|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:07:00 | WinXP | 130.13.222.226 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | e540a70fe0 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:10:00 | WinXP | 219.250.172.79 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.126.124:80 US:205.128.73.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:33 hits: 06-20 to 09-20] 9276c8b36b [Firefox:33 hits: 06-20 to 09-20] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:13:00 | WinXP | 123.254.50.223 (PIKARA.NE.JP): STNET INCORPORATED, TAKAMATSU, KAGAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:548 hits: 01-01 to 09-20] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 00:17:00 | WinXP | 85.152.185.54 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc NEW |
none[none] | none:none |
none|none | none | none |
| T:00:33:00 | Win2K-f | 218.117.136.125 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:35:00 | Win2K-f | 4.152.231.164 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DURHAM, NORTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:46:00 | WinXP | 124.44.83.175 (WAKWAK.NE.JP): XEPHION(NTT-ME CORPORATION), JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:00:53:00 | WinXP | 91.126.54.48 (RP80.SE): WEBTECH NORD HELSINGBORG, HELSINGBORG, SKANE, SE. |
n/a | RU:moscow-advokat.ru SE:viking.dal.net SE:qis.md.us.dal.net SE:vancouver.dal.net US:lia.zanet.net :brussels.be.eu.undernet.org :lulea.se.eu.undernet.org SE:coins.dal.net SE:ced.dal.net AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a9cfbd1b0c [Firefox: 6 hits: 09-12 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 00:55:00 | WinXP | 62.202.156.54 (BLUEWIN.CH): BLUEWINDOW, GENEVA, GENEVA, CH. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:131 hits: 01-08 to 09-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:01:02:00 | Win2K-f | 58.230.192.35 (-): THRUNET-INFRA-SEOUL03, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 US:205.128.73.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox: 7 hits: 06-18 to 09-20] e5e0dbde57 [Firefox: 7 hits: 06-18 to 09-20] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 01:06:00 | Win2K-f | 122.53.240.206 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:44 hits: 06-18 to 09-14] 76ee340669 [Firefox:44 hits: 06-18 to 09-14] b5919931fe [Firefox:622 hits: 06-20 to 09-20] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 01:21:00 | WinXP | 69.26.68.182 (KMTS.CA): KMTS INTERNET, KENORA, ONTARIO, CA. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2bae429c88 NEW |
none[none] | none:none |
none|none | none | none |
| 01:27:00 | Win2K-f | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:24 hits: 06-17 to 09-14] 41efedf70f [Firefox:23 hits: 06-19 to 09-14] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 01:30:00 | WinXP | 58.188.225.118 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:131 hits: 01-08 to 09-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 01:43:00 | WinXP | 87.173.64.46 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MAGDEBURG, SACHSEN-ANHALT, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:01:49:00 | WinXP | 118.237.37.112 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:21 hits: 06-20 to 09-18] |
none[4] | none:none |
none|none | none | trace | |
| 02:05:00 | Win2K-f | 208.82.42.92 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:18:00 | WinXP | 121.82.221.50 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | :proxima.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b964dad86b NEW |
none[none] | none:none |
none|none | none | none |
| 02:43:00 | WinXP | 220.104.20.130 (OCN.NE.JP): OPEN COMPUTER NETWORK, MISAWA, AOMORI, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:02:55:00 | WinXP | 82.207.42.153 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK, UA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6b1c6d0395 NEW |
none[none] | none:none |
none|none | none | none |
| 02:55:00 | Win2K-f | 4.188.204.252 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GRANT PARK, ILLINOIS, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 205 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
640138f7f7 NEW 886aa7fc80 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:01:00 | WinXP | 83.181.44.102 (TELE2.AT): TELE2 AUSTRIA, VIENNA, WIEN, AT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:14:00 | Win2K-f | 70.166.118.73 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:14 hits: 08-05 to 09-19] f685f8e027 [Firefox:18 hits: 06-18 to 09-19] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:03:15:00 | Win2K-f | 69.212.159.220 (AMERITECH.NET): PPPOX POOL - RBACK7 BCVLOH, CLEVELAND, OHIO, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:19:00 | WinXP | 221.251.49.172 (UCOM.NE.JP): TK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:33:00 | WinXP | 217.201.216.120 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:ozbytes.dal.net SE:vancouver.dal.net :diemen.nl.eu.undernet.org :gaspode.zanet.org.za RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:19 hits: 04-05 to 09-16] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 03:39:00 | WinXP | 211.204.28.72 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:26 hits: 06-21 to 09-20] 58c343a8d8 [Firefox:29 hits: 06-21 to 09-20] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 03:59:00 | Win2K-f | 196.208.93.111 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 36 | 8ab74f4959 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:44:00 | Win2K-f | 68.144.187.12 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 |
6be8cc4f58 NEW 916090ec84 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:47:00 | WinXP | 61.251.0.244 (-): DAEJEON TELECOM, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 33 32 of 33 |
074325ecbc [Firefox: 9 hits: 07-02 to 08-14] 2a66fc87fa [Firefox:10 hits: 07-02 to 08-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:58:00 | WinXP | 116.126.134.186 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
0c3d1ec2df [Firefox: 8 hits: 08-11 to 09-13] 8de905030e [Firefox: 8 hits: 08-11 to 09-13] e07c29c4ae [Firefox:478 hits: 06-19 to 09-20] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 04:58:00 | WinXP | 71.94.226.102 (CHARTER.COM): CHARTER COMMUNICATIONS, CRESCENT CITY, CALIFORNIA, US. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0a752bfb2a NEW |
none[none] | none:none |
none|none | none | none |
| T:04:59:00 | WinXP | 71.94.226.102 (CHARTER.COM): CHARTER COMMUNICATIONS, CRESCENT CITY, CALIFORNIA, US. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:gaz-prom.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0a752bfb2a NEW |
none[none] | none:none |
none|none | none | none |
| T:05:05:00 | WinXP | 88.181.103.121 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:coins.dal.net SE:ozbytes.dal.net SE:ced.dal.net SE:viking.dal.net :caen.fr.eu.undernet.org :washington.dc.us.undernet.org :brussels.be.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 9e4ccec7e5 [Firefox: 7 hits: 08-19 to 09-17] |
none[none] | none:none |
none|none | none | none |
| 05:06:00 | WinXP | 85.84.198.12 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BILBAO, PAIS VASCO, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:12 hits: 09-13 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 05:11:00 | Win2K-f | 219.251.194.235 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:33 hits: 06-20 to 09-20] 9276c8b36b [Firefox:33 hits: 06-20 to 09-20] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:27:00 | WinXP | 61.34.136.38 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:30:00 | WinXP | 201.32.99.87 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 42d4326d49 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:34:00 | Win2K-f | 218.54.9.96 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox:25 hits: 06-17 to 09-20] f23b040440 [Firefox:16 hits: 06-22 to 09-20] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 05:35:00 | WinXP | 117.99.12.37 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:36:00 | WinXP | 117.99.12.37 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 36 | 88d1a206a7 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:38:00 | WinXP | 62.11.15.12 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, ROME, LAZIO, IT. (DIAL) |
n/a | GB:new.egg.com DE:siliconfireware.ru :wpad US:searchportal.information.com GB:welcome3.smile.co.uk US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:243 hits: 01-01 to 09-20] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 05:44:00 | Win2K-f | 221.142.43.240 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 33 of 33 |
5364c612fa [Firefox: 7 hits: 07-06 to 09-12] 53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:05:50:00 | WinXP | 85.185.101.96 (-): KHMOJ-POUYA, SARI, MAZANDARAN, IR. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | f190da6fbe [Firefox:27 hits: 01-02 to 09-15] |
d8dc6af14c [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:58:00 | WinXP | 92.114.223.96 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | cf2dccf188 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:00:00 | Win2K-f | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.44.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:24 hits: 06-17 to 09-14] 41efedf70f [Firefox:23 hits: 06-19 to 09-14] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:06:03:00 | Win2K-f | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.44.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:51:00 | Win2K-f | 71.111.239.253 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:01:00 | WinXP | 86.56.73.105 (-): INFOCITY, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:131 hits: 01-08 to 09-20] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:15:00 | Win2K-f | 24.234.205.187 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.123:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:23:00 | WinXP | 4.227.20.244 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org BE:london.uk.eu.undernet.org SE:vancouver.dal.net |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:33:00 | WinXP | 211.22.210.69 (EAI.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 572 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
55d816f3e9 NEW 84a24d85f7 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:34:00 | WinXP | 87.1.179.105 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d67052824c NEW |
none[none] | none:none |
none|none | none | none |
| T:07:35:00 | WinXP | 87.1.179.105 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d67052824c NEW |
none[none] | none:none |
none|none | none | none |
| 07:46:00 | Win2K-f | 69.218.217.154 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:52:00 | Win2K-f | 218.54.9.96 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:205.128.73.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:25 hits: 06-17 to 09-20] b5919931fe [Firefox:622 hits: 06-20 to 09-20] f23b040440 [Firefox:16 hits: 06-22 to 09-20] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| 08:20:00 | WinXP | 81.36.138.190 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:79 hits: 01-14 to 09-20] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 08:21:00 | Win2K-f | 218.50.159.171 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 33 |
14d64882da NEW 1509c8d024 [Firefox:25 hits: 06-17 to 09-20] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:08:38:00 | WinXP | 68.203.250.240 (RR.COM): ROAD RUNNER HOLDCO LLC, LAREDO, TEXAS, US. (100Mbps) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:48:00 | Win2K-f | 123.213.73.22 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 31 of 33 |
87bd0a062f [Firefox: 8 hits: 06-29 to 09-14] b5919931fe [Firefox:622 hits: 06-20 to 09-20] c7d6018f97 [Firefox: 8 hits: 06-29 to 09-14] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:08:51:00 | WinXP | 117.97.211.186 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:79 hits: 01-14 to 09-20] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 08:59:00 | WinXP | 68.119.202.3 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:198.78.201.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:10:00 | WinXP | 151.66.78.66 (38-151.NET24.IT): IUNET-BNET, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:10:00 | WinXP | 151.66.78.66 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:15:00 | Win2K-f | 70.166.111.207 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:14 hits: 08-05 to 09-19] f685f8e027 [Firefox:18 hits: 06-18 to 09-19] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:09:18:00 | WinXP | 81.9.144.35 (CM-81-9-141-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:129 hits: 01-01 to 09-14] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:09:37:00 | Win2K-f | 60.249.77.193 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 57ce4acac2 [Firefox:194 hits: 06-17 to 09-20] b5919931fe [Firefox:622 hits: 06-20 to 09-20] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:25:00 | WinXP | 210.233.197.160 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, OKINAWA, OKINAWA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox:22 hits: 06-19 to 09-18] 79c01ec060 [Firefox:36 hits: 06-18 to 09-17] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 10:47:00 | WinXP | 130.13.33.155 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:405 hits: 12-31 to 09-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:57:00 | WinXP | 83.132.31.73 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox: 5 hits: 09-14 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 11:01:00 | WinXP | 91.141.99.46 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:11:10:00 | WinXP | 201.253.197.66 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:13:00 | WinXP | 4.152.177.213 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLARKSVILLE, TENNESSEE, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | abf78d4d9e NEW |
none[none] | none:none |
none|none | none | none |
| 11:28:00 | Win2K-f | 4.224.195.216 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.41.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:40:00 | WinXP | 92.114.116.77 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d6158c8ce9 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:57:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] bea8cb1865 [Firefox:12 hits: 08-11 to 09-20] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 12:04:00 | Win2K-f | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.42.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:14:00 | WinXP | 92.17.41.189 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b632266bbd NEW |
none[none] | none:none |
none|none | none | none |
| T:12:17:00 | WinXP | 4.230.93.60 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:29:00 | WinXP | 41.214.182.42 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:42:00 | WinXP | 218.211.147.183 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:51:00 | Win2K-f | 64.92.60.233 (CONSOLIDATED.NET): CONSOLIDATED COMMUNICATIONS INC, MATTOON, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | e9ee0d4d34 NEW |
none[none] | none:none |
none|none | none | none | |
| 13:21:00 | Win2K-f | 4.225.84.159 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:27:00 | Win2K-f | 71.100.13.61 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BRANDON, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:28:00 | WinXP | 24.195.204.29 (RR.COM): ROAD RUNNER HOLDCO LLC, ALBANY, NEW YORK, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:105 hits: 01-03 to 09-20] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:29:00 | WinXP | 24.195.204.29 (RR.COM): ROAD RUNNER HOLDCO LLC, ALBANY, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:105 hits: 01-03 to 09-20] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:31:00 | WinXP | 68.144.30.163 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 |
6be8cc4f58 NEW 916090ec84 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:37:00 | Win2K-f | 70.251.55.189 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:47:00 | Win2K-f | 24.83.66.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
342d138afd NEW 41387a24b0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:00:00 | WinXP | 71.119.232.187 (VERIZON.NET): VERIZON INTERNET SERVICES INC, YUCAIPA, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:11:00 | Win2K-f | 67.150.7.138 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:18:00 | WinXP | 119.72.11.139 (-): . |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bd78b63c84 NEW |
none[none] | none:none |
none|none | none | none |
| 14:20:00 | Win2K-f | 24.234.205.170 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.41.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:24:00 | WinXP | 86.20.44.233 (NTL.COM): NTL INFRASTRUCTURE - BIRMINGHAM, UK. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 none |
7452c8448d [Firefox:13 hits: 06-17 to 08-21] fd9b49840f [Firefox: 7 hits: 06-23 to 08-04] |
none[4] fd9b49840f[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:14:45:00 | WinXP | 75.63.155.216 (SBCGLOBAL.NET): PPPOX ADSL - BRAS1.SNANTX, DALLAS, TEXAS, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:59:00 | WinXP | 130.13.43.39 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:405 hits: 12-31 to 09-20] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:06:00 | WinXP | 186.9.79.204 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 1ed09740ca NEW |
none[none] | none:none |
none|none | none | none |
| 15:12:00 | Win2K-f | 99.151.126.6 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:14:00 | WinXP | 68.149.157.122 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:14:00 | WinXP | 68.149.157.122 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:20:00 | WinXP | 66.53.80.109 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:26:00 | Win2K-f | 4.239.87.145 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITEHALL, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
other 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:58:00 | Win2K-f | 66.188.71.34 (CHARTER.COM): CHARTER COMMUNICATIONS, LAWRENCEVILLE, GEORGIA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 |
7ba9e53288 [Firefox: 4 hits: 07-11 to 09-13] d2e7fab9c3 [Firefox: 4 hits: 07-11 to 09-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:16:00:00 | WinXP | 200.165.206.161 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net :flanders.be.eu.undernet.org NL:diemen.nl.eu.undernet.org :los-angeles.ca.us.undernet.org SE:ced.dal.net :washington.dc.us.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5c2f7da885 NEW |
none[none] | none:none |
none|none | none | none |
| 16:09:00 | Win2K-f | 66.184.11.96 (LDMI.COM): TALK AMERICA, VICTORIA, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
d37d58322a NEW f4a5378d44 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:16:36:00 | Win2K-f | 76.78.94.226 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
http 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 0 of 32 |
0b9ee6cb97 NEW a3a49cf157 NEW b5919931fe [Firefox:622 hits: 06-20 to 09-20] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:16:36:00 | WinXP | 77.21.185.159 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:40:00 | WinXP | 220.213.38.23 (WAKWAK.NE.JP): XEPHION-CIDR-BLK, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:51:00 | Win2K-f | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:209.84.20.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox: 7 hits: 07-18 to 09-17] b4fe4581c3 [Firefox: 7 hits: 07-18 to 09-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:58:00 | WinXP | 70.66.195.178 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 8c9fb86d16 NEW |
none[none] | none:none |
none|none | none | none |
| 17:00:00 | WinXP | 210.4.116.37 (-): COMCLARK, ROXAS, CAPIZ, PH. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:12 hits: 09-13 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 17:00:00 | Win2K-f | 65.183.137.81 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, CLOQUET, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:206.33.45.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
3ed16ae12d [Firefox:22 hits: 06-19 to 09-18] 79c01ec060 [Firefox:36 hits: 06-18 to 09-17] |
3ed16ae12d [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:17:05:00 | WinXP | 62.40.58.113 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:06:00 | WinXP | 220.219.6.46 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:381 hits: 01-05 to 09-20] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:14:00 | Win2K-f | 98.174.80.235 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:21:00 | WinXP | 200.97.241.64 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 2bbbdab81c NEW |
none[none] | none:none |
none|none | none | none |
| T:17:22:00 | WinXP | 200.97.241.64 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 2bbbdab81c NEW |
none[none] | none:none |
none|none | none | none |
| 17:26:00 | Win2K-f | 68.149.39.91 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:34:00 | WinXP | 65.185.169.226 (RR.COM): ROAD RUNNER HOLDCO LLC, BUTLER, OHIO, US. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:45:00 | Win2K-f | 75.49.187.236 (-): SECURITY & SPY, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:57:00 | WinXP | 68.148.109.200 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:129 hits: 01-01 to 09-14] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 18:08:00 | WinXP | 70.73.107.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:26:00 | WinXP | 121.254.74.150 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3b1ac1127c NEW |
none[none] | none:none |
none|none | none | none |
| T:18:26:00 | Win2K-f | 24.65.82.22 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 32 of 36 |
c295ae7d97 NEW dd1fe232e8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:31:00 | WinXP | 24.164.122.49 (RR.COM): ROAD RUNNER HOLDCO LLC, SHELBY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] b7082104e4 [Firefox:140 hits: 06-18 to 09-20] e07c29c4ae [Firefox:478 hits: 06-19 to 09-20] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:18:34:00 | WinXP | 24.59.240.140 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1127 hits: 12-31 to 09-20] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:42:00 | WinXP | 190.139.61.83 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 516f7aaac5 [Firefox: 5 hits: 09-19 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 18:50:00 | WinXP | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:12 hits: 06-18 to 09-15] 79c01ec060 [Firefox:36 hits: 06-18 to 09-17] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 19:19:00 | Win2K-f | 69.200.243.33 (RR.COM): ROAD RUNNER HOLDCO LLC, NEWBURGH, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 1 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] c562e2226d [Firefox: 2 hits: 07-15 to 07-18] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:19:21:00 | Win2K-f | 122.146.224.30 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:29:00 | Win2K-f | 4.140.201.125 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ROCHESTER, NEW YORK, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:46:00 | WinXP | 189.119.130.195 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b504f1f9a6 [Firefox: 2 hits: 09-14 to 09-19] |
none[none] | none:none |
none|none | none | none |
| 19:47:00 | WinXP | 70.62.226.28 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 33 |
73f1082158 [Firefox:1152 hits: 06-18 to 09-20] 79c01ec060 [Firefox:36 hits: 06-18 to 09-17] e07c29c4ae [Firefox:478 hits: 06-19 to 09-20] |
73f1082158 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| 19:58:00 | WinXP | 68.118.77.222 (CHARTER.COM): CHARTER COMMUNICATIONS, NEWPORT, OREGON, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
37be569696 NEW b2fa7ba3a5 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:02:00 | WinXP | 72.130.237.92 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:45 hits: 01-02 to 09-20] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:09:00 | WinXP | 122.146.83.229 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] e07c29c4ae [Firefox:478 hits: 06-19 to 09-20] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 20:12:00 | WinXP | 70.168.12.146 (COX.NET): COX COMMUNICATIONS, PAWTUCKET, RHODE ISLAND, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 0 of 33 28 of 33 |
da00a8e7a1 [Firefox:14 hits: 08-05 to 09-19] e07c29c4ae [Firefox:478 hits: 06-19 to 09-20] f685f8e027 [Firefox:18 hits: 06-18 to 09-19] |
none[none] e07c29c4ae[1] f685f8e027[1] |
none:none ASM:Graph ASM:Graph |
none|none FSG| Armadillo| |
none lines=92 lines=82 |
none trace trace |
| T:20:27:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 [Firefox: 8 hits: 06-18 to 09-17] f0e73c39a8 [Firefox: 9 hits: 06-18 to 09-17] |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 20:31:00 | Win2K-f | 198.111.220.230 (EJOURNEY.COM): ENDLESS JOURNEY INTERNET INC, GLADWIN, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] b5919931fe [Firefox:622 hits: 06-20 to 09-20] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:20:51:00 | WinXP | 4.245.100.119 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:526 hits: 01-01 to 09-20] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 21:00:00 | WinXP | 151.118.190.215 (QWEST.NET): QWEST BROADBAND, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 32 |
7f66e51c85 [Firefox:10 hits: 07-11 to 08-15] 9d12fe9d3b [Firefox:11 hits: 07-11 to 08-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:08:00 | WinXP | 67.11.53.226 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:16 hits: 08-09 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 21:14:00 | Win2K-f | 4.174.177.38 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:28:00 | Win2K-f | 24.84.218.247 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
1a3a423319 [Firefox: 4 hits: 06-26 to 07-22] d4c7af762e [Firefox: 4 hits: 06-26 to 07-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:28:00 | WinXP | 4.178.177.232 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTLAND, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 154 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:52:00 | WinXP | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:209.84.20.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:15:00 | WinXP | 87.205.212.243 (INETIA.PL): INTERNETIA, KATOWICE, SLASKIE, PL. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e1a16d858c [Firefox: 3 hits: 09-20 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:22:25:00 | WinXP | 117.99.46.252 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:596 hits: 12-31 to 09-20] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:28:00 | Win2K-f | 4.248.94.107 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SPARTA, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 173 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 22:35:00 | WinXP | 118.216.97.238 (-): . |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.37.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:187 hits: 06-17 to 09-20] 6a4845ca11 [Firefox:11 hits: 06-27 to 09-16] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:22:41:00 | WinXP | 217.202.96.154 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e52c9f4d0 NEW |
none[none] | none:none |
none|none | none | none |
| 23:15:00 | WinXP | 122.146.224.30 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:15:00 | WinXP | 210.244.13.232 (SEED.NET.TW): DIGITAL UNITED INC, TAINAN, KAO-HSIUNG, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:16 hits: 08-09 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:23:20:00 | Win2K-f | 122.146.241.48 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:34:00 | Win2K-f | 65.24.122.170 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] a08f3b74a4 [Firefox:802 hits: 06-18 to 09-20] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:38:00 | WinXP | 222.147.223.102 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 36 | c864191362 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:44:00 | Win2K-f | 4.232.171.38 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LONG BEACH, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2317 hits: 06-17 to 09-20] 73f1082158 [Firefox:1152 hits: 06-18 to 09-20] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |