|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:06:00 | Win2K-f | 117.201.81.170 (-): . |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl DE:dl2.teenpassage.com DE:85.114.141.207:80 |
445 | pcap | raw alerts ruleset |
irc 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:17:00 | WinXP | 114.120.39.69 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 3 hits: 09-15 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:00:18:00 | WinXP | 77.236.174.229 (-): VEREYA, BG. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:24:00 | Win2K-f | 67.213.14.172 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 6dcb69f95a NEW |
none[none] | none:none |
none|none | none | none | |
| T:00:36:00 | Win2K-f | 63.246.122.162 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:37:00 | Win2K-f | 144.134.27.128 (TMNS.NET.AU): TELSTRAINTERNET27, GOLD COAST, QUEENSLAND, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] b7082104e4 [Firefox:130 hits: 06-18 to 09-15] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 00:44:00 | WinXP | 222.15.161.37 (DION.NE.JP): DION (KDDI CORPORATION), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:360 hits: 01-05 to 09-15] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 00:50:00 | WinXP | 193.248.162.115 (STATIC-IP.OLEANE.FR): TELECOM, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 16 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:53:00 | WinXP | 58.224.9.196 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 0 of 33 |
533d15b5ce [Firefox:22 hits: 06-21 to 09-14] 58c343a8d8 [Firefox:24 hits: 06-21 to 09-14] e07c29c4ae [Firefox:444 hits: 06-19 to 09-15] |
none[4] 58c343a8d8[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:01:06:00 | Win2K-f | 99.164.57.43 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:09:00 | WinXP | 71.111.178.98 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ALOHA, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:11:00 | WinXP | 79.132.209.247 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | US:00.devoid.us US:208.73.210.32:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1e24e409d6 NEW |
none[none] | none:none |
none|none | none | none |
| 01:11:00 | WinXP | 66.14.107.10 (GTE.NET): GENUITY DSL, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.123:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 64 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] b7082104e4 [Firefox:130 hits: 06-18 to 09-15] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:01:50:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:53:00 | WinXP | 217.20.82.173 (ISURGUT.RU): OPEN JOINT-STOCK COMPANY URALSVIAZINFORM BRANCH OF THE KHANTYMANSIYSK REGION, RU. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 71d5528293 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:02:00 | WinXP | 87.57.190.124 (IP.TELE.DK): TELEDANMARK, DK. |
n/a | RU:moscow-advokat.ru EU:gaz-prom.ru :washington.dc.us.undernet.org RU:irc.tsk.ru :los-angeles.ca.us.undernet.org :caen.fr.eu.undernet.org BE:london.uk.eu.undernet.org |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:20 hits: 01-11 to 07-17] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| 02:04:00 | Win2K-f | 98.141.161.7 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:05:00 | WinXP | 201.231.109.103 (SRC.ORG): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1b7ec6ce60 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:05:00 | WinXP | 201.231.109.103 (SRC.ORG): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1b7ec6ce60 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:12:00 | WinXP | 79.23.108.233 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:120 hits: 01-08 to 09-15] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 02:48:00 | Win2K-f | 118.219.44.54 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 71 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 | 58c343a8d8 [Firefox:24 hits: 06-21 to 09-14] |
58c343a8d8 [1] | ASM:Graph |
Armadillo| | lines=82 | trace | |
| 03:02:00 | WinXP | 87.116.204.83 (TNP.PL): NETWORK OF INTERNET SERVICE PROVIDER, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 79fdac8c50 NEW |
none[none] | none:none |
none|none | none | none |
| 03:07:00 | WinXP | 82.4.208.233 (NTL.COM): NTL INFRASTRUCTURE - BELFAST, LUTON, ENGLAND, UK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:12:00 | Win2K-f | 24.80.178.42 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:22:00 | WinXP | 88.184.62.82 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 2 hits: 09-14 to 09-14] |
none[none] | none:none |
none|none | none | none |
| T:03:34:00 | Win2K-f | 76.10.19.20 (PAVLOVMEDIA.COM): CLUB AT CHANDLER CROSSING, EAST LANSING, MICHIGAN, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 03:43:00 | WinXP | 82.235.244.135 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:18 hits: 04-05 to 09-14] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 03:44:00 | Win2K-f | 67.120.205.171 (PACBELL.NET): SIEMENS ICN, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.73.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:20:00 | WinXP | 216.211.246.248 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.73.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:21:00 | WinXP | 218.210.80.111 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 57ce4acac2 [Firefox:180 hits: 06-17 to 09-15] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:40:00 | Win2K-f | 71.122.71.253 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VENICE, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:04:41:00 | WinXP | 122.25.90.68 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:534 hits: 01-01 to 09-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:48:00 | WinXP | 84.163.226.205 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, KARLSRUHE, BADEN-WURTTEMBERG, DE. (DIAL) |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:ced.dal.net SE:viking.dal.net SE:ozbytes.dal.net AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 29a1b9503b NEW |
none[none] | none:none |
none|none | none | none |
| T:04:48:00 | WinXP | 84.163.226.205 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, KARLSRUHE, BADEN-WURTTEMBERG, DE. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 29a1b9503b NEW |
none[none] | none:none |
none|none | none | none |
| T:05:15:00 | WinXP | 83.4.159.122 (TPNET.PL): NEOSTRADA PLUS, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:29:00 | WinXP | 140.113.191.91 (NCTU.EDU.TW): TAIWAN ACADEMIC NETWORK, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:58:00 | WinXP | 116.122.234.169 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 32 |
f10855e3e1 [Firefox: 4 hits: 06-19 to 08-06] f7f799f818 [Firefox: 5 hits: 06-19 to 08-06] |
f10855e3e1 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 06:28:00 | WinXP | 94.191.254.86 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:30:00 | WinXP | 196.208.69.139 (TELKOM-IPNET.CO.ZA): AFRINIC, JOHANNESBURG, GAUTENG, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:35:00 | WinXP | 97.77.97.63 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 4 hits: 09-12 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:06:46:00 | WinXP | 4.254.78.79 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:519 hits: 01-01 to 09-15] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace | |
| 06:48:00 | Win2K-f | 219.254.0.65 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:183 hits: 06-17 to 09-15] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 07:03:00 | WinXP | 220.144.180.63 (MESH.AD.JP): NEC CORPORATION, BANGKOK, KRUNG THEP MAHANAKHON, TH. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d6138624e3 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:03:00 | Win2K-f | 69.77.144.212 (SKYBEST.COM): SKYBEST COMMUNICATIONS INC, NEW BERN, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 07:14:00 | WinXP | 82.7.223.44 (NTL.COM): NTLI, NOTTINGHAM, ENGLAND, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 5ed8a3de6e [Firefox: 4 hits: 05-18 to 08-26] |
none[4] | none:none |
ASPack| | none | trace |
| T:07:31:00 | WinXP | 117.99.5.243 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:42:00 | Win2K-f | 116.123.57.135 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 0 of 32 |
2e04b06527 [Firefox: 7 hits: 06-18 to 09-12] 5c054291de [Firefox: 7 hits: 06-18 to 09-12] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 5c054291de[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| 07:47:00 | WinXP | 92.114.223.41 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cf2dccf188 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:49:00 | WinXP | 4.138.44.73 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:19:00 | WinXP | 61.20.134.20 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:24:00 | Win2K-f | 124.241.180.184 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:37:00 | Win2K-f | 121.124.41.186 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.254:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:22 hits: 06-21 to 09-14] 58c343a8d8 [Firefox:24 hits: 06-21 to 09-14] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:08:44:00 | WinXP | 77.254.64.191 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 26e3526604 NEW |
none[none] | none:none |
none|none | none | none |
| 08:53:00 | WinXP | 76.78.49.250 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f NEW |
none[none] | none:none |
none|none | none | none |
| T:08:53:00 | WinXP | 76.78.49.250 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f NEW |
none[none] | none:none |
none|none | none | none |
| 08:55:00 | Win2K-f | 24.80.178.42 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:56:00 | WinXP | 24.59.40.187 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | :www.proxy-socks.net DE:siliconfireware.ru :wpad US:searchportal.information.com GB:welcome3.smile.co.uk US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:231 hits: 01-01 to 09-14] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:09:03:00 | WinXP | 190.245.252.239 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox: 5 hits: 08-15 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 09:06:00 | WinXP | 190.245.252.239 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox: 5 hits: 08-15 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:09:08:00 | Win2K-f | 118.218.21.111 (-): . |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.124:80 US:207.123.37.124:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:22 hits: 06-21 to 09-14] 58c343a8d8 [Firefox:24 hits: 06-21 to 09-14] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:09:11:00 | WinXP | 119.77.174.119 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:12:00 | Win2K-f | 70.182.251.209 (MAXONCORP.COM): COX COMMUNICATIONS, WICHITA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.104.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 190 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
aa9a5814b5 [Firefox: 2 hits: 08-18 to 09-12] d65dae6c35 [Firefox: 2 hits: 08-18 to 09-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:19:00 | Win2K-f | 220.57.120.8 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:26:00 | WinXP | 75.177.16.39 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:09:28:00 | WinXP | 75.177.16.39 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net SE:vancouver.dal.net :gaspode.zanet.org.za US:lia.zanet.net :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org SE:ozbytes.dal.net AT:graz.at.eu.undernet.org :washington.dc.us.undernet.org :lulea.se.eu.undernet.org :los-angeles.ca.us.undernet.org :flanders.be.eu.undernet.org SE:viking.dal.net NL:london.uk.eu.undernet.org SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:32:00 | WinXP | 208.105.161.234 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:51:00 | WinXP | 222.159.0.31 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:360 hits: 01-05 to 09-15] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:23:00 | WinXP | 68.204.161.135 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:30:00 | WinXP | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:41:00 | WinXP | 217.202.212.146 (-): TELECOM ITALIA MOBILE, IT. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 8ef9e03ad3 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:50:00 | WinXP | 89.214.202.174 (-): TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 5182077bab [Firefox: 2 hits: 01-24 to 06-10] |
none[4] | none:none |
PolyEnE| | none | trace |
| 10:56:00 | WinXP | 117.55.79.79 (EMOBILE.AD.JP): EMOBILE LTD, TOKYO, TOKYO, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:07:00 | WinXP | 190.137.42.236 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:07:00 | WinXP | 190.137.42.236 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:13:00 | WinXP | 130.13.162.45 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox: 6 hits: 02-16 to 09-15] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 11:18:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:37:00 | WinXP | 89.155.230.218 (-): TVCABO PORTUGAL S.A, PT. |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad US:searchportal.information.com GB:welcome3.smile.co.uk US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 30 | af79e0c602 [Firefox: 6 hits: 01-08 to 08-26] |
none[4] | none:none |
ASPack| | none | trace |
| 11:42:00 | Win2K-f | 65.188.176.55 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:47:00 | WinXP | 83.132.30.144 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, AMADORA, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:59:00 | WinXP | 24.43.147.170 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:4.23.60.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:02:00 | WinXP | 63.246.120.249 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:05:00 | WinXP | 89.201.114.99 (-): BALTKOM, LV. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 4 hits: 09-12 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:12:05:00 | WinXP | 89.201.114.99 (-): BALTKOM, LV. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 4 hits: 09-12 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 12:31:00 | WinXP | 130.13.49.37 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:388 hits: 12-31 to 09-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:41:00 | WinXP | 130.13.49.37 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:388 hits: 12-31 to 09-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:47:00 | WinXP | 24.74.18.3 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:388 hits: 12-31 to 09-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:49:00 | WinXP | 41.214.179.1 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox: 2 hits: 09-13 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 12:49:00 | WinXP | 78.34.2.114 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox: 2 hits: 09-14 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:12:49:00 | WinXP | 78.34.2.114 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox: 2 hits: 09-14 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 12:57:00 | WinXP | 68.184.109.17 (CHARTER.COM): CHARTER COMMUNICATIONS, DOUGLAS, GEORGIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:59:00 | WinXP | 88.184.140.150 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | aaeb594dfa NEW |
none[none] | none:none |
none|none | none | none |
| 12:59:00 | WinXP | 88.184.140.150 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | aaeb594dfa NEW |
none[none] | none:none |
none|none | none | none |
| 13:04:00 | WinXP | 24.195.232.163 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:08:00 | WinXP | 94.191.245.229 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 3 hits: 09-15 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:13:15:00 | Win2K-f | 24.195.232.163 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.99.124:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:17:00 | WinXP | 212.205.247.140 (OTENET.GR): MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS, ATHENS, ATTIKI, GR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:120 hits: 01-08 to 09-15] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:13:23:00 | WinXP | 114.120.14.79 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox: 9 hits: 08-09 to 09-15] |
none[none] | none:none |
none|none | none | none | |
| 13:29:00 | WinXP | 208.70.102.50 (HTCPLUS.NET): HOME TOWN TELEPHONE LLC, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:31:00 | Win2K-f | 63.25.202.76 (UU.NET): UUNET TECHNOLOGIES INC, LOUISVILLE, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:37:00 | WinXP | 92.113.148.220 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:37:00 | WinXP | 72.174.106.165 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:388 hits: 12-31 to 09-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:38:00 | Win2K-f | 4.131.205.147 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, STEWARTSTOWN, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 166 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 13:55:00 | WinXP | 82.227.53.134 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 7865eae7b9 NEW |
none[none] | none:none |
none|none | none | none |
| 14:03:00 | WinXP | 4.246.12.50 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:231 hits: 01-01 to 09-14] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 14:12:00 | Win2K-f | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 57ce4acac2 [Firefox:180 hits: 06-17 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:22:00 | WinXP | 130.13.133.169 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 4 hits: 09-12 to 09-15] |
none[none] | none:none |
none|none | none | none |
| T:14:24:00 | WinXP | 208.82.42.92 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.201.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:30:00 | WinXP | 98.105.196.95 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 US:207.123.37.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 211 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 29 of 33 |
5378ab9d2d [Firefox: 6 hits: 06-28 to 09-15] 60a6e7e23c [Firefox: 6 hits: 06-28 to 09-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:34:00 | WinXP | 67.41.253.30 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:50:00 | Win2K-f | 71.131.139.132 (SBCGLOBAL.NET): DOMINO'S PIZZA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:58:00 | Win2K-f | 12.70.209.59 (PRSERV.NET): AT&T GLOBAL SERVICES, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:206.33.45.125:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:00:00 | WinXP | 67.120.205.171 (PACBELL.NET): SIEMENS ICN, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] e07c29c4ae [Firefox:444 hits: 06-19 to 09-15] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:01:00 | Win2K-f | 64.139.104.175 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:30:00 | WinXP | 82.235.155.192 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 634153f0c6 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:48:00 | WinXP | 98.140.229.34 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:50:00 | Win2K-f | 203.73.5.25 (TSRC.COM.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 57ce4acac2 [Firefox:180 hits: 06-17 to 09-15] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:05:00 | WinXP | 66.19.188.117 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1076 hits: 12-31 to 09-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:07:00 | Win2K-f | 4.245.173.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MERIDEN, CONNECTICUT, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:09:00 | WinXP | 190.224.219.31 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:09:00 | WinXP | 190.224.219.31 (-): . |
n/a | RU:moscow-advokat.ru SE:ced.dal.net :flanders.be.eu.undernet.org SE:viking.dal.net SE:ozbytes.dal.net NL:diemen.nl.eu.undernet.org :brussels.be.eu.undernet.org :gaspode.zanet.org.za US:lia.zanet.net NL:london.uk.eu.undernet.org :los-angeles.ca.us.undernet.org SE:qis.md.us.dal.net SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:09:00 | Win2K-f | 71.104.53.216 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ONTARIO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:21:00 | WinXP | 76.194.20.43 (MIDWEST-CONNECTIONS.COM): MIDWEST CONNECTIONS, PAOLA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] e07c29c4ae [Firefox:444 hits: 06-19 to 09-15] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:16:39:00 | WinXP | 67.11.53.254 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:40:00 | WinXP | 76.247.106.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:120 hits: 01-08 to 09-15] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:45:00 | WinXP | 114.120.98.214 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:45:00 | WinXP | 114.120.98.214 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:51:00 | WinXP | 189.48.177.109 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0242a9175c NEW |
none[none] | none:none |
none|none | none | none |
| T:16:51:00 | WinXP | 137.118.218.35 (NEONOVA.NET): NEONOVA NETWORK SERVICES, SHERIDAN, WYOMING, US. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru AT:graz.at.eu.undernet.org :caen.fr.eu.undernet.org :gaspode.zanet.org.za NL:london.uk.eu.undernet.org :irc.kar.net :washington.dc.us.undernet.org :los-angeles.ca.us.undernet.org US:lia.zanet.net RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9bd024b012 NEW |
none[none] | none:none |
none|none | none | none |
| 16:51:00 | WinXP | 137.118.218.35 (NEONOVA.NET): NEONOVA NETWORK SERVICES, SHERIDAN, WYOMING, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8823501675 NEW |
none[none] | none:none |
none|none | none | none | |
| 16:57:00 | WinXP | 76.90.186.60 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:519 hits: 01-01 to 09-15] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 17:20:00 | Win2K-f | 68.149.45.182 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:22:00 | Win2K-f | 68.144.23.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
2204fd4d17 [Firefox: 2 hits: 09-15 to 09-15] eb0857e1b1 [Firefox: 2 hits: 09-15 to 09-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:24:00 | WinXP | 124.100.72.204 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:360 hits: 01-05 to 09-15] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:46:00 | WinXP | 24.28.166.147 (RR.COM): ROAD RUNNER HOLDCO LLC, EL PASO, TEXAS, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:36 hits: 01-02 to 09-15] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:17:47:00 | WinXP | 210.197.185.101 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), NAHA, OKINAWA, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:534 hits: 01-01 to 09-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:51:00 | WinXP | 89.214.112.60 (-): TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b5f1e70e73 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:55:00 | Win2K-f | 166.128.102.35 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:27:00 | Win2K-f | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:30:00 | WinXP | 200.234.70.91 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 93d173f2af NEW |
none[none] | none:none |
none|none | none | none |
| 18:31:00 | WinXP | 41.214.168.28 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 41065f98ee [Firefox: 4 hits: 08-04 to 08-30] |
none[none] | none:none |
none|none | none | none |
| T:18:31:00 | WinXP | 41.214.168.28 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 41065f98ee [Firefox: 4 hits: 08-04 to 08-30] |
none[none] | none:none |
none|none | none | none |
| T:18:37:00 | WinXP | 72.251.33.50 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru US:lia.zanet.net AT:graz.at.eu.undernet.org :caen.fr.eu.undernet.org SE:viking.dal.net HR:london.uk.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d9c778eaa4 NEW |
none[none] | none:none |
none|none | none | none |
| 18:41:00 | WinXP | 190.174.95.148 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:388 hits: 12-31 to 09-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:54:00 | WinXP | 121.84.237.193 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:120 hits: 01-08 to 09-15] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 18:56:00 | Win2K-f | 24.78.177.54 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:zonetech.info US:130.107.248.180:29165 |
135 | pcap | raw alerts ruleset |
irc http 286 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 36 16 of 36 31 of 33 20 of 36 10 of 36 |
27aab4187c NEW 3cd1361df4 NEW 954a98c971 [Firefox:10 hits: 06-09 to 08-30] a65dda48ec NEW c025f08a76 NEW |
none[none] none [none] none [4] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none FSG| none|none none|none |
none none none none none |
none none trace none none |
| T:19:00:00 | WinXP | 98.105.3.68 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 125dcbabd0 NEW |
none[none] | none:none |
none|none | none | none |
| 19:25:00 | Win2K-f | 207.5.188.148 (GWI.NET): GREAT WORKS INTERNET, SHAPLEIGH, MAINE, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:33:00 | WinXP | 218.211.220.199 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:35:00 | Win2K-f | 69.114.121.22 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), MASSAPEQUA, NEW YORK, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 12a5bcc0f8 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:45:00 | Win2K-f | 4.174.164.113 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WAYNESBORO, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:47:00 | WinXP | 218.247.13.5 (-): BEIJING LAN-TAO CO.LTD, BEIJING, BEIJING, CN. |
n/a | CA:xx.ka3ek.com CA:zonetech.info US:130.107.170.218:35811 |
135 | pcap | raw alerts ruleset |
irc http 729 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 36 16 of 36 20 of 36 10 of 36 29 of 36 |
27aab4187c NEW 3cd1361df4 NEW a65dda48ec NEW c025f08a76 NEW c3bc2b7d23 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:19:56:00 | Win2K-f | 99.250.233.148 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 236 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 [Firefox: 4 hits: 06-18 to 07-28] |
none[4] | none:none |
none|none | none | trace | |
| 20:01:00 | Win2K-f | 209.74.9.85 (EPIX.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, BLOOMSBURG, PENNSYLVANIA, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 28 of 33 31 of 33 |
b5919931fe [Firefox:571 hits: 06-20 to 09-15] ba4637f8f0 [Firefox: 9 hits: 07-01 to 08-23] d02ae67164 [Firefox: 9 hits: 07-01 to 08-23] |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| T:20:19:00 | WinXP | 170.51.142.141 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 4 hits: 09-12 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 20:22:00 | Win2K-f | 70.127.91.62 (RR.COM): ROAD RUNNER HOLDCO LLC, PALM HARBOR, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] a08f3b74a4 [Firefox:722 hits: 06-18 to 09-15] b5919931fe [Firefox:571 hits: 06-20 to 09-15] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:20:28:00 | Win2K-f | 68.147.48.58 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:02:00 | Win2K-f | 67.213.14.172 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 6dcb69f95a NEW |
none[none] | none:none |
none|none | none | none | |
| T:21:11:00 | WinXP | 99.224.84.91 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:30:00 | WinXP | 190.17.76.46 (COM.AR): CABLEVISION S.A, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 571e381ed4 [Firefox: 3 hits: 09-14 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 21:33:00 | Win2K-f | 98.140.87.49 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:35:00 | Win2K-f | 58.236.245.145 (-): THRUNET-INFRA-INCHEON10, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:183 hits: 06-17 to 09-15] 6a4845ca11 [Firefox:10 hits: 06-27 to 08-26] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:21:49:00 | WinXP | 217.219.228.45 (-): CALLWITHME CORP, AHVAZ, KHUZESTAN, IR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:542 hits: 12-31 to 09-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:08:00 | WinXP | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
194.109.11.65:6556 | :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 33 | e30fb27bda [Firefox: 7 hits: 07-07 to 08-30] |
none[none] | none:none |
none|none | none | none |
| T:22:16:00 | Win2K-f | 122.146.243.136 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:36:00 | Win2K-f | 67.150.254.92 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, SAN JOSE, CALIFORNIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:24:00 | Win2K-f | 66.61.16.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ALEXANDRIA, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:25:00 | WinXP | 114.121.138.166 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox: 9 hits: 08-09 to 09-15] |
none[none] | none:none |
none|none | none | none |
| 23:56:00 | Win2K-f | 76.87.210.98 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2133 hits: 06-17 to 09-15] 73f1082158 [Firefox:1067 hits: 06-18 to 09-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:58:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |