|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:09:00 | WinXP | 24.87.22.248 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 64d06f0dfa NEW |
none[none] | none:none |
none|none | none | none |
| T:00:09:00 | WinXP | 24.87.22.248 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 64d06f0dfa NEW |
none[none] | none:none |
none|none | none | none |
| 00:25:00 | Win2K-f | 61.218.20.107 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:205.128.73.126:80 HK:210.245.211.11:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http irc 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 35 of 36 |
11cd4bb3ff NEW c8c94cc597 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:33:00 | WinXP | 77.73.191.194 (-): SKYLINKS SATELLITE COMMUNICATIONS LIMITED, JE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:33:00 | WinXP | 77.73.191.194 (-): SKYLINKS SATELLITE COMMUNICATIONS LIMITED, JE. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:39:00 | Win2K-f | 220.131.96.17 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
irc 9 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:41:00 | Win2K-f | 172.129.19.53 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:22 hits: 07-03 to 09-14] c73f738c30 [Firefox:22 hits: 07-03 to 09-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:54:00 | WinXP | 121.73.134.78 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:13 hits: 08-02 to 09-18] a51a50404e [Firefox:13 hits: 08-02 to 09-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:29:00 | WinXP | 82.50.77.138 (POOL8250.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MILANO, LOMBARDIA, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:01:00 | Win2K-f | 61.222.2.212 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 57ce4acac2 [Firefox:187 hits: 06-17 to 09-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:02:00 | Win2K-f | 24.164.122.49 (RR.COM): ROAD RUNNER HOLDCO LLC, SHELBY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] b5919931fe [Firefox:604 hits: 06-20 to 09-18] b7082104e4 [Firefox:136 hits: 06-18 to 09-18] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| T:02:03:00 | WinXP | 72.253.230.140 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:12:00 | WinXP | 119.72.61.208 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru :gaspode.zanet.org.za SE:qis.md.us.dal.net SE:vancouver.dal.net SE:ozbytes.dal.net SE:ced.dal.net :caen.fr.eu.undernet.org :brussels.be.eu.undernet.org :lulea.se.eu.undernet.org :washington.dc.us.undernet.org :los-angeles.ca.us.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 9b9e5dcb18 [Firefox:14 hits: 08-08 to 08-26] |
none[none] | none:none |
none|none | none | none |
| 02:31:00 | WinXP | 82.48.135.207 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MILANO, LOMBARDIA, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:34:00 | WinXP | 67.213.14.172 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 516f907f63 NEW |
none[none] | none:none |
none|none | none | none | |
| 02:38:00 | WinXP | 76.77.228.13 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | HK:proxima.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 260 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | ea9787a186 [Firefox: 5 hits: 06-20 to 08-29] |
none[4] | none:none |
PolyEnE| | none | trace |
| 02:59:00 | Win2K-f | 68.150.135.235 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LEDUC, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 519 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 99bfd6101e NEW |
none[none] | none:none |
none|none | none | none | |
| 03:00:00 | WinXP | 62.11.115.234 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad GB:new.egg.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:241 hits: 01-01 to 09-18] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 03:07:00 | Win2K-f | 210.221.112.202 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 32 |
776985f561 [Firefox:12 hits: 06-24 to 09-17] 8ec6129efe [Firefox:12 hits: 06-24 to 09-17] b5919931fe [Firefox:604 hits: 06-20 to 09-18] |
776985f561 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 03:08:00 | WinXP | 87.19.249.134 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org AT:graz.at.eu.undernet.org SE:broadway.ny.us.dal.net SE:viking.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:08:00 | WinXP | 87.19.249.134 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:10:00 | WinXP | 12.208.80.133 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, VERNON HILLS, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:370 hits: 01-05 to 09-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:25:00 | WinXP | 89.204.199.250 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:54:00 | WinXP | 219.107.214.193 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:02:00 | WinXP | 121.2.243.247 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:22:00 | WinXP | 118.161.51.4 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 094e250564 NEW |
none[none] | none:none |
none|none | none | none |
| 04:23:00 | WinXP | 79.138.167.183 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox: 7 hits: 09-13 to 09-18] |
none[none] | none:none |
none|none | none | none |
| T:04:34:00 | WinXP | 92.40.173.7 (IKBCC.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 571e381ed4 [Firefox: 8 hits: 09-14 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 04:40:00 | Win2K-f | 99.250.233.148 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
72.10.172.218:3240 | :russia.blacktiehsbdcs.com CA:munirah.nagitiriheiwu.net CA:bti.jeiahsdod.net CA:jiets.soidudrf.com CA:72.10.169.26:3029 CA:72.10.172.218:3240 |
135 | pcap | raw alerts ruleset |
irc 241 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 [Firefox: 6 hits: 06-18 to 09-18] |
none[4] | none:none |
none|none | none | trace |
| 05:00:00 | WinXP | 61.227.76.54 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 5 hits: 09-14 to 09-18] |
none[none] | none:none |
none|none | none | none |
| T:05:12:00 | WinXP | 213.22.190.154 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox: 7 hits: 09-13 to 09-18] |
none[none] | none:none |
none|none | none | none |
| T:05:25:00 | Win2K-f | 98.140.87.49 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:40:00 | WinXP | 93.156.138.98 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 726638fb22 NEW |
none[none] | none:none |
none|none | none | none |
| 06:04:00 | WinXP | 87.205.56.59 (INETIA.PL): NETIA, PL. (DSL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d7d1a04bbe NEW |
none[none] | none:none |
none|none | none | none |
| 06:16:00 | WinXP | 67.213.14.172 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 6dcb69f95a [Firefox: 3 hits: 09-14 to 09-16] |
none[none] | none:none |
none|none | none | none | |
| T:06:40:00 | WinXP | 122.53.13.85 (PLDT.NET): IPG, PH. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 179 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 0 of 33 |
1c2b35cc77 NEW c4042a9d37 NEW e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 06:43:00 | WinXP | 84.4.33.85 (CEGETEL.NET): INTERNET RESIDENTIEL CEGETEL FRANCE, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:102 hits: 01-03 to 09-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:55:00 | WinXP | 76.202.130.232 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.LGVWTX, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:57:00 | WinXP | 60.39.198.210 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:15:00 | WinXP | 4.137.232.208 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CONCORD, NORTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] b7082104e4 [Firefox:136 hits: 06-18 to 09-18] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:07:19:00 | WinXP | 92.84.176.100 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 248df180b3 NEW |
none[none] | none:none |
none|none | none | none |
| 07:22:00 | WinXP | 84.191.236.50 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:50:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox: 7 hits: 08-01 to 08-23] dc92683d9a [Firefox:14 hits: 06-19 to 08-23] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:07:52:00 | WinXP | 79.138.145.203 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox: 7 hits: 09-13 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 08:09:00 | WinXP | 82.0.57.142 (NTL.COM): NTL INFRASTRUCTURE - MIDDLESBROUGH, MIDDLESBROUGH, ENGLAND, UK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:11:00 | WinXP | 82.0.57.142 (NTL.COM): NTL INFRASTRUCTURE - MIDDLESBROUGH, MIDDLESBROUGH, ENGLAND, UK. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:11:00 | Win2K-f | 117.104.30.147 (-): . |
67.43.236.66:8080 | CA:xx.ka3ek.com CA:zonetech.info CA:ns.enterhere.biz :aa.enterhere.biz US:130.107.178.76:16841 |
135 | pcap | raw alerts ruleset |
irc http 362 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 36 16 of 36 20 of 36 10 of 36 35 of 36 |
27aab4187c [Firefox: 3 hits: 09-15 to 09-16] 3cd1361df4 [Firefox: 3 hits: 09-15 to 09-16] a65dda48ec [Firefox: 3 hits: 09-15 to 09-16] c025f08a76 [Firefox: 3 hits: 09-15 to 09-16] faa8c4cc81 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| 08:14:00 | Win2K-f | 123.215.95.11 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 0 of 32 |
74d2a24ee8 NEW 7b7c07bc09 NEW b5919931fe [Firefox:604 hits: 06-20 to 09-18] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 08:34:00 | WinXP | 189.28.217.166 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:47:00 | Win2K-f | 168.103.40.138 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:04:00 | WinXP | 212.126.145.13 (FREEUK.COM): FREEUK MODEM POOL, UK. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | dfec585ee1 [Firefox: 2 hits: 06-30 to 08-17] |
none[none] | none:none |
none|none | none | none |
| 09:15:00 | Win2K-f | 12.219.198.173 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, EXCELSIOR SPRINGS, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] b5919931fe [Firefox:604 hits: 06-20 to 09-18] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:09:24:00 | WinXP | 83.132.30.15 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, AMADORA, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e4ed963a77 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:40:00 | WinXP | 189.66.150.232 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:41:00 | WinXP | 92.115.81.106 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:15 hits: 01-20 to 09-18] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:42:00 | WinXP | 121.102.82.35 (DY.BBEXCITE.JP): EXCITE JAPAN CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:370 hits: 01-05 to 09-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:16:00 | WinXP | 117.99.13.24 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:39 hits: 01-02 to 09-17] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:17:00 | WinXP | 117.99.13.24 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:39 hits: 01-02 to 09-17] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:17:00 | WinXP | 85.152.148.34 (CM-85-152-150-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru US:lia.zanet.net :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org NL:london.uk.eu.undernet.org :lulea.se.eu.undernet.org :washington.dc.us.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | d99da8735e [Firefox: 2 hits: 09-18 to 09-18] |
none[none] | none:none |
none|none | none | none |
| T:10:21:00 | WinXP | 130.13.36.199 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:399 hits: 12-31 to 09-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:29:00 | WinXP | 130.13.36.199 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:399 hits: 12-31 to 09-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:32:00 | WinXP | 59.92.44.122 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), CHENNAI, TAMIL NADU, IN. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:40:00 | WinXP | 130.13.216.234 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:399 hits: 12-31 to 09-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:49:00 | WinXP | 69.26.68.182 (KMTS.CA): KMTS INTERNET, KENORA, ONTARIO, CA. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2bae429c88 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:52:00 | WinXP | 216.74.194.45 (ILAND.NET): IMAGINATION INC, KNOB NOSTER, MISSOURI, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:40:00 | WinXP | 62.120.80.55 (-): EUNET, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | e64a076d45 NEW |
none[none] | none:none |
none|none | none | none |
| 11:41:00 | WinXP | 62.120.80.55 (-): EUNET, FR. |
n/a | 445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:49:00 | WinXP | 172.130.221.4 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 174 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:04:00 | Win2K-f | 218.211.222.69 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:17:00 | Win2K-f | 4.228.117.135 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:21:00 | WinXP | 60.237.129.252 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:27:00 | WinXP | 4.174.130.7 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:40:00 | WinXP | 72.251.93.95 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox: 7 hits: 02-16 to 09-16] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 13:15:00 | WinXP | 193.250.133.253 (ABO.WANADOO.FR): IP2000-ADSL-BAS, DIJON, BOURGOGNE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:399 hits: 12-31 to 09-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 13:24:00 | WinXP | 122.147.97.231 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:13:31:00 | WinXP | 41.214.179.26 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 5 hits: 09-14 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 13:33:00 | WinXP | 92.115.16.114 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2f79d6cd8c NEW |
none[none] | none:none |
none|none | none | none |
| T:13:35:00 | Win2K-f | 208.127.8.112 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 214 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 32 | 5aeb9abc92 [Firefox:13 hits: 07-15 to 09-14] |
none[none] | none:none |
none|none | none | none | |
| 13:36:00 | WinXP | 83.97.230.9 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:39 hits: 01-02 to 09-17] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:36:00 | WinXP | 83.97.230.9 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:39 hits: 01-02 to 09-17] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:04:00 | WinXP | 98.140.87.49 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:09:00 | WinXP | 198.70.153.204 (EASTEX.NET): EASTEX NET, LIVINGSTON, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | e2cd0c3b41 NEW |
none[none] | none:none |
none|none | none | none |
| 14:12:00 | WinXP | 66.50.174.78 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:18:00 | WinXP | 210.79.134.169 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:35:00 | Win2K-f | 71.100.219.46 (VERIZON.NET): VERIZON INTERNET SERVICES INC, TAMPA, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:38:00 | WinXP | 203.88.182.182 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 34 of 36 |
137ca3d320 NEW 254aacaa67 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:52:00 | WinXP | 4.245.179.124 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HARTFORD, CONNECTICUT, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:54:00 | WinXP | 98.141.161.158 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:04:00 | WinXP | 70.167.146.124 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:13 hits: 08-05 to 09-15] f685f8e027 [Firefox:17 hits: 06-18 to 09-15] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 15:08:00 | Win2K-f | 24.234.205.56 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:16:00 | Win2K-f | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:20:00 | Win2K-f | 24.43.129.186 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:20:00 | WinXP | 87.110.131.113 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | 57a9faaddf NEW |
none[none] | none:none |
none|none | none | none |
| 15:28:00 | WinXP | 218.227.188.153 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:541 hits: 01-01 to 09-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:49:00 | WinXP | 96.15.154.27 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox: 6 hits: 09-14 to 09-17] |
none[none] | none:none |
none|none | none | none |
| 15:55:00 | WinXP | 71.182.183.52 (MAXONCORP.COM): VERIZON INTERNET SERVICES INC, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 35 | f677c36972 NEW |
none[none] | none:none |
none|none | none | none | |
| 16:00:00 | WinXP | 209.29.81.85 (TELUS.COM): TELUS COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:18:00 | WinXP | 76.202.130.232 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.LGVWTX, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:26:00 | Win2K-f | 220.57.120.8 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:205.128.73.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:37:00 | WinXP | 66.50.2.122 (PRTC.NET): PRTC RAS, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | e3ce8985e6 [Firefox: 3 hits: 03-08 to 07-14] |
3762d19d64 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:03:00 | WinXP | 190.226.128.214 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:13:00 | WinXP | 200.226.159.131 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:15:00 | WinXP | 190.137.24.144 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 516f7aaac5 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:15:00 | WinXP | 190.137.24.144 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 516f7aaac5 NEW |
none[none] | none:none |
none|none | none | none |
| 17:18:00 | WinXP | 85.84.75.74 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 92010e1c85 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:18:00 | Win2K-f | 4.224.237.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FAIRBORN, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] b5919931fe [Firefox:604 hits: 06-20 to 09-18] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:28:00 | WinXP | 4.178.195.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VANCOUVER, WASHINGTON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:17:30:00 | Win2K-f | 60.250.246.206 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 57ce4acac2 [Firefox:187 hits: 06-17 to 09-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:30:00 | WinXP | 98.141.161.158 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:34:00 | WinXP | 88.31.103.196 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:42:00 | WinXP | 75.178.67.211 (RR.COM): ROAD RUNNER HOLDCO LLC, JACKSONVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:50:00 | WinXP | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:53:00 | WinXP | 74.73.232.89 (RR.COM): ROAD RUNNER HOLDCO LLC, POUGHKEEPSIE, NEW YORK, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:59:00 | WinXP | 64.24.250.73 (POPSITE.NET): USLEC CORP, SEATTLE, WASHINGTON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 137 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:59:00 | WinXP | 208.127.97.145 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 29 of 33 0 of 33 |
0d3fafbf29 [Firefox: 3 hits: 06-21 to 08-22] d401773a07 [Firefox: 3 hits: 06-21 to 08-22] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
0d3fafbf29 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=82 none lines=92 |
trace trace trace |
| 18:24:00 | WinXP | 72.136.35.109 (ROGERS.COM): ROGERS CABLE INC. YM, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 18:27:00 | WinXP | 71.100.12.2 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALRICO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 18:32:00 | WinXP | 122.2.250.29 (PLDT.NET): IPG, BAGUIO, BAGUIO, PH. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | efeb24872b NEW |
none[none] | none:none |
none|none | none | none |
| 18:47:00 | WinXP | 123.225.92.231 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:370 hits: 01-05 to 09-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:51:00 | WinXP | 209.216.178.197 (GORGE.NET): GORGE NETWORKS INC, HOOD RIVER, OREGON, US. (DIAL) |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 43b2a2d8a8 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:53:00 | WinXP | 24.59.6.140 (RR.COM): ROAD RUNNER HOLDCO LLC, ROME, NEW YORK, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:56:00 | WinXP | 70.65.15.138 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:127 hits: 01-08 to 09-18] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:18:57:00 | WinXP | 189.119.179.7 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b504f1f9a6 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:59:00 | Win2K-f | 70.73.107.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:09:00 | WinXP | 122.24.194.213 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 3b2958417b [Firefox: 9 hits: 07-09 to 08-27] |
none[none] | none:none |
none|none | none | none | |
| T:19:22:00 | WinXP | 76.168.25.152 (RR.COM): ROAD RUNNER HOLDCO LLC, VALENCIA, CALIFORNIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:32:00 | WinXP | 117.99.15.85 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:02:00 | WinXP | 172.135.123.95 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:20:02:00 | WinXP | 99.164.57.43 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:40:00 | Win2K-f | 119.95.205.168 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
71393aa8bb NEW f09cf3e3b3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:21:10:00 | WinXP | 84.74.0.170 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 5 hits: 09-14 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 21:10:00 | WinXP | 84.74.0.170 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 5 hits: 09-14 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 21:16:00 | WinXP | 75.16.240.249 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] e07c29c4ae [Firefox:466 hits: 06-19 to 09-18] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:16:00 | WinXP | 121.83.83.191 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:370 hits: 01-05 to 09-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:46:00 | WinXP | 70.65.15.138 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:127 hits: 01-08 to 09-18] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 22:15:00 | WinXP | 122.2.240.59 (PLDT.NET): IPG, BAGUIO, BAGUIO, PH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | efeb24872b NEW |
none[none] | none:none |
none|none | none | none |
| T:22:15:00 | WinXP | 122.2.240.59 (PLDT.NET): IPG, BAGUIO, BAGUIO, PH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | efeb24872b NEW |
none[none] | none:none |
none|none | none | none |
| T:22:32:00 | WinXP | 114.121.155.9 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:35:00 | WinXP | 221.171.33.55 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1106 hits: 12-31 to 09-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:03:00 | WinXP | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] a08f3b74a4 [Firefox:777 hits: 06-18 to 09-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:21:00 | WinXP | 122.214.74.5 (-): G-KG0035N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:370 hits: 01-05 to 09-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:27:00 | WinXP | 79.163.247.227 (-): IDEA, PL. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:33 hits: 07-28 to 09-18] |
none[none] | none:none |
none|none | none | none |
| 23:31:00 | Win2K-f | 72.139.83.40 (ROGERS.COM): ROGERS CABLE INC. FLFRD, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2257 hits: 06-17 to 09-18] 73f1082158 [Firefox:1125 hits: 06-18 to 09-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:31:00 | WinXP | 220.129.85.90 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:575 hits: 12-31 to 09-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:23:53:00 | Win2K-f | 172.129.19.53 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 36 30 of 33 29 of 33 |
2f51eb82f4 NEW 3373948767 [Firefox:22 hits: 07-03 to 09-14] c73f738c30 [Firefox:22 hits: 07-03 to 09-14] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |