NET): PPPOX POOL - BRAS17 RCSNTX, FT. WORTH, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:342 hits: 12-31 to 08-19] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:21:57:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 73f1082158 [Firefox:814 hits: 06-18 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 21:58:00 | Win2K-f | 69.201.128.29 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 24 of 33 0 of 32 |
00de373b4a [Firefox: 3 hits: 07-12 to 08-16] b234759ccf [Firefox: 3 hits: 07-12 to 08-16] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:22:08:00 | Win2K-f | 211.21.230.12 (CATEYE.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] 57ce4acac2 [Firefox:132 hits: 06-17 to 08-19] b5919931fe [Firefox:412 hits: 06-20 to 08-19] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 22:09:00 | WinXP | 144.139.189.240 (TMNS.NET.AU): TELSTRAINTERNET32, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:1615 hits: 06-17 to 08-19] b7082104e4 [Firefox:101 hits: 06-18 to 08-19] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 22:34:00 | WinXP | 98.141.163.233 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:45:00 | Win2K-f | 24.77.13.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | c4c5a56ffe [Firefox: 3 hits: 08-15 to 08-19] |
none[none] | none:none |
none|none | none | none | |
| T:22:48:00 | WinXP | 118.231.11.255 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox: 7 hits: 08-08 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:23:05:00 | WinXP | 210.251.42.155 (DION.NE.JP): DION (KDDI CORPORATION), HIROSHIMA, HIROSHIMA, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:164 hits: 01-01 to 08-18] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace | |
| 23:26:00 | Win2K-f | 218.211.206.1 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 391 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 35 |
3db2c812c0 NEW 797fdec34a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |