|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:13:00 | Win2K-f | 219.255.6.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn US:iphonenewline.com :www.upononjob.cn CN:second-reason.com EU:reservjob.cn :mulfika.cn :virus-quick-scan.com US:antispyware-quick-scan.com :voovle.info US:spyware-quickscan-2008.com US:winantispyware2008.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
irc http 802 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 30 of 33 none 32 of 33 none none none |
04e8352072 NEW 0a2b1894da [Firefox: 7 hits: 06-26 to 09-13] 2a0ee3c795 [Firefox: 4 hits: 09-13 to 09-13] 414b95a784 [Firefox: 7 hits: 06-26 to 09-13] 5ff13375cf [Firefox: 4 hits: 09-13 to 09-13] 68ee501dc9 [Firefox: 3 hits: 09-12 to 09-13] be4fd40fdb NEW |
none[none] none [none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none none|none |
none none none none none none none |
none none none none none none none |
| 00:17:00 | Win2K-f | 61.254.122.2 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn US:iphonenewline.com CN:second-reason.com :virus-quick-scan.com US:antispyware-quick-scan.com US:spyware-quickscan-2008.com US:virus-quickscan-2008.com US:spyware-quickscan-2009.com US:virus-quickscan-2009.com US:antivirus-quick-scan.com 115.126.2.110:80 US:208.111.153.236:80 US:208.111.173.16:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 835 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 31 of 33 none 0 of 33 none none |
110295cb3e NEW 168aab35a3 [Firefox:126 hits: 06-17 to 09-13] 2a0ee3c795 [Firefox: 4 hits: 09-13 to 09-13] 4c3df24b32 [Firefox:180 hits: 06-17 to 09-13] 5f453f525d NEW 5ff13375cf [Firefox: 4 hits: 09-13 to 09-13] |
none[none] none [4] none [none] 4c3df24b32[1] none [none] none [none] |
none:none none:none none:none ASM:Graph none:none none:none |
none|none tElock| none|none Armadillo| none|none none|none |
none none none lines=81 none none |
none trace none trace none none |
| T:00:17:00 | WinXP | 83.213.43.113 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BILBAO, PAIS VASCO, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b5cf895038 [Firefox: 2 hits: 09-13 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 00:18:00 | WinXP | 83.213.43.113 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BILBAO, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b5cf895038 [Firefox: 2 hits: 09-13 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:00:23:00 | WinXP | 219.167.203.113 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:00:33:00 | WinXP | 24.165.140.55 (RR.COM): ROAD RUNNER HOLDCO LLC, LORAIN, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 00:53:00 | WinXP | 195.210.145.49 (-): FUROR MOSCOW REPRESENTATION OFFICE, MOSCOW, MOSKVA, RU. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 01:08:00 | WinXP | 82.4.208.233 (NTL.COM): NTL INFRASTRUCTURE - BELFAST, LUTON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 01:19:00 | Win2K-f | 98.135.227.141 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:28:00 | WinXP | 114.120.40.105 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:34:00 | Win2K-f | 61.20.138.96 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:52:00 | WinXP | 117.97.136.189 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:02:00 | Win2K-f | 119.94.164.2 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:43 hits: 06-18 to 09-13] 76ee340669 [Firefox:43 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| T:02:08:00 | WinXP | 78.82.190.25 (TELENOR.SE): TELENOR BUSINESS SOLUTION AB, SE. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 63452bf08e [Firefox: 4 hits: 08-22 to 09-13] |
none[none] | none:none |
none|none | none | none | |
| 02:19:00 | Win2K-f | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:31:00 | WinXP | 75.87.253.244 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:02:54:00 | WinXP | 77.64.132.8 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f4b04dacbe NEW |
none[none] | none:none |
none|none | none | none |
| T:03:15:00 | WinXP | 92.32.11.156 (IKBCC.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | b9e6a0c882 [Firefox: 3 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 03:16:00 | WinXP | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
194.109.11.65:6556 | :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com |
135 | pcap | raw alerts ruleset |
other 230 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | fe22b8315f [Firefox: 8 hits: 06-19 to 09-13] |
none[4] | none:none |
StarForce| | none | trace |
| T:03:22:00 | WinXP | 118.236.228.245 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:24 hits: 06-22 to 09-13] |
none[4] | none:none |
none|none | none | trace | |
| 03:30:00 | Win2K-f | 121.124.128.187 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:21 hits: 06-21 to 09-13] 58c343a8d8 [Firefox:23 hits: 06-21 to 09-13] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:03:32:00 | WinXP | 116.125.128.195 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com US:204.160.104.126:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc http 155 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
0c3d1ec2df [Firefox: 8 hits: 08-11 to 09-13] 8de905030e [Firefox: 8 hits: 08-11 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:03:35:00 | WinXP | 87.93.179.60 (FN.FI): FINNET NETWORKS LTD, FI. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 78b29f38ed [Firefox: 7 hits: 06-29 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 03:55:00 | WinXP | 203.91.189.215 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:55:00 | Win2K-f | 216.199.165.252 (FDN.COM): FDN.COM, JACKSONVILLE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 0 of 32 |
3cd7958258 [Firefox:23 hits: 06-17 to 09-13] 41efedf70f [Firefox:22 hits: 06-19 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] 41efedf70f[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| T:03:57:00 | Win2K-f | 203.91.189.215 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:00:00 | WinXP | 41.214.168.151 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | e126a207c5 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:03:00 | WinXP | 71.102.242.248 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MARIA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:08:00 | WinXP | 78.156.218.177 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 6 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:04:08:00 | WinXP | 78.156.218.177 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 6 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:04:09:00 | Win2K-f | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:29:00 | WinXP | 217.219.228.24 (-): CALLWITHME CORP, AHVAZ, KHUZESTAN, IR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 371da6aedc NEW |
none[none] | none:none |
none|none | none | none |
| 04:35:00 | Win2K-f | 70.74.88.219 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
834990aa3f NEW d60d9eb76c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:50:00 | Win2K-f | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox: 4 hits: 07-18 to 09-13] b4fe4581c3 [Firefox: 4 hits: 07-18 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:02:00 | WinXP | 75.83.50.111 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN DIMAS, CALIFORNIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:13:00 | WinXP | 218.163.179.158 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:23:00 | WinXP | 78.56.203.103 (ZEBRA.LT): LIETUVOS, LT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:33:00 | WinXP | 75.83.50.111 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN DIMAS, CALIFORNIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:41:00 | WinXP | 119.228.133.241 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:118 hits: 01-08 to 09-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:05:42:00 | WinXP | 89.152.108.76 (-): TVCABO PORTUGAL S.A, OEIRAS, LISBOA, PT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 14d02d7a70 [Firefox: 3 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 05:46:00 | WinXP | 119.94.164.2 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 131 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:43 hits: 06-18 to 09-13] 76ee340669 [Firefox:43 hits: 06-18 to 09-13] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:05:48:00 | WinXP | 220.219.9.125 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:50:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 none |
bea8cb1865 [Firefox:10 hits: 08-11 to 09-13] fac78fde16 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:54:00 | WinXP | 41.214.190.135 (-): . |
194.54.90.246:80 | HK:proxima.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 95db5533b0 NEW |
none[none] | none:none |
none|none | none | none |
| 06:01:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.66.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:08:00 | WinXP | 68.144.137.100 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 228cae0e0c NEW |
none[none] | none:none |
none|none | none | none |
| 06:24:00 | WinXP | 75.49.10.186 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH 101906-1259, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 06:41:00 | Win2K-f | 151.33.119.245 (33-151.IOL.IT): ITALIA ONLINE S.P.A, MILANO, LOMBARDIA, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 06:41:00 | Win2K-f | 203.91.181.72 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] b7082104e4 [Firefox:126 hits: 06-18 to 09-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 06:50:00 | WinXP | 151.23.132.46 (-): INFOSTRADA (IUNET), IT. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 07:01:00 | WinXP | 118.236.49.139 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:24 hits: 06-22 to 09-13] |
none[4] | none:none |
none|none | none | trace | |
| 07:11:00 | Win2K-f | 151.23.129.149 (-): INFOSTRADA (IUNET), IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 07:14:00 | Win2K-f | 4.155.120.230 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 07:30:00 | WinXP | 221.245.22.21 (UCOM.NE.JP): KG, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:31:00 | WinXP | 221.245.22.21 (UCOM.NE.JP): KG, JP. (100Mbps) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a9cfbd1b0c [Firefox: 2 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:07:38:00 | WinXP | 200.226.114.149 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 89ed97c981 [Firefox: 3 hits: 07-03 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:07:42:00 | WinXP | 75.87.253.244 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:07:43:00 | WinXP | 190.30.27.224 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9e4ccec7e5 [Firefox: 5 hits: 08-19 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 07:49:00 | WinXP | 200.127.4.166 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ae024849a2 NEW |
none[none] | none:none |
none|none | none | none |
| 08:03:00 | Win2K-f | 125.4.154.100 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
72.10.172.218:2938 | CA:japan.youngpeyatech.info | 135 | pcap | raw alerts ruleset |
irc 594 lines |
Yeah : 1.8 profile |
none | summary tarball |
28 of 30 | 2aa59ba425 [Firefox:10 hits: 02-10 to 09-13] |
2aa59ba425 [1] | ASM:Graph |
ASPack| | lines=10 | trace |
| 08:05:00 | Win2K-f | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 57ce4acac2 [Firefox:176 hits: 06-17 to 09-13] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:08:00 | WinXP | 12.208.80.133 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, VERNON HILLS, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:19:00 | WinXP | 118.236.230.130 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 93385541f3 [Firefox:24 hits: 06-22 to 09-13] |
none[4] | none:none |
none|none | none | trace | |
| 08:24:00 | WinXP | 60.236.128.52 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:34:00 | WinXP | 218.210.80.111 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:176 hits: 06-17 to 09-13] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:08:51:00 | Win2K-f | 208.9.114.246 (-): AAFES/BARRACKS, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:14:00 | WinXP | 78.34.73.226 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:14:00 | WinXP | 78.34.73.226 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:20:00 | WinXP | 189.49.207.220 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | bfdd984464 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:27:00 | WinXP | 206.188.64.78 (CIA.COM): CYBERSURF INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:37:00 | Win2K-f | 4.172.165.184 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROOKLYN, NEW YORK, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 242 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 32 |
7858181cae [Firefox: 2 hits: 08-01 to 09-13] ada2e3617c [Firefox: 2 hits: 08-01 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 09:43:00 | Win2K-f | 71.101.142.197 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VENICE, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:09:53:00 | WinXP | 213.22.175.87 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | b872c76081 NEW |
none[none] | none:none |
none|none | none | none |
| 09:56:00 | WinXP | 98.25.108.237 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:12:00 | Win2K-f | 163.203.132.192 (VIP-ZA.COM): AFRINIC, JOHANNESBURG, GAUTENG, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:31:00 | WinXP | 218.210.137.62 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:48:00 | WinXP | 70.71.251.92 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:58:00 | Win2K-f | 200.99.242.145 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:11:01:00 | Win2K-f | 76.194.20.45 (MIDWEST-CONNECTIONS.COM): MIDWEST CONNECTIONS, PAOLA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:18:00 | WinXP | 82.207.34.214 (UKRTEL.NET): UKRTELNET, UA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox:14 hits: 07-04 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:11:19:00 | WinXP | 89.232.251.22 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | 71d5528293 NEW |
none[none] | none:none |
none|none | none | none |
| 12:14:00 | Win2K-f | 4.175.0.92 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHILADELPHIA, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:20:00 | WinXP | 79.184.54.67 (TPNET.PL): TPSA, PL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:21:00 | WinXP | 79.184.54.67 (TPNET.PL): TPSA, PL. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:39:00 | WinXP | 200.127.70.142 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 1d269c9008 NEW |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | WinXP | 76.247.47.118 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:118 hits: 01-08 to 09-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 12:47:00 | WinXP | 80.191.115.73 (-): REGIONAL LIBRARAY OF SCIENCE AND TECHNOLOGY, SHIRAZ, FARS, IR. |
n/a | DE:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru :wpad US:searchportal.information.com RU:195.200.213.52:80 US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | b9ec39db76 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:52:00 | WinXP | 217.203.130.74 (-): TELECOM ITALIA MOBILE, IT. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:56:00 | Win2K-f | 76.194.20.45 (MIDWEST-CONNECTIONS.COM): MIDWEST CONNECTIONS, PAOLA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:19:00 | WinXP | 220.141.116.243 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 6 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 13:20:00 | Win2K-f | 24.82.88.98 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 0 of 32 2 of 32 |
607b60ad51 [Firefox:32 hits: 06-20 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] e5c7bce70e [Firefox:30 hits: 06-20 to 09-13] |
none[4] b5919931fe[1] e5c7bce70e[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=81 |
trace trace trace |
| 13:52:00 | WinXP | 201.5.82.134 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:56:00 | WinXP | 99.224.84.91 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:49:00 | WinXP | 70.166.111.207 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:11 hits: 08-05 to 09-13] f685f8e027 [Firefox:15 hits: 06-18 to 09-13] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 15:05:00 | Win2K-f | 87.12.150.226 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 15:28:00 | WinXP | 24.87.4.86 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:29:00 | Win2K-f | 4.225.141.127 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:29:00 | WinXP | 87.20.158.46 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, CROTONE, CALABRIA, IT. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | b0949b63bd NEW |
none[none] | none:none |
none|none | none | none |
| 15:34:00 | WinXP | 82.227.238.85 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:100 hits: 01-03 to 09-13] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:38:00 | Win2K-f | 4.244.177.169 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 15:39:00 | Win2K-f | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:44:00 | WinXP | 4.254.228.220 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CALDWELL, IDAHO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:04:00 | Win2K-f | 122.147.98.240 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:05:00 | WinXP | 70.124.47.225 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 6e9e655f3c [Firefox:12 hits: 02-26 to 09-13] |
fddd4e56b0 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:28:00 | WinXP | 190.137.73.49 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:32:00 | Win2K-f | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 32 |
87e1117f2a [Firefox: 4 hits: 07-18 to 09-13] b4fe4581c3 [Firefox: 4 hits: 07-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 16:34:00 | WinXP | 208.127.87.25 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn US:iphonenewline.com :www.upononjob.cn CN:second-reason.com EU:reservjob.cn :mulfika.cn :virus-quick-scan.com :wpad US:antispyware-quick-scan.com US:spyware-quickscan-2008.com US:virus-quickscan-2008.com US:spyware-quickscan-2009.com US:virus-quickscan-2009.com US:antivirus-quick-scan.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
irc http 499 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none none none none none |
2a0ee3c795 [Firefox: 4 hits: 09-13 to 09-13] 4d5196693e NEW 56ad6a6ca9 NEW 5ff13375cf [Firefox: 4 hits: 09-13 to 09-13] 650e19eddd NEW 9d2c4ea55c NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| T:16:34:00 | Win2K-f | 24.84.48.88 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 372 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | cfe42c471f [Firefox: 4 hits: 08-10 to 09-13] |
none[none] | none:none |
none|none | none | none | |
| 16:41:00 | WinXP | 66.68.207.253 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 16:55:00 | WinXP | 70.119.117.202 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:05:00 | Win2K-f | 71.117.42.131 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SUN PRAIRIE, WISCONSIN, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
04d3700af1 [Firefox: 4 hits: 08-08 to 09-13] 6b338df2df [Firefox: 4 hits: 08-08 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:17:00 | WinXP | 81.84.17.197 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 14d02d7a70 [Firefox: 3 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none | |
| T:17:30:00 | WinXP | 200.112.243.139 (CMET.NET): CMET SACI, SANTIAGO, REGION METROPOLITANA, CL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:42:00 | WinXP | 67.11.53.28 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox: 7 hits: 08-09 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 17:59:00 | WinXP | 98.25.116.144 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:04:00 | Win2K-f | 68.147.48.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:10:00 | WinXP | 190.188.44.202 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox:14 hits: 07-04 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:18:14:00 | WinXP | 76.254.85.169 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:118 hits: 01-08 to 09-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:18:18:00 | WinXP | 4.225.8.54 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:18:00 | WinXP | 66.68.207.253 (RR.COM): ROAD RUNNER HOLDCO LLC, MCALLEN, TEXAS, US. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 18:27:00 | WinXP | 66.188.66.0 (CHARTER.COM): CHARTER COMMUNICATIONS, ATHENS, GEORGIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn US:iphonenewline.com :www.upononjob.cn EU:reservjob.cn CN:second-reason.com :mulfika.cn :virus-quick-scan.com :wpad US:antispyware-quick-scan.com :voovle.info US:spyware-quickscan-2008.com US:winantispyware2008.com US:205.128.73.126:80 US:206.161.126.40:80 US:209.84.20.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
irc http 972 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none none 31 of 33 none 29 of 33 |
2a0ee3c795 [Firefox: 4 hits: 09-13 to 09-13] 570ddd0ced NEW 5ff13375cf [Firefox: 4 hits: 09-13 to 09-13] 7ba9e53288 [Firefox: 4 hits: 07-11 to 09-13] 94105c76de NEW d2e7fab9c3 [Firefox: 4 hits: 07-11 to 09-13] |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| T:19:00:00 | WinXP | 71.111.223.206 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:4.23.60.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:01:00 | WinXP | 121.84.154.37 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:118 hits: 01-08 to 09-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 19:17:00 | Win2K-f | 170.51.113.88 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 19:25:00 | WinXP | 114.120.20.121 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox:14 hits: 07-04 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 19:40:00 | Win2K-f | 208.82.42.92 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.123:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:44:00 | Win2K-f | 128.91.126.196 (UPENN.EDU): UNIVERSITY OF PENNSYLVANIA, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:51:00 | WinXP | 118.236.208.196 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:19 hits: 06-20 to 09-13] |
none[4] | none:none |
none|none | none | trace | |
| 19:51:00 | WinXP | 201.221.113.121 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 6 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:19:52:00 | WinXP | 201.221.113.121 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 6 hits: 09-12 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 20:08:00 | WinXP | 63.245.179.85 (KITUSA.COM): KANSAS INDEPENDENT TELECOMMUNICATIONS, MCPHERSON, KANSAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 8e7b9c3ae0 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:13:00 | WinXP | 98.141.178.161 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:14:00 | WinXP | 203.121.180.155 (-): COLO-CATIONPI-2-203121180128, TH. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:22:00 | WinXP | 41.214.187.204 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c9d01112a8 [Firefox: 8 hits: 08-06 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:20:30:00 | WinXP | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 57ce4acac2 [Firefox:176 hits: 06-17 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 20:35:00 | Win2K-f | 71.110.238.189 (VERIZON.NET): VERIZON INTERNET SERVICES INC, YUCAIPA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:09:00 | WinXP | 70.64.78.126 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:13:00 | Win2K-f | 58.225.17.10 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.108.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:21 hits: 06-21 to 09-13] 58c343a8d8 [Firefox:23 hits: 06-21 to 09-13] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:21:16:00 | Win2K-f | 144.138.215.111 (TMNS.NET.AU): TELSTRAINTERNET31, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] b7082104e4 [Firefox:126 hits: 06-18 to 09-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 21:21:00 | Win2K-f | 144.138.215.111 (TMNS.NET.AU): TELSTRAINTERNET31, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] b7082104e4 [Firefox:126 hits: 06-18 to 09-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:21:29:00 | WinXP | 222.144.230.52 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 21:51:00 | Win2K-f | 82.110.93.50 (EASYNET.CO.UK): ENP-PWM, BRENTWOOD, ENGLAND, UK. (DSL) |
64.85.160.111:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 21:58:00 | WinXP | 210.206.109.196 (BORA.NET): BORANET-NET-210-206/, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
6f630e7aa2 [Firefox: 5 hits: 06-30 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[none] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
none|none Armadillo| FSG| |
none lines=81 lines=92 |
none trace trace |
| 22:04:00 | WinXP | 119.95.215.225 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 184 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 885cd81584 NEW |
none[none] | none:none |
none|none | none | none | |
| 22:15:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:15:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:16:00 | WinXP | 63.23.92.137 (UU.NET): UUNET TECHNOLOGIES INC, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:36:00 | WinXP | 68.147.151.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
547dc9e490 [Firefox: 2 hits: 09-13 to 09-13] 987d6f6985 [Firefox: 2 hits: 09-13 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 22:37:00 | Win2K-f | 68.147.151.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
547dc9e490 [Firefox: 2 hits: 09-13 to 09-13] 987d6f6985 [Firefox: 2 hits: 09-13 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 22:43:00 | WinXP | 4.153.8.28 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 172 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:22:47:00 | WinXP | 203.221.141.213 (COMINDICO.COM.AU): COMINDICO AUSTRALIA, WOLLONGONG, NEW SOUTH WALES, AU. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:22:48:00 | Win2K-f | 71.97.19.114 (VERIZON.NET): VERIZON INTERNET SERVICES INC, IRVING, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.104.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:52:00 | Win2K-f | 124.61.38.40 (-): POWERCOM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.99.126:80 US:207.123.42.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
09c3d90250 [Firefox: 6 hits: 08-04 to 09-13] 8f34a39070 [Firefox: 6 hits: 08-04 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:54:00 | Win2K-f | 118.219.237.248 (-): . |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 33 |
0f7b6b4c31 [Firefox: 5 hits: 08-09 to 09-13] 168aab35a3 [Firefox:126 hits: 06-17 to 09-13] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 22:54:00 | Win2K-f | 98.141.160.84 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:57:00 | WinXP | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:10:00 | WinXP | 218.164.40.13 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:531 hits: 01-01 to 09-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:16:00 | WinXP | 70.66.195.178 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:23:00 | WinXP | 76.173.138.49 (RR.COM): ROAD RUNNER HOLDCO LLC, HERMOSA BEACH, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:26:00 | WinXP | 72.251.73.174 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox:25 hits: 08-02 to 09-13] |
none[none] | none:none |
none|none | none | none |
| 23:51:00 | Win2K-f | 222.233.15.105 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox:22 hits: 06-17 to 09-13] f23b040440 [Firefox:13 hits: 06-22 to 09-13] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 23:55:00 | WinXP | 68.205.117.31 (RR.COM): ROAD RUNNER HOLDCO LLC, MELBOURNE, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 33 of 33 0 of 32 |
23fa12ab6f NEW 53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[none] none [4] 73f1082158[1] |
none:none none:none ASM:Graph |
none|none tElock| Armadillo| |
none none lines=81 |
none trace trace |
| T:23:55:00 | WinXP | 66.205.15.39 (SUNBEACH.NET): SUNBEACH COMMUNICATIONS INC, BRIDGETOWN, ST. MICHAEL, BB. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox: 7 hits: 08-09 to 09-13] |
none[none] | none:none |
none|none | none | none |