|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:10:00 | WinXP | 78.48.43.80 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 75c16054ca NEW |
none[none] | none:none |
none|none | none | none |
| 00:34:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 139 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 [Firefox: 3 hits: 07-24 to 08-19] 76f2c59ef8 [Firefox: 3 hits: 07-24 to 08-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 01:19:00 | Win2K-f | 61.215.245.135 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCROPORATE), OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 668 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | fef4447761 NEW |
none[none] | none:none |
none|none | none | none | |
| 01:21:00 | Win2K-f | 72.67.130.47 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.108.126:80 US:198.78.201.126:80 US:209.84.20.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
5706f2fc14 NEW 68c7a1f625 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:22:00 | WinXP | 65.190.146.182 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad GB:new.egg.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:230 hits: 01-01 to 08-30] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 01:42:00 | Win2K-f | 67.213.14.148 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 6dcb69f95a NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:43:00 | Win2K-f | 68.125.88.113 (PACBELL.NET): KAREN FASHION DBA, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 661 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 02b1d27c8f NEW |
none[none] | none:none |
none|none | none | none |
| 01:46:00 | Win2K-f | 4.87.92.229 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HILLIARD, FLORIDA, US. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:09:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
20 of 32 | 93dabb5a19 [Firefox: 2 hits: 07-22 to 08-02] |
none[none] | none:none |
none|none | none | none |
| T:02:09:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 02:12:00 | WinXP | 151.66.79.139 (38-151.NET24.IT): IUNET-BNET, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:12:00 | WinXP | 151.66.79.139 (38-151.NET24.IT): IUNET-BNET, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:39:00 | Win2K-f | 203.118.235.203 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 770 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | c3bc2b7d23 NEW |
none[none] | none:none |
none|none | none | none | |
| 02:45:00 | Win2K-f | 70.184.3.48 (COX.NET): COX COMMUNICATIONS, WARNER ROBINS, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.123:80 US:207.123.37.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox: 4 hits: 07-18 to 09-13] b4fe4581c3 [Firefox: 4 hits: 07-18 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:46:00 | WinXP | 221.142.73.81 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.123:80 US:207.123.37.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
222cf9c83d NEW aa55cb3240 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:06:00 | WinXP | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 33 |
73ce2b74da [Firefox: 9 hits: 06-18 to 08-22] 79c01ec060 [Firefox:29 hits: 06-18 to 08-29] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
73ce2b74da [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| T:03:06:00 | WinXP | 119.95.58.148 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:43 hits: 06-18 to 09-13] 76ee340669 [Firefox:43 hits: 06-18 to 09-13] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 03:23:00 | WinXP | 216.79.245.70 (BELLSOUTH.NET): BELLSOUTH.NET INC, NEW ORLEANS, LOUISIANA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:02:00 | Win2K-f | 75.179.35.8 (RR.COM): ROAD RUNNER HOLDCO LLC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] b7082104e4 [Firefox:126 hits: 06-18 to 09-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 04:43:00 | Win2K-f | 98.140.87.49 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:54:00 | WinXP | 62.40.58.216 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 623e0b5433 NEW |
none[none] | none:none |
none|none | none | none |
| 04:55:00 | Win2K-f | 123.214.224.61 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 0 of 32 33 of 36 |
2f27f1f3ed NEW b5919931fe [Firefox:557 hits: 06-20 to 09-13] baa7256c07 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:05:01:00 | WinXP | 122.147.97.169 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 05:02:00 | WinXP | 203.91.184.118 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 228 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | ed7d5d9ce7 [Firefox: 2 hits: 08-26 to 08-29] |
none[none] | none:none |
none|none | none | none | |
| 05:03:00 | WinXP | 82.128.217.115 (SUOMI.NET): OULU TELEPHONE COMPANY, OULU, OULUN LAANI, FI. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 97df2c94e6 NEW |
none[none] | none:none |
none|none | none | none | |
| 05:11:00 | WinXP | 70.73.138.204 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 HK:210.245.211.11:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
6df1b03604 NEW 74fa06e356 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:21:00 | Win2K-f | 76.171.226.161 (RR.COM): ROAD RUNNER HOLDCO LLC, HERMOSA BEACH, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:28:00 | Win2K-f | 200.165.205.219 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 4d98c3ff39 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:32:00 | WinXP | 210.79.179.177 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.73.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox:17 hits: 06-19 to 08-29] 79c01ec060 [Firefox:29 hits: 06-18 to 08-29] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 05:34:00 | WinXP | 118.218.21.111 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 0 of 33 |
533d15b5ce [Firefox:21 hits: 06-21 to 09-13] 58c343a8d8 [Firefox:23 hits: 06-21 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] 58c343a8d8[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 05:42:00 | Win2K-f | 98.141.161.7 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:59:00 | WinXP | 69.183.217.33 (SNET.NET): BRAS11A.MRDNCT, PLANO, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:531 hits: 01-01 to 09-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:04:00 | Win2K-f | 172.132.135.68 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:21 hits: 07-03 to 08-30] c73f738c30 [Firefox:21 hits: 07-03 to 08-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:25:00 | WinXP | 208.127.8.121 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 215 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox:12 hits: 07-15 to 08-27] |
none[none] | none:none |
none|none | none | none | |
| T:06:36:00 | WinXP | 66.53.221.241 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:74 hits: 01-14 to 09-12] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:06:51:00 | WinXP | 65.129.191.38 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, HARRISBURG, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:59:00 | WinXP | 82.207.38.8 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK, UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:11:00 | Win2K-f | 85.177.6.152 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 07:24:00 | WinXP | 121.73.136.247 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
http 353 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
7f89b38665 [Firefox: 9 hits: 08-02 to 08-22] a51a50404e [Firefox: 9 hits: 08-02 to 08-22] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 07:27:00 | Win2K-f | 81.12.54.79 (-): FARHANG AZMA COMMUNICATIONS, TEHRAN, TEHRAN, IR. |
n/a | 139 | pcap | raw alerts ruleset |
shell http 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:53:00 | WinXP | 190.128.9.88 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 76aa373574 NEW |
none[none] | none:none |
none|none | none | none |
| 07:57:00 | WinXP | 4.233.194.54 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:02:00 | WinXP | 122.52.18.151 (PLDT.NET): IPG, PH. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:16 hits: 04-05 to 09-12] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:08:16:00 | WinXP | 190.246.142.4 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | aea0211ea9 NEW |
none[none] | none:none |
none|none | none | none |
| 08:34:00 | Win2K-f | 70.169.52.32 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:11 hits: 08-05 to 09-13] f685f8e027 [Firefox:15 hits: 06-18 to 09-13] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:08:39:00 | Win2K-f | 87.9.139.101 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
84.244.6.253:2345 | DE:qtas.net SE:dzuc.net |
445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 6a786b0331 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:41:00 | WinXP | 82.207.12.14 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN DONECK, UA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:49:00 | WinXP | 208.70.102.232 (HTCPLUS.NET): HOME TOWN TELEPHONE LLC, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:49:00 | Win2K-f | 70.61.156.64 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:49:00 | WinXP | 208.70.102.232 (HTCPLUS.NET): HOME TOWN TELEPHONE LLC, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:56:00 | WinXP | 41.214.190.31 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 623e0b5433 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:10:00 | WinXP | 85.241.236.13 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru :wpad RU:195.200.213.52:80 US:208.73.210.32:80 DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 09:11:00 | Win2K-f | 189.48.168.35 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:12:00 | WinXP | 77.21.181.150 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:16:00 | WinXP | 190.30.217.113 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 0a48f71813 NEW |
none[none] | none:none |
none|none | none | none |
| 09:28:00 | WinXP | 99.167.104.188 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:385 hits: 12-31 to 09-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:38:00 | Win2K-f | 63.28.52.55 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:38:00 | WinXP | 65.188.149.253 (RR.COM): ROAD RUNNER HOLDCO LLC, POMPANO BEACH, FLORIDA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru :wpad RU:195.200.213.52:80 US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:09:41:00 | WinXP | 213.22.210.138 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:46:00 | WinXP | 81.12.70.81 (-): FARHANG AZMA COMMUNICATIONS, IR. |
n/a | HK:proxim.ircgalaxy.pl UA:vit.ln.ua :baner.vit :www.proxy-socks.net EU:siliconfireware.ru :wpad US:searchportal.information.com UA:195.189.16.10:80 US:208.73.210.32:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 17ff76e844 NEW |
none[none] | none:none |
none|none | none | none |
| 10:04:00 | Win2K-f | 186.12.101.167 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:10:04:00 | WinXP | 24.80.184.211 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 374 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | cfe42c471f [Firefox: 4 hits: 08-10 to 09-13] |
none[none] | none:none |
none|none | none | none | |
| T:10:14:00 | WinXP | 75.46.12.182 (SBCGLOBAL.NET): AT&T INTERNET SERVICES, WATERFORD, MICHIGAN, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 10:16:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.123:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:23 hits: 06-17 to 09-13] 41efedf70f [Firefox:22 hits: 06-19 to 09-13] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 10:28:00 | Win2K-f | 66.61.16.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ALEXANDRIA, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:33:00 | WinXP | 83.29.103.46 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:38:00 | WinXP | 85.241.228.29 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 10:41:00 | WinXP | 124.155.93.80 (ASAHI-NET.OR.JP): ASAHI-NET-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:55:00 | WinXP | 4.232.255.104 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TORRANCE, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:57:00 | WinXP | 82.241.181.143 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 7bece71bb1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:57:00 | WinXP | 82.241.181.143 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 7bece71bb1 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:24:00 | WinXP | 87.68.239.150 (012.NET.IL): GOLDEN LINES INTERNATIONAL COMMUNICATION SERVICES LTD, IL. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c9d01112a8 [Firefox: 8 hits: 08-06 to 09-13] |
none[none] | none:none |
none|none | none | none |
| T:11:34:00 | WinXP | 66.51.232.127 (CTCINET.COM): CONSOLIDATED TELCOM, DICKINSON, NORTH DAKOTA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:52:00 | Win2K-f | 71.79.67.62 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:205.128.73.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:09:00 | Win2K-f | 186.12.72.251 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:14:00 | WinXP | 88.117.57.87 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| T:12:26:00 | WinXP | 217.20.82.245 (ISURGUT.RU): OPEN JOINT-STOCK COMPANY URALSVIAZINFORM BRANCH OF THE KHANTYMANSIYSK REGION, RU. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 5e0af7b8d3 NEW |
none[none] | none:none |
none|none | none | none |
| 12:28:00 | WinXP | 190.17.77.106 (COM.AR): CABLEVISION S.A, AR. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 571e381ed4 NEW |
none[none] | none:none |
none|none | none | none |
| 12:48:00 | Win2K-f | 116.123.40.113 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:126 hits: 06-17 to 09-13] 4c3df24b32 [Firefox:180 hits: 06-17 to 09-13] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:05:00 | WinXP | 79.132.194.35 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru :wpad GB:new.egg.com CA:www.bank-banque-canada.ca RU:195.200.213.52:80 US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:06:00 | WinXP | 71.104.36.181 (VERIZON.NET): VERIZON INTERNET SERVICES INC, POMONA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.42.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:07:00 | Win2K-f | 98.134.94.194 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 320 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 7a2cad4bbc NEW |
none[none] | none:none |
none|none | none | none | |
| 13:08:00 | Win2K-f | 99.224.126.113 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.42.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:15:00 | WinXP | 96.51.29.181 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:204.160.104.126:80 US:207.123.42.126:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 27 of 32 |
b4397cd867 NEW b455f223d6 NEW |
none[none] b455f223d6[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
| 13:28:00 | WinXP | 4.254.219.80 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BILLINGS, MONTANA, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad EU:ebookfinaltrash.ru US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:34:00 | WinXP | 125.58.73.248 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 13:35:00 | WinXP | 41.214.179.14 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 75cf39cba2 [Firefox: 2 hits: 09-12 to 09-12] |
none[none] | none:none |
none|none | none | none |
| T:13:35:00 | WinXP | 41.214.179.14 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 75cf39cba2 [Firefox: 2 hits: 09-12 to 09-12] |
none[none] | none:none |
none|none | none | none | |
| T:13:37:00 | WinXP | 217.124.39.124 (TELEFONICA.NET): TELEFONICA DATA ESPANA (NCC#2001027547), ES. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:51:00 | WinXP | 83.88.70.187 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, HUMLEBæK, FREDERIKSBORG, DK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:27:00 | Win2K-f | 172.129.237.245 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:27:00 | WinXP | 83.132.31.55 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | a84ffdf670 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:35:00 | Win2K-f | 70.184.3.48 (COX.NET): COX COMMUNICATIONS, WARNER ROBINS, GEORGIA, US. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl US:microsoft.com DE:dl2.teenpassage.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:204.160.126.124:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
irc 119 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox: 4 hits: 07-18 to 09-13] b4fe4581c3 [Firefox: 4 hits: 07-18 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:38:00 | WinXP | 85.152.184.174 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc NEW |
none[none] | none:none |
none|none | none | none |
| 14:44:00 | WinXP | 76.195.8.102 (SBCGLOBAL.NET): PPPOX POOL - RBACK33.SNFC, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:46:00 | Win2K-f | 116.120.37.119 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com DE:dl2.teenpassage.com HK:210.245.211.11:65520 US:4.23.60.125:80 DE:85.114.141.207:80 |
135 | pcap | raw alerts ruleset |
http irc 159 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 24 of 33 0 of 32 |
6e2eaa0359 [Firefox: 7 hits: 07-10 to 08-22] 740e3bffe0 [Firefox: 8 hits: 06-25 to 08-22] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:14:54:00 | WinXP | 72.0.250.124 (SPEAKEASY.NET): US. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru DE:dl2.teenpassage.com |
445 | pcap | raw alerts ruleset |
http irc 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 NEW |
none[none] | none:none |
none|none | none | none |
| 15:18:00 | WinXP | 200.112.243.158 (CMET.NET): CMET SACI, SANTIAGO, REGION METROPOLITANA, CL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:28:00 | WinXP | 4.240.27.162 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHOENIX, ARIZONA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:533 hits: 12-31 to 09-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:59:00 | WinXP | 200.66.188.105 (PRODIGY.NET.MX): REASIGNACION UNINET, TOLUCA, MEXICO, MX. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:01:00 | WinXP | 99.141.28.232 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:18 hits: 01-01 to 08-19] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 16:02:00 | Win2K-f | 61.222.6.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 57ce4acac2 [Firefox:176 hits: 06-17 to 09-13] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:13:00 | WinXP | 189.67.180.63 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | b504f1f9a6 NEW |
none[none] | none:none |
none|none | none | none |
| 16:29:00 | WinXP | 98.140.255.103 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:128 hits: 01-01 to 08-27] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 16:44:00 | Win2K-f | 71.107.225.35 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LONG BEACH, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:03:00 | Win2K-f | 186.12.74.51 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:15:00 | Win2K-f | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:34:00 | WinXP | 189.24.180.180 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:36:00 | WinXP | 4.155.18.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BALTIMORE, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 18:08:00 | Win2K-f | 71.112.175.108 (VERIZON.NET): VERIZON INTERNET SERVICES INC, KIRKLAND, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:11:00 | WinXP | 190.128.9.88 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 76aa373574 NEW |
none[none] | none:none |
none|none | none | none |
| 18:15:00 | WinXP | 65.188.149.253 (RR.COM): ROAD RUNNER HOLDCO LLC, POMPANO BEACH, FLORIDA, US. |
n/a | EU:siliconfireware.ru RU:www.bbin.ru :wpad US:searchportal.information.com RU:195.200.213.52:80 US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:509 hits: 01-01 to 09-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:22:00 | WinXP | 4.155.18.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BALTIMORE, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:350 hits: 01-05 to 09-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 18:23:00 | Win2K-f | 190.244.214.42 (-): . |
213.239.192.125:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:168 hits: 05-22 to 09-13] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 18:40:00 | Win2K-f | 4.252.10.113 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYLVA, NORTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:43:00 | WinXP | 114.120.82.120 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c3bc53e727 NEW |
none[none] | none:none |
none|none | none | none |
| 18:51:00 | Win2K-f | 70.127.91.64 (RR.COM): ROAD RUNNER HOLDCO LLC, PALM HARBOR, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:14:00 | WinXP | 70.118.224.238 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:24:00 | Win2K-f | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:25:00 | Win2K-f | 4.228.42.147 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:27:00 | Win2K-f | 4.225.148.179 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CINCINNATI, OHIO, US. (DIAL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.153.236:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 176 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
6528697102 NEW 667b157f26 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:42:00 | WinXP | 70.73.192.157 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | e5308455e5 NEW |
none[none] | none:none |
none|none | none | none |
| 19:44:00 | WinXP | 123.213.62.155 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox: 7 hits: 06-29 to 08-09] c7d6018f97 [Firefox: 7 hits: 06-29 to 08-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:49:00 | WinXP | 24.143.116.93 (SPEAKEASY.NET): US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:53:00 | Win2K-f | 69.77.144.212 (SKYBEST.COM): SKYBEST COMMUNICATIONS INC, NEW BERN, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.73.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:32:00 | Win2K-f | 24.80.178.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:32 hits: 06-20 to 09-13] e5c7bce70e [Firefox:30 hits: 06-20 to 09-13] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:40:00 | WinXP | 217.202.150.162 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:40:00 | WinXP | 217.202.150.162 (-): TELECOM ITALIA MOBILE, IT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1057 hits: 12-31 to 09-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:20:42:00 | WinXP | 70.71.251.92 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:02:00 | Win2K-f | 76.194.20.43 (MIDWEST-CONNECTIONS.COM): MIDWEST CONNECTIONS, PAOLA, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] a08f3b74a4 [Firefox:702 hits: 06-18 to 09-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 22:06:00 | WinXP | 60.249.251.172 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:06:00 | WinXP | 122.52.19.138 (PLDT.NET): IPG, PH. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:16 hits: 04-05 to 09-12] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 22:08:00 | Win2K-f | 4.131.153.245 (APEXCOVANTAGE.COM): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.173.41:80 US:208.111.173.42:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 160 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 32 of 33 |
62cfe21240 NEW b99badda6e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:32:00 | WinXP | 92.96.120.180 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:118 hits: 01-08 to 09-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:22:38:00 | WinXP | 70.118.224.238 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:49:00 | WinXP | 124.100.68.15 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | abfc1b573e NEW |
none[none] | none:none |
none|none | none | none |
| T:23:00:00 | Win2K-f | 124.241.136.202 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:12:00 | WinXP | 71.39.30.73 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, ALBUQUERQUE, NEW MEXICO, US. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:27:00 | Win2K-f | 119.69.132.52 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 26 of 33 |
2851817490 [Firefox: 5 hits: 06-27 to 08-25] ed4acd1f8e [Firefox: 2 hits: 06-28 to 08-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:36:00 | Win2K-f | 124.241.190.76 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] b5919931fe [Firefox:557 hits: 06-20 to 09-13] b7082104e4 [Firefox:126 hits: 06-18 to 09-13] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 23:44:00 | WinXP | 63.28.65.74 (UU.NET): UUNET TECHNOLOGIES INC, HONOLULU, HAWAII, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2072 hits: 06-17 to 09-13] 73f1082158 [Firefox:1034 hits: 06-18 to 09-13] e07c29c4ae [Firefox:428 hits: 06-19 to 09-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 23:59:00 | WinXP | 116.59.183.228 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:40 hits: 01-02 to 08-23] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |