|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:27:00 | WinXP | 60.47.189.227 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:397 hits: 01-05 to 09-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:00:31:00 | Win2K-f | 70.56.205.66 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:43:00 | Win2K-f | 70.56.205.66 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:02:00 | WinXP | 122.43.61.89 (-): POWERCOMM, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 270 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
c5f4efea24 NEW e9991938b3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:03:00 | Win2K-f | 71.97.11.132 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GRAPEVINE, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.37.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:15:00 | Win2K-f | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:19:00 | WinXP | 203.109.161.233 (IHUG.CO.NZ): THE INTERNET GROUP LTD, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 168 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:19:00 | Win2K-f | 24.66.43.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:29 hits: 06-18 to 09-23] e53a9ea82e [Firefox:29 hits: 06-18 to 09-23] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 01:21:00 | Win2K-f | 211.23.128.125 (MMEDIA.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 57ce4acac2 [Firefox:200 hits: 06-17 to 09-23] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:24:00 | Win2K-f | 122.146.83.103 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:00:00 | WinXP | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 US:209.84.20.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:11:00 | WinXP | 77.37.195.20 (NCNET.RU): NCN-INFRA, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6063a9fbda NEW |
none[none] | none:none |
none|none | none | none |
| 02:21:00 | Win2K-f | 24.195.233.87 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:02:25:00 | Win2K-f | 60.249.242.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 57ce4acac2 [Firefox:200 hits: 06-17 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 02:41:00 | WinXP | 144.138.71.124 (TMNS.NET.AU): TELSTRAINTERNET31, BRISBANE, QUEENSLAND, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 8 of 33 |
a970a83d8e NEW b7082104e4 [Firefox:146 hits: 06-18 to 09-23] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
|
| 02:45:00 | Win2K-f | 24.85.112.106 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:02:00 | Win2K-f | 24.100.16.241 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 67 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 7771a39386 NEW |
none[none] | none:none |
none|none | none | none | |
| T:03:21:00 | WinXP | 76.83.254.62 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:23:00 | WinXP | 67.213.13.31 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 1008 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 6dcb69f95a [Firefox: 4 hits: 09-14 to 09-19] |
none[none] | none:none |
none|none | none | none | |
| 03:29:00 | Win2K-f | 124.61.34.217 (-): POWERCOM, KR. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
09c3d90250 [Firefox: 7 hits: 08-04 to 09-17] 8f34a39070 [Firefox: 7 hits: 08-04 to 09-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:34:00 | WinXP | 219.109.115.78 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCORPORATED), OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:557 hits: 01-01 to 09-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 03:43:00 | WinXP | 61.98.176.22 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox: 8 hits: 06-18 to 09-21] e5e0dbde57 [Firefox: 8 hits: 06-18 to 09-21] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 03:47:00 | WinXP | 81.191.203.148 (BLUECOM.NO): CATCH COMMUNCIATIONS ASA, OSLO, OSLO, NO. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad :www.proxy-socks.net GB:olb2.nationet.com US:208.73.210.32:80 DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:249 hits: 01-01 to 09-23] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 03:48:00 | Win2K-f | 66.207.71.77 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 [Firefox: 4 hits: 07-24 to 09-14] 76f2c59ef8 [Firefox: 4 hits: 07-24 to 09-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:08:00 | WinXP | 117.99.53.121 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7104325f8d NEW |
none[none] | none:none |
none|none | none | none |
| T:04:18:00 | Win2K-f | 116.122.245.128 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 32 |
4c3df24b32 [Firefox:191 hits: 06-17 to 09-23] 53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 04:24:00 | WinXP | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox: 8 hits: 07-18 to 09-21] b4fe4581c3 [Firefox: 8 hits: 07-18 to 09-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:24:00 | WinXP | 121.254.124.116 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:617 hits: 12-31 to 09-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:27:00 | WinXP | 12.41.130.42 (PRCINTERNET.NET): PRC INTERNET CORP, SAN JUAN, PUERTO RICO, PR. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:39:00 | WinXP | 75.137.154.25 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:05:00 | WinXP | 24.80.101.171 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:08:00 | Win2K-f | 98.173.193.170 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:13:00 | WinXP | 88.30.200.221 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:397 hits: 01-05 to 09-23] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:21:00 | Win2K-f | 68.146.222.16 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:35:00 | Win2K-f | 70.233.230.205 (SBCGLOBAL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:38:00 | WinXP | 4.156.159.128 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOSTON, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:209.84.20.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 137 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:46:00 | WinXP | 212.253.11.221 (SUPERONLINE.COM): SUPERONLINE INC, ISTANBUL, ISTANBUL, TR. |
n/a | EU:siliconfireware.ru GB:new.egg.com :wpad US:searchportal.information.com :www.proxy-socks.net US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:529 hits: 01-01 to 09-23] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:05:51:00 | Win2K-f | 218.238.57.38 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:192.221.99.126:80 US:209.84.20.126:80 HK:210.245.211.11:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 33 of 35 |
168aab35a3 [Firefox:135 hits: 06-17 to 09-23] f7738e7352 [Firefox: 6 hits: 07-25 to 09-17] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 05:53:00 | WinXP | 86.96.24.190 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:31 hits: 01-07 to 08-20] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:06:02:00 | Win2K-f | 58.227.83.134 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 32 |
4c3df24b32 [Firefox:191 hits: 06-17 to 09-23] 53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] b5919931fe [Firefox:642 hits: 06-20 to 09-23] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:06:06:00 | WinXP | 98.121.132.7 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:49 hits: 01-02 to 09-23] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:29:00 | WinXP | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:31:00 | WinXP | 217.201.103.96 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2e9f4c97cc NEW |
none[none] | none:none |
none|none | none | none |
| T:06:37:00 | WinXP | 61.46.128.80 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 673 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 | 6de4e92186 NEW |
none[none] | none:none |
none|none | none | none | |
| 06:51:00 | WinXP | 84.73.48.154 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 0ada72d805 [Firefox:20 hits: 01-16 to 08-01] |
239ec78f15 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:58:00 | WinXP | 89.123.122.206 (PLATINUMGROUP.RO): ARTELECOM, RO. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc [Firefox: 4 hits: 09-14 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:06:58:00 | WinXP | 89.123.122.206 (PLATINUMGROUP.RO): ARTELECOM, RO. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 290e2cd1fc [Firefox: 4 hits: 09-14 to 09-23] |
none[none] | none:none |
none|none | none | none |
| 07:21:00 | Win2K-f | 209.29.86.203 (TELUS.COM): TELUS COMMUNICATIONS INC, NEPEAN, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:54:00 | WinXP | 92.46.83.208 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
14 of 36 | acc3005a65 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:59:00 | WinXP | 97.77.97.63 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 9 hits: 09-12 to 09-16] |
none[none] | none:none |
none|none | none | none |
| T:07:59:00 | WinXP | 97.77.97.63 (-): . |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox: 9 hits: 09-12 to 09-16] |
none[none] | none:none |
none|none | none | none |
| 08:00:00 | WinXP | 121.84.252.138 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:137 hits: 01-08 to 09-23] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 08:20:00 | Win2K-f | 98.141.160.48 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:20:00 | WinXP | 89.204.192.42 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:17 hits: 09-13 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:08:42:00 | Win2K-f | 66.153.132.174 (SCCOAST.NET): HTC - CABLE MODEM POOL, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:54:00 | Win2K-f | 116.127.229.43 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com DE:dl2.teenpassage.com :fleshkatera.cn :lolika.cn 115.126.2.110:80 US:208.111.148.115:80 US:208.111.148.137:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 226 lines |
Yeah : 1.8 profile |
none | summary tarball |
27 of 36 23 of 36 31 of 33 31 of 33 |
2a0ee3c795 [Firefox: 6 hits: 09-13 to 09-18] 68b45529a0 NEW 776985f561 [Firefox:14 hits: 06-24 to 09-20] 8ec6129efe [Firefox:14 hits: 06-24 to 09-20] |
none[none] none [none] 776985f561[1] none [4] |
none:none none:none ASM:Graph none:none |
none|none none|none Armadillo| tElock| |
none none lines=82 none |
none none trace trace |
| 09:29:00 | WinXP | 211.20.96.142 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 576 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
55d816f3e9 [Firefox: 2 hits: 09-20 to 09-21] 84a24d85f7 [Firefox: 2 hits: 09-20 to 09-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:29:00 | WinXP | 151.118.195.44 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e540a70fe0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:29:00 | WinXP | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:33:00 | Win2K-f | 116.127.145.109 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:207.123.37.123:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 34 of 36 |
168aab35a3 [Firefox:135 hits: 06-17 to 09-23] 928e2a1591 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 09:41:00 | WinXP | 24.164.52.36 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:44:00 | WinXP | 196.20.167.94 (-): MAURITIUS TELECOM, MU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:09:00 | Win2K-f | 116.126.246.224 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.41.126:80 US:209.84.20.126:80 HK:210.245.211.11:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:135 hits: 06-17 to 09-23] 4c3df24b32 [Firefox:191 hits: 06-17 to 09-23] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:15:00 | WinXP | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] e07c29c4ae [Firefox:491 hits: 06-19 to 09-23] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:10:16:00 | Win2K-f | 210.246.72.103 (-): SAMART INFONET CO. LTD. INTERNET SERVICE PROVIDER THAILAND, BANGKOK, KRUNG THEP MAHANAKHON, TH. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:35:00 | WinXP | 77.57.61.194 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:06:00 | WinXP | 172.133.185.144 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 193 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 11:19:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | :sdihsihdsfsofhsohs.net :wiger.blacktiehsbdcs.com :sisxteen.oihduhdd.net :nagoo.nagitiriheiwu.net |
135 | pcap | raw alerts ruleset |
other 338 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 29 | 0a0261b96a [Firefox: 4 hits: 07-16 to 07-28] |
none[none] | none:none |
none|none | none | none |
| 11:21:00 | Win2K-f | 118.216.235.151 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 32 |
475d9a7753 [Firefox: 3 hits: 06-22 to 09-15] e9a7fa27d5 [Firefox: 3 hits: 06-22 to 09-15] |
none[4] e9a7fa27d5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 11:24:00 | WinXP | 12.73.102.124 (ATT.NET): AT&T WORLDNET SERVICES, TACOMA, WASHINGTON, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:42 hits: 01-02 to 09-20] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:11:25:00 | WinXP | 12.73.102.124 (ATT.NET): AT&T WORLDNET SERVICES, TACOMA, WASHINGTON, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:42 hits: 01-02 to 09-20] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:11:36:00 | WinXP | 92.114.235.66 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox: 8 hits: 08-19 to 09-12] |
none[none] | none:none |
none|none | none | none |
| 11:59:00 | Win2K-f | 75.49.187.236 (-): SECURITY & SPY, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.44.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:01:00 | WinXP | 24.86.81.238 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 749 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 4d17a9a4c2 NEW |
none[none] | none:none |
none|none | none | none |
| 12:19:00 | Win2K-f | 67.240.159.156 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:20:00 | WinXP | 217.202.174.165 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d2c52914ed NEW |
none[none] | none:none |
none|none | none | none |
| T:12:20:00 | WinXP | 217.202.174.165 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d2c52914ed NEW |
none[none] | none:none |
none|none | none | none |
| 12:26:00 | WinXP | 79.151.3.46 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f5501ecc1c NEW |
none[none] | none:none |
none|none | none | none |
| T:12:26:00 | WinXP | 79.151.3.46 (RIMA-TDE.NET): TELEFONICA, MADRID, MADRID, ES. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f5501ecc1c NEW |
none[none] | none:none |
none|none | none | none |
| T:12:45:00 | WinXP | 80.29.235.183 (-): TELEFONICA MOVILES ESPANA (NCC#2006042768), ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:175 hits: 01-01 to 09-23] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:12:49:00 | WinXP | 83.217.193.60 (GRADR.INFOLINE.SU): ZAO INFOLINE, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad DE:ebookfinaltrash.ru GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 31 | 946e32b980 NEW |
none[none] | none:none |
none|none | none | none |
| 13:01:00 | WinXP | 217.202.230.46 (-): TELECOM ITALIA MOBILE, IT. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | d2c52914ed NEW |
none[none] | none:none |
none|none | none | none |
| T:13:01:00 | WinXP | 217.202.230.46 (-): TELECOM ITALIA MOBILE, IT. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | d2c52914ed NEW |
none[none] | none:none |
none|none | none | none |
| 13:04:00 | Win2K-f | 4.176.42.214 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CASA GRANDE, ARIZONA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:11:00 | WinXP | 208.83.218.89 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:18 hits: 08-09 to 09-21] |
none[none] | none:none |
none|none | none | none |
| T:13:11:00 | WinXP | 66.61.139.2 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad US:searchportal.information.com US:208.73.210.32:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:529 hits: 01-01 to 09-23] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:22:00 | WinXP | 68.144.110.160 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
lanman shell shell shell 1762 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 5 of 36 |
0381578ce5 NEW e925af3417 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:13:39:00 | WinXP | 190.225.184.47 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | cc263a661d NEW |
none[none] | none:none |
none|none | none | none |
| T:14:09:00 | WinXP | 189.74.134.190 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:12 hits: 09-17 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:14:09:00 | WinXP | 78.34.9.64 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:12 hits: 09-17 to 09-23] |
none[none] | none:none |
none|none | none | none |
| 14:12:00 | WinXP | 189.74.134.190 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:12 hits: 09-17 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:14:13:00 | WinXP | 206.82.89.12 (ALLTEL.NET): ALLTEL DIAL POOL LIVE OAK FL, LIVE OAK, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:110 hits: 01-03 to 09-22] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:35:00 | WinXP | 76.178.247.171 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:110 hits: 01-03 to 09-22] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:42:00 | Win2K-f | 75.143.200.220 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 33 of 36 |
18369c36f5 NEW e1cf89c22d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:42:00 | Win2K-f | 98.141.160.183 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:54:00 | WinXP | 24.83.120.85 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:57:00 | WinXP | 98.135.207.131 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:12:00 | WinXP | 221.171.165.27 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:24:00 | WinXP | 12.73.239.49 (ATT.NET): AT&T WORLDNET SERVICES, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:26:00 | WinXP | 208.100.234.209 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
http 144 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] e07c29c4ae [Firefox:491 hits: 06-19 to 09-23] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:33:00 | WinXP | 71.104.207.51 (VERIZON.NET): VERIZON INTERNET SERVICES INC, YUCAIPA, CALIFORNIA, US. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:617 hits: 12-31 to 09-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:34:00 | WinXP | 71.104.207.51 (VERIZON.NET): VERIZON INTERNET SERVICES INC, YUCAIPA, CALIFORNIA, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:617 hits: 12-31 to 09-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:37:00 | WinXP | 67.150.170.147 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:110 hits: 01-03 to 09-22] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:45:00 | WinXP | 24.95.240.147 (RR.COM): ROAD RUNNER HOLDCO LLC, KISSIMMEE, FLORIDA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:617 hits: 12-31 to 09-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:51:00 | WinXP | 76.78.49.152 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox: 2 hits: 09-16 to 09-16] |
none[none] | none:none |
none|none | none | none |
| T:15:51:00 | WinXP | 76.78.49.152 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox: 2 hits: 09-16 to 09-16] |
none[none] | none:none |
none|none | none | none |
| T:16:06:00 | WinXP | 76.78.48.117 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox: 2 hits: 09-16 to 09-16] |
none[none] | none:none |
none|none | none | none |
| 16:07:00 | WinXP | 76.78.48.117 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox: 2 hits: 09-16 to 09-16] |
none[none] | none:none |
none|none | none | none |
| 16:19:00 | Win2K-f | 221.139.76.178 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 36 |
2e04b06527 [Firefox: 8 hits: 06-18 to 09-16] 514265be41 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 16:39:00 | WinXP | 98.140.253.37 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:133 hits: 01-01 to 09-22] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:16:39:00 | WinXP | 98.140.253.37 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:133 hits: 01-01 to 09-22] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 16:44:00 | Win2K-f | 4.224.195.138 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:44:00 | WinXP | 212.27.14.102 (-): MLIFENET, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:45:00 | WinXP | 212.27.14.102 (-): MLIFENET, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1147 hits: 12-31 to 09-23] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:50:00 | Win2K-f | 222.239.195.217 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 33 |
023977790d NEW 53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 17:02:00 | WinXP | 66.53.80.193 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:617 hits: 12-31 to 09-23] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:09:00 | Win2K-f | 68.147.151.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 672 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 | 6de4e92186 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:13:00 | WinXP | 64.183.209.202 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] b7082104e4 [Firefox:146 hits: 06-18 to 09-23] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:17:18:00 | Win2K-f | 208.105.186.90 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:21:00 | WinXP | 41.214.191.40 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:82 hits: 01-14 to 09-23] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 17:27:00 | WinXP | 200.220.195.213 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | cc56d1daf5 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:37:00 | WinXP | 96.11.73.158 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:199.93.44.124:80 US:205.128.73.126:80 HK:210.245.211.11:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox:10 hits: 07-22 to 09-12] 8dfb3b619f [Firefox:11 hits: 07-22 to 09-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:08:00 | WinXP | 41.202.184.46 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:12 hits: 09-17 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:18:22:00 | Win2K-f | 76.195.10.16 (SBCGLOBAL.NET): PPPOX POOL - RBACK33.SNFC, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:35:00 | Win2K-f | 61.222.2.212 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 57ce4acac2 [Firefox:200 hits: 06-17 to 09-23] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:37:00 | WinXP | 211.109.19.99 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.42.126:80 US:207.123.46.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 34 of 36 |
4c3df24b32 [Firefox:191 hits: 06-17 to 09-23] 545b3dcf9f NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:18:41:00 | WinXP | 220.102.71.48 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:46:00 | WinXP | 24.100.16.241 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 67 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 7771a39386 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:51:00 | WinXP | 130.13.236.115 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:05:00 | WinXP | 12.219.198.173 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, EXCELSIOR SPRINGS, MISSOURI, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 22de60782a NEW |
none[none] | none:none |
none|none | none | none | |
| 19:08:00 | WinXP | 70.109.30.230 (VERIZON.NET): VERIZON INTERNET SERVICES INC, FRANKLIN, NORTH CAROLINA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:557 hits: 01-01 to 09-23] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:24:00 | Win2K-f | 65.184.28.201 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:30:00 | WinXP | 69.208.5.35 (AMERITECH.NET): RBACK3.AKRNOH, CANTON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] e07c29c4ae [Firefox:491 hits: 06-19 to 09-23] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:19:34:00 | WinXP | 75.143.200.220 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 33 of 36 |
18369c36f5 NEW e1cf89c22d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:38:00 | WinXP | 65.183.149.120 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:207.123.47.126:80 HK:210.245.211.11:65520 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 35 of 36 0 of 33 |
34b0957281 NEW 60430bf12d NEW e07c29c4ae [Firefox:491 hits: 06-19 to 09-23] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 20:15:00 | Win2K-f | 99.180.48.162 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.66.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:09:00 | WinXP | 209.214.200.120 (BELLSOUTH.NET): BELLSOUTH.NET INC, GREENVILLE, SOUTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:529 hits: 01-01 to 09-23] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 21:19:00 | WinXP | 218.211.217.215 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] e07c29c4ae [Firefox:491 hits: 06-19 to 09-23] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:29:00 | WinXP | 96.11.73.158 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox:10 hits: 07-22 to 09-12] 8dfb3b619f [Firefox:11 hits: 07-22 to 09-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:30:00 | Win2K-f | 96.11.73.158 (-): . |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 |
0bfa79dc19 [Firefox:10 hits: 07-22 to 09-12] 8dfb3b619f [Firefox:11 hits: 07-22 to 09-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:51:00 | Win2K-f | 66.211.120.39 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] 73f1082158 [Firefox:1195 hits: 06-18 to 09-23] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:02:00 | WinXP | 12.77.254.181 (ATT.NET): AT&T WORLDNET SERVICES, HOLLYWOOD, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:04:00 | WinXP | 67.120.205.171 (PACBELL.NET): SIEMENS ICN, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | e9ee0d4d34 [Firefox: 2 hits: 09-15 to 09-21] |
none[none] | none:none |
none|none | none | none | |
| 22:16:00 | WinXP | 72.230.139.136 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.43:80 US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2415 hits: 06-17 to 09-23] a08f3b74a4 [Firefox:845 hits: 06-18 to 09-23] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:29:00 | WinXP | 68.146.46.203 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 33 of 36 |
80d03739c2 NEW ec40b809c1 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:38:00 | WinXP | 203.70.204.38 (SEED.NET.TW): DIGITAL UNITED INC, TAOYUAN, T'AI-WAN, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
29da5b359b NEW 677277c61d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:56:00 | Win2K-f | 172.167.136.73 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
0474b4b09f NEW 1c3210698a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:02:00 | Win2K-f | 70.72.209.63 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 0 of 32 34 of 36 |
8c45399d60 NEW b5919931fe [Firefox:642 hits: 06-20 to 09-23] d9a7255548 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:23:28:00 | WinXP | 87.110.103.165 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 397e8d18ce NEW |
none[none] | none:none |
none|none | none | none |
| 23:29:00 | WinXP | 201.231.108.127 (SRC.ORG): CABLEVISION S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1b7ec6ce60 [Firefox: 5 hits: 09-16 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 23:33:00 | WinXP | 203.67.1.142 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox:15 hits: 07-12 to 08-09] |
none[none] | none:none |
none|none | none | none |
| 23:35:00 | WinXP | 121.72.241.173 (TELSTRACLEAR.NET): TELSTRACLEAR CHRISTCHURCH CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:15 hits: 08-02 to 09-20] a51a50404e [Firefox:15 hits: 08-02 to 09-20] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:42:00 | WinXP | 89.204.203.206 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:417 hits: 12-31 to 09-23] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:50:00 | Win2K-f | 70.63.133.180 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 673 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 | 6de4e92186 NEW |
none[none] | none:none |
none|none | none | none |