|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:24:00 | Win2K-f | 70.184.78.246 (COX.NET): COX COMMUNICATIONS, TUCSON, ARIZONA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] b5919931fe [Firefox:443 hits: 06-20 to 08-21] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:00:25:00 | Win2K-f | 208.127.97.204 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 29 of 33 |
0d3fafbf29 [Firefox: 2 hits: 06-21 to 07-28] d401773a07 [Firefox: 2 hits: 06-21 to 07-28] |
0d3fafbf29 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 00:28:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
210.245.211.11:65520 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:208.111.148.15:80 US:208.111.148.23:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] bea8cb1865 [Firefox: 5 hits: 08-11 to 08-20] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:01:09:00 | WinXP | 122.110.176.82 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 7a06e8e9a8 NEW |
none[none] | none:none |
none|none | none | none | |
| 01:16:00 | Win2K-f | 71.100.0.148 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BRANDON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:17:00 | WinXP | 4.184.58.125 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BELLEVILLE, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 354 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 34 of 36 |
087e2ee6ac NEW a6fe69d9f1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 01:20:00 | WinXP | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.23:80 US:208.111.148.43:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 117 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 [Firefox: 4 hits: 06-18 to 08-18] f0e73c39a8 [Firefox: 5 hits: 06-18 to 08-18] |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 01:38:00 | WinXP | 71.108.242.146 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GARDEN GROVE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.46.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:58:00 | WinXP | 24.68.188.114 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:22 hits: 06-18 to 08-21] e53a9ea82e [Firefox:22 hits: 06-18 to 08-21] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 02:00:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:18:00 | WinXP | 92.99.13.136 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:100 hits: 01-08 to 08-21] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:02:19:00 | Win2K-f | 203.91.176.239 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] b5919931fe [Firefox:443 hits: 06-20 to 08-21] b7082104e4 [Firefox:110 hits: 06-18 to 08-21] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 02:22:00 | WinXP | 193.248.255.246 (ABO.WANADOO.FR): TELECOM, NOORDWIJK, ZUID-HOLLAND, NL. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:351 hits: 12-31 to 08-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:24:00 | WinXP | 89.41.38.60 (PANEVO.RO): SC PAN ELECTRO SRL, RO. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 5bd33f839a [Firefox: 4 hits: 08-19 to 08-19] |
none[none] | none:none |
none|none | none | none |
| T:02:25:00 | Win2K-f | 4.225.241.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTAGE, MICHIGAN, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 408 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 [Firefox: 7 hits: 06-10 to 08-19] |
none[4] | none:none |
StarForce| | none | trace | |
| T:02:33:00 | WinXP | 210.68.130.216 (MYSON.COM.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
210.245.211.11:65520 | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com US:192.221.108.126:80 US:199.93.41.126:80 US:204.160.126.124:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
177159de26 [Firefox: 3 hits: 08-08 to 08-20] 9c50aa3c45 [Firefox: 3 hits: 08-08 to 08-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:34:00 | Win2K-f | 4.174.183.24 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.41.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:39:00 | WinXP | 86.97.84.87 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:13:00 | Win2K-f | 121.73.113.218 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 357 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 33 31 of 33 |
0f55e617b4 [Firefox: 3 hits: 06-25 to 08-01] 4c764cd519 [Firefox: 3 hits: 06-25 to 08-01] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:21:00 | WinXP | 4.252.133.61 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:38:00 | Win2K-f | 206.186.35.172 (EBTECH.NET): ELECTRO BYTE TECHNOLOGIES INC, JACKSONVILLE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] b5919931fe [Firefox:443 hits: 06-20 to 08-21] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 03:42:00 | WinXP | 202.96.116.18 (HZ.ZJ.CN): CHINANET-ZJ WENZHOU NODE NETWORK, WENZHOU, ZHEJIANG, CN. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:192.221.108.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 US:8.12.222.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 167 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
1be9721a10 NEW 48923dcf8c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:45:00 | Win2K-f | 202.96.116.18 (HZ.ZJ.CN): CHINANET-ZJ WENZHOU NODE NETWORK, WENZHOU, ZHEJIANG, CN. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:192.221.108.126:80 US:207.123.47.126:80 HK:210.245.211.11:65520 US:8.12.222.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 148 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
1be9721a10 NEW 48923dcf8c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:49:00 | WinXP | 92.99.5.161 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:58:00 | Win2K-f | 71.126.58.39 (VERIZON.NET): VERIZON INTERNET SERVICES INC, WORCESTER, MASSACHUSETTS, US. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com US:microsoft.com US:download.microsoft.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:10:00 | Win2K-f | 202.213.94.85 (HCTV.NE.JP): HIGASHIMATSUYAMA CABLE TELEVISION CO. LTD, JP. |
210.245.211.11:65520 67.43.236.98:5190 | HK:proxim.ircgalaxy.pl CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info US:130.107.129.80:42312 |
135 | pcap | raw alerts ruleset |
irc http 486 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 16 of 36 14 of 36 18 of 36 |
64748c59aa NEW 78e31db533 [Firefox: 3 hits: 08-13 to 08-16] 9b09258622 [Firefox:10 hits: 08-05 to 08-16] d5a5e9f7a9 [Firefox: 3 hits: 08-13 to 08-16] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 04:13:00 | WinXP | 86.144.169.103 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:351 hits: 12-31 to 08-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:54:00 | WinXP | 201.0.9.36 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox: 3 hits: 08-19 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:05:06:00 | WinXP | 116.127.188.108 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 241 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 34 34 of 36 |
3060fff5c0 NEW a7d11d75cd NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:41:00 | Win2K-f | 4.181.164.97 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DANBURY, CONNECTICUT, US. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:198.78.220.124:80 US:199.93.44.124:80 US:207.123.37.124:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 249 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 28 of 36 |
0c26670e4d NEW 997a63d3bc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:48:00 | WinXP | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:05:50:00 | WinXP | 64.184.89.105 (SWAYZEE.COM): SWAYZEE TELEPHONE CO, SWAYZEE, INDIANA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] b7082104e4 [Firefox:110 hits: 06-18 to 08-21] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| 06:19:00 | Win2K-f | 70.240.137.159 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:24:00 | Win2K-f | 116.123.157.230 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 123 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 30 of 33 |
eb9217b966 NEW ff2150aa95 [Firefox: 2 hits: 07-03 to 08-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:28:00 | WinXP | 203.194.2.223 (COMINDICO.COM.AU): COMINDICO AUSTRALIA, SYDNEY, NEW SOUTH WALES, AU. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:165 hits: 01-01 to 08-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 06:44:00 | WinXP | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 57ce4acac2 [Firefox:140 hits: 06-17 to 08-21] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 06:50:00 | WinXP | 83.25.108.15 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
n/a | HK:proxima.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | d0a6e01449 [Firefox: 3 hits: 07-27 to 08-19] |
none[none] | none:none |
none|none | none | none |
| T:06:50:00 | WinXP | 83.25.108.15 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxima.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | d0a6e01449 [Firefox: 3 hits: 07-27 to 08-19] |
none[none] | none:none |
none|none | none | none |
| T:06:57:00 | WinXP | 64.39.191.131 (SPEEDE.COM): GOLDEN TRIANGLE ON LINE, WATERLOO, ONTARIO, CA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:06:00 | Win2K-f | 219.240.214.233 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:192.221.108.126:80 US:199.93.41.126:80 US:204.160.126.124:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox:19 hits: 06-17 to 08-16] f23b040440 [Firefox:10 hits: 06-22 to 08-16] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:07:14:00 | WinXP | 190.139.210.96 (NET.AR): TELECOM ARGENTINA S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:70 hits: 01-14 to 08-21] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 07:25:00 | Win2K-f | 68.144.110.61 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:204.160.104.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 135 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 32 |
0081629431 NEW 8646fc5510 NEW b5919931fe [Firefox:443 hits: 06-20 to 08-21] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:07:25:00 | Win2K-f | 71.184.15.232 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:29:00 | WinXP | 65.81.252.192 (BELLSOUTH.NET): BELLSOUTH.NET INC, MONROE, LOUISIANA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 32 0 of 36 0 of 36 |
68cd473638 NEW 935f6902c4 NEW bcd63e69ea NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:07:47:00 | WinXP | 71.100.6.46 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALRICO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:01:00 | WinXP | 117.99.19.148 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e253fef35b [Firefox: 5 hits: 08-10 to 08-21] |
none[none] | none:none |
none|none | none | none |
| 08:14:00 | WinXP | 118.1.43.151 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:21:00 | WinXP | 130.13.42.107 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:351 hits: 12-31 to 08-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:29:00 | WinXP | 130.13.190.105 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:47:00 | WinXP | 96.33.85.83 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b3154d1b2a NEW |
none[none] | none:none |
none|none | none | none |
| 08:53:00 | Win2K-f | 71.108.208.50 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SAN DIMAS, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:56:00 | WinXP | 71.108.208.50 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SAN DIMAS, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:10:00 | WinXP | 66.137.92.179 (SWBELL.NET): DIAL POOL - NAS1.LGVWTX, CARTHAGE, TEXAS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:222 hits: 01-01 to 08-21] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 09:24:00 | WinXP | 193.248.148.162 (ABO.WANADOO.FR): WANADOO, LIMOGES, LIMOUSIN, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:100 hits: 01-08 to 08-21] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 09:24:00 | Win2K-f | 130.13.111.47 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
1 of 36 | 4671f33cff NEW |
none[none] | none:none |
none|none | none | none |
| T:09:30:00 | Win2K-f | 130.13.111.47 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
1 of 36 | 4671f33cff NEW |
none[none] | none:none |
none|none | none | none |
| T:09:34:00 | Win2K-f | 75.82.147.241 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.110.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:40:00 | WinXP | 77.232.97.126 (-): INTERNATIONAL COMPUTER COMPANY LTD, MANILA, MANILA, PH. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru :washington.dc.us.undernet.org SE:viking.dal.net |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f8763e5dea NEW |
none[none] | none:none |
none|none | none | none |
| 09:42:00 | WinXP | 77.232.97.126 (-): INTERNATIONAL COMPUTER COMPANY LTD, MANILA, MANILA, PH. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f8763e5dea NEW |
none[none] | none:none |
none|none | none | none |
| 09:45:00 | Win2K-f | 172.190.242.64 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:02:00 | WinXP | 210.79.131.158 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:501 hits: 01-01 to 08-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:11:00 | WinXP | 130.13.200.241 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
63.173.172.98:7000 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 9824b60bec [Firefox: 7 hits: 08-18 to 08-21] |
none[none] | none:none |
none|none | none | none | |
| 10:12:00 | WinXP | 77.20.9.96 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b19b1a3b65 NEW |
none[none] | none:none |
none|none | none | none |
| 10:14:00 | Win2K-f | 130.13.105.128 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:17:00 | Win2K-f | 98.174.80.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] b5919931fe [Firefox:443 hits: 06-20 to 08-21] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:19:00 | WinXP | 4.233.194.178 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 32 | 6d448e9832 NEW |
none[4] | none:none |
none|none | none | trace | |
| 10:20:00 | Win2K-f | 130.13.113.153 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:22:00 | WinXP | 130.13.113.153 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:23:00 | WinXP | 124.115.15.45 (163DATA.COM.CN): CHINANET SHANXI(SN) PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:46:00 | WinXP | 85.23.33.116 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:46:00 | WinXP | 85.23.33.116 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:54:00 | Win2K-f | 220.229.211.147 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:01:00 | Win2K-f | 130.13.219.217 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:ssffttpp.jackill07.biz | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:04:00 | Win2K-f | 70.168.9.104 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
210.245.211.11:65520 77.91.227.179:80 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn DE:hereall.net :www.upononjob.cn :mulfika.cn IL:ksn.a1001186.wrs.flutix.com EU:viacodecright2.com US:virus-quick-scan.com :voovle.info US:xpsecuritycenter.com US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http irc 883 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 36 1 of 36 11 of 36 14 of 36 26 of 36 34 of 36 28 of 33 |
0dce5e364c NEW 213be7183e NEW 42e56ccaeb NEW 75d013e972 [Firefox: 5 hits: 08-20 to 08-21] 812a0cf35a NEW da00a8e7a1 [Firefox: 8 hits: 08-05 to 08-20] f685f8e027 [Firefox:12 hits: 06-18 to 08-20] |
none[none] none [none] none [none] none [none] none [none] none [none] f685f8e027[1] |
none:none none:none none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none none|none none|none Armadillo| |
none none none none none none lines=82 |
none none none none none none trace |
| 11:04:00 | WinXP | 117.99.10.174 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:07:00 | WinXP | 219.97.165.93 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:11:10:00 | WinXP | 98.25.191.50 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:17:00 | WinXP | 4.161.170.252 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITNEY, TEXAS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 235 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 | 73a8a1751d NEW |
none[none] | none:none |
none|none | none | none | |
| 11:47:00 | Win2K-f | 207.103.253.251 (BUCKSLIB.ORG): BUCKS COUNTY FREE LIBRARY, STOCKTON, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] d2b05e43df NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:12:07:00 | WinXP | 92.32.84.14 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 63452bf08e NEW |
none[none] | none:none |
none|none | none | none |
| T:12:33:00 | WinXP | 83.221.70.105 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9d51993bf7 NEW |
none[none] | none:none |
none|none | none | none |
| 12:50:00 | Win2K-f | 121.73.85.95 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
http 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox: 8 hits: 08-02 to 08-20] a51a50404e [Firefox: 8 hits: 08-02 to 08-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:51:00 | WinXP | 70.72.208.35 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0c0acdd902 NEW 8682af6215 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:58:00 | Win2K-f | 66.60.220.65 (NEWULMTEL.NET): NEW ULM TELECOM INC, NEW ULM, MINNESOTA, US. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.173.46:80 US:208.111.173.47:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 134 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 32 of 36 |
86176b6a8e NEW 8a7d6cc74f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:02:00 | Win2K-f | 209.252.105.148 (MCLEODUSA.NET): MDI ACCESS, ROCHESTER, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:08:00 | Win2K-f | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.73.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox: 8 hits: 06-18 to 08-18] 79c01ec060 [Firefox:24 hits: 06-18 to 08-20] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 13:12:00 | WinXP | 72.190.126.153 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:28:00 | WinXP | 71.46.57.52 (BHNTAMPA.COM): BRIGHTHOUSE NETWORKS CFL DIVISION, BRANDON, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:13:37:00 | Win2K-f | 24.79.215.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 162 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:21 hits: 06-20 to 08-18] e5c7bce70e [Firefox:20 hits: 06-20 to 08-18] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:43:00 | WinXP | 75.176.180.6 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW ORLEANS, LOUISIANA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:sptc01.information.com :www.proxy-socks.net :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:483 hits: 01-01 to 08-21] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:45:00 | WinXP | 87.196.18.253 (NET.NOVIS.PT): NOVIS TELECOM S.A, LISBON, LISBOA, PT. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a0044bcb25 [Firefox: 7 hits: 08-02 to 08-17] |
none[none] | none:none |
none|none | none | none |
| 13:56:00 | WinXP | 77.236.174.229 (-): VEREYA, BG. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:00:00 | WinXP | 24.153.112.61 (MYACTV.NET): ANTIETAM CABLE TELEVISION INC, HAGERSTOWN, MARYLAND, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:209.84.20.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 35 0 of 33 28 of 35 |
70c31be294 [Firefox: 2 hits: 07-29 to 08-10] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] fead05e431 [Firefox: 2 hits: 07-29 to 08-10] |
none[none] e07c29c4ae[1] none [none] |
none:none ASM:Graph none:none |
none|none FSG| none|none |
none lines=92 none |
none trace none |
| 14:03:00 | WinXP | 82.140.144.45 (ERDVES.LT): LRTC-INFRASTRUCT-P2P, LT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox: 9 hits: 07-04 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:14:15:00 | WinXP | 4.168.186.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, YUCAIPA, CALIFORNIA, US. (DIAL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:199.93.44.126:80 US:209.84.20.126:80 HK:210.245.211.11:65520 US:4.23.60.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 235 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 35 35 of 36 |
9a490aee06 NEW f69862c856 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:19:00 | WinXP | 72.174.223.13 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, CEDAR CITY, UTAH, US. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | a73d9b037c NEW |
none[none] | none:none |
none|none | none | none |
| T:15:25:00 | WinXP | 218.210.137.61 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 386 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 0 of 33 31 of 33 |
49f8b27cca [Firefox: 4 hits: 06-24 to 08-18] e07c29c4ae [Firefox:349 hits: 06-19 to 08-21] e414dccc52 [Firefox: 4 hits: 06-24 to 08-18] |
49f8b27cca [1] e07c29c4ae[1] none [4] |
ASM:Graph ASM:Graph none:none |
Armadillo| FSG| ASProtect| |
lines=82 lines=92 none |
trace trace trace |
| 15:25:00 | WinXP | 72.226.62.92 (RR.COM): ROAD RUNNER HOLDCO LLC, RENSSELAER, NEW YORK, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:26:00 | WinXP | 82.207.46.174 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK, UA. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a3364f8634 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:26:00 | Win2K-f | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:140 hits: 06-17 to 08-21] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:15:27:00 | WinXP | 72.226.62.92 (RR.COM): ROAD RUNNER HOLDCO LLC, RENSSELAER, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:486 hits: 12-31 to 08-21] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:31:00 | Win2K-f | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] b5919931fe [Firefox:443 hits: 06-20 to 08-21] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:51:00 | WinXP | 85.152.120.242 (CM-85-152-106-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 68a76c215f [Firefox: 3 hits: 08-14 to 08-21] |
none[none] | none:none |
none|none | none | none |
| T:15:51:00 | WinXP | 211.177.193.120 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
139 | pcap | raw alerts ruleset |
irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 70b3b3de04 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:12:00 | WinXP | 80.102.244.54 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, BARCELONA, CATALUñA, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 | 1a7bebb1cf NEW |
none[none] | none:none |
none|none | none | none |
| T:16:20:00 | WinXP | 70.234.238.73 (SBCGLOBAL.NET): PPPOX POOL - BRAS21.RCSNTX, BEDFORD, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:100 hits: 01-08 to 08-21] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:32:00 | Win2K-f | 76.215.109.182 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:52:00 | WinXP | 210.79.134.8 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:501 hits: 01-01 to 08-21] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:57:00 | Win2K-f | 116.123.154.137 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com US:207.123.46.125:80 HK:210.245.211.11:65520 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 170 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox: 6 hits: 07-10 to 08-18] 740e3bffe0 [Firefox: 7 hits: 06-25 to 08-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:21:00 | Win2K-f | 118.236.207.48 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:40:00 | Win2K-f | 65.184.28.105 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:43:00 | Win2K-f | 12.230.49.128 (ATT.NET): AT&T WORLDNET SERVICES, EDMONDS, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:47:00 | WinXP | 68.144.135.11 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:47:00 | Win2K-f | 70.67.167.163 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, DUNCAN, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | c4c5a56ffe [Firefox: 4 hits: 08-15 to 08-20] |
none[none] | none:none |
none|none | none | none | |
| 18:20:00 | Win2K-f | 216.208.194.152 (BELL.CA): BELL CANADA, TRENTON, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.73.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:34:00 | WinXP | 204.210.105.157 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:29 hits: 01-02 to 08-19] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 18:49:00 | WinXP | 220.219.6.243 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 35 | 0c338f33e1 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:50:00 | WinXP | 4.225.31.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPRINGFIELD, OHIO, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 338 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
36dfdf19c9 NEW f33ab73e8d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 19:09:00 | Win2K-f | 24.80.98.70 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:21 hits: 06-20 to 08-18] e5c7bce70e [Firefox:20 hits: 06-20 to 08-18] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:47:00 | Win2K-f | 70.74.220.25 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:02:00 | WinXP | 206.248.211.41 (NTELOS.NET): NTELOS - WAYNESBORO ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox:10 hits: 08-08 to 08-20] |
none[none] | none:none |
none|none | none | none |
| 20:03:00 | WinXP | 74.137.231.116 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, EVANSVILLE, INDIANA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 37 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 | b7082104e4 [Firefox:110 hits: 06-18 to 08-21] |
none[4] | none:none |
tElock| | none | trace | |
| 20:11:00 | WinXP | 67.128.191.189 (SIDLINGER.COM): EASTEX TELEPHONE COOPERATIVE INC, LIVINGSTON, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6371af4c72 NEW |
none[none] | none:none |
none|none | none | none |
| 20:32:00 | Win2K-f | 207.201.234.99 (XSPEDIUS.NET): XSPEDIUS COMMUNICATIONS CO, MONTGOMERY, ALABAMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 34 |
73f1082158 [Firefox:862 hits: 06-18 to 08-21] b55e5748a9 NEW |
73f1082158 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:20:35:00 | WinXP | 4.248.42.240 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:351 hits: 12-31 to 08-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:38:00 | WinXP | 69.23.194.21 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:126 hits: 01-01 to 08-15] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 20:42:00 | Win2K-f | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:45:00 | WinXP | 70.166.111.207 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:208.111.148.226:80 US:208.111.148.247:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 131 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox: 8 hits: 08-05 to 08-20] f685f8e027 [Firefox:12 hits: 06-18 to 08-20] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 21:11:00 | WinXP | 206.169.142.22 (-): TIME WARNER TELECOM INC, ZIHUATANEJO, GUERRERO, MX. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:22:00 | Win2K-f | 124.195.149.127 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:23:00 | WinXP | 220.219.250.233 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:31:00 | WinXP | 220.156.4.65 (HI-HO.NE.JP): INTERNET INITIATIVE JAPAN INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 21:47:00 | WinXP | 24.79.215.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:209.84.20.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:21 hits: 06-20 to 08-18] e5c7bce70e [Firefox:20 hits: 06-20 to 08-18] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:13:00 | WinXP | 24.174.182.219 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:351 hits: 12-31 to 08-21] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:51:00 | WinXP | 61.20.137.81 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 97be872152 NEW |
none[none] | none:none |
none|none | none | none | |
| T:22:55:00 | WinXP | 61.215.245.135 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCROPORATE), OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 552 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 089d3e7af7 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:05:00 | WinXP | 220.219.250.233 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:09:00 | Win2K-f | 24.213.224.230 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] a08f3b74a4 [Firefox:570 hits: 06-18 to 08-21] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:11:00 | Win2K-f | 67.1.0.209 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, EMMETT, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:209.84.20.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] 73f1082158 [Firefox:862 hits: 06-18 to 08-21] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:17:00 | WinXP | 217.202.150.31 (-): TELECOM ITALIA MOBILE, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:165 hits: 01-01 to 08-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 23:32:00 | WinXP | 203.97.173.53 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:32:00 | WinXP | 203.97.173.53 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1003 hits: 12-31 to 08-21] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:35:00 | WinXP | 75.180.36.194 (RR.COM): ROAD RUNNER HOLDCO LLC, DUBLIN, OHIO, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:165 hits: 01-01 to 08-20] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 23:39:00 | Win2K-f | 218.239.82.124 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:165 hits: 06-17 to 08-21] 53bfe15e91 [Firefox:1720 hits: 06-17 to 08-21] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 23:43:00 | WinXP | 211.16.64.202 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:310 hits: 01-05 to 08-21] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace |