|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:30:00 | WinXP | 211.27.194.53 (IPRIMUS.NET.AU): PRIMUS TELECOMMUNICATIONS, PERTH, WESTERN AUSTRALIA, AU. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 216 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 28 of 32 |
3f0a5b2ebe [Firefox:20 hits: 06-18 to 09-27] c6bfb5f0f2 [Firefox:20 hits: 06-18 to 09-27] |
none[4] c6bfb5f0f2[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:00:39:00 | Win2K-f | 24.82.184.79 (SHELLCOMPUTERS.COM): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 0 of 32 33 of 36 |
28ce5fc467 [Firefox: 4 hits: 09-12 to 09-25] b5919931fe [Firefox:666 hits: 06-20 to 09-27] e7335cb667 [Firefox: 4 hits: 09-12 to 09-25] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 01:19:00 | Win2K-f | 216.211.252.23 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:20:00 | Win2K-f | 203.54.9.65 (TMNS.NET.AU): TELSTRAINTERNET5, WAGGA WAGGA, NEW SOUTH WALES, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| T:01:22:00 | WinXP | 165.21.208.220 (SINGNET.COM.SG): SINGNET, SINGAPORE, SINGAPORE, SG. |
n/a | DE:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad :www.proxy-socks.net US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 31 | b783511e9b [Firefox: 5 hits: 01-26 to 02-27] |
8d871feb5d [0] | ASM:Graph |
ASPack| | lines=396 embedded dns |
trace |
| T:01:23:00 | Win2K-f | 125.58.90.19 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:37:00 | Win2K-f | 61.34.136.38 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:204.160.104.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:50:00 | WinXP | 75.16.233.70 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:192.221.99.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:58:00 | Win2K-f | 24.85.10.192 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:41:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 55 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 02:42:00 | Win2K-f | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | fe22b8315f [Firefox: 8 hits: 06-19 to 09-13] |
none[4] | none:none |
StarForce| | none | trace | |
| 02:51:00 | WinXP | 24.85.111.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BLAINE, WASHINGTON, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
1cc5f013c3 NEW b2c2ac778d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:15:00 | WinXP | 76.10.19.20 (PAVLOVMEDIA.COM): CLUB AT CHANDLER CROSSING, EAST LANSING, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:22:00 | Win2K-f | 24.164.122.49 (RR.COM): ROAD RUNNER HOLDCO LLC, SHELBY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] b7082104e4 [Firefox:150 hits: 06-18 to 09-27] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 03:29:00 | Win2K-f | 210.207.98.64 (BORA.NET): BORANET-NET-210-206/, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 0 of 32 |
6e4189aed5 [Firefox: 2 hits: 08-09 to 08-10] a2abf80155 [Firefox: 2 hits: 08-09 to 08-10] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 03:36:00 | WinXP | 62.174.32.198 (ONO.COM): AUNA S.A.U, BARCELONA, CATALUñA, ES. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad RU:www.bbin.ru |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:256 hits: 01-01 to 09-27] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 03:48:00 | WinXP | 122.21.245.162 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:567 hits: 01-01 to 09-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:57:00 | Win2K-f | 219.115.217.169 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, TOYONAKA, OSAKA, JP. |
194.109.11.65:6556 194.109.11.65:1023 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 191 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 36 | 0c01728b7e NEW |
none[none] | none:none |
none|none | none | none |
| 04:01:00 | WinXP | 159.134.184.32 (EIRCOM.NET): EIRCOM GROUP PLC, DUBLIN, DUBLIN, IE. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 04:16:00 | Win2K-f | 173.16.103.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:24:00 | WinXP | 221.191.133.92 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:409 hits: 01-05 to 09-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 04:29:00 | Win2K-f | 172.129.185.43 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.37.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
0474b4b09f [Firefox: 2 hits: 09-24 to 09-25] 1c3210698a [Firefox: 3 hits: 07-13 to 09-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:51:00 | Win2K-f | 24.77.203.25 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
14 of 36 11 of 36 |
83c5c9c5c9 NEW aac2521c5b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 05:01:00 | WinXP | 124.102.58.54 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:25 hits: 06-20 to 09-27] |
none[4] | none:none |
none|none | none | trace | |
| T:05:13:00 | WinXP | 75.191.175.216 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:636 hits: 12-31 to 09-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:30:00 | Win2K-f | 196.208.95.108 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:39:00 | WinXP | 92.40.125.123 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 492341416e NEW |
none[none] | none:none |
none|none | none | none |
| 05:49:00 | Win2K-f | 68.144.24.135 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 207 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 22 of 36 |
1eacab1cc9 NEW d43f7bdb88 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 05:53:00 | Win2K-f | 219.115.217.169 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, TOYONAKA, OSAKA, JP. |
194.109.11.65:6556 | NL:0x80.online-software.org NL:0x80.martiansong.com :0xff.memzero.info :0x80.my-secure.name NL:0x80.goingformars.com NL:0x80.my1x1.com NL:194.109.11.65:1023 NL:194.109.11.65:6556 |
135 | pcap | raw alerts ruleset |
other 270 lines |
Yeah : 1.8 profile |
none | summary tarball |
36 of 36 | 0c01728b7e NEW |
none[none] | none:none |
none|none | none | none |
| T:05:55:00 | Win2K-f | 140.239.43.104 (XO.NET): XO COMMUNICATIONS, HOPKINTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:15 hits: 06-18 to 09-27] 79c01ec060 [Firefox:45 hits: 06-18 to 09-27] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 06:01:00 | Win2K-f | 211.212.60.3 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 34 of 36 |
4c3df24b32 [Firefox:198 hits: 06-17 to 09-27] 99745b0c1d NEW |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:06:08:00 | WinXP | 85.241.227.5 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com EU:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:541 hits: 01-01 to 09-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:06:52:00 | WinXP | 116.0.207.94 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:409 hits: 01-05 to 09-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:22:00 | Win2K-f | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 32 |
73ce2b74da [Firefox:15 hits: 06-18 to 09-27] 79c01ec060 [Firefox:45 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
73ce2b74da [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 07:31:00 | WinXP | 75.49.225.246 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e5dd743ec0 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:38:00 | WinXP | 81.36.138.237 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:85 hits: 01-14 to 09-25] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 07:49:00 | WinXP | 70.236.68.145 (AMERITECH.NET): PPPOX POOL - RBACK2 IPLTIN, INDIANAPOLIS, INDIANA, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad GB:welcome3.smile.co.uk GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:256 hits: 01-01 to 09-27] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:08:05:00 | WinXP | 190.188.84.52 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:20 hits: 08-09 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:08:13:00 | WinXP | 85.85.78.95 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 42c8d9a857 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:19:00 | WinXP | 78.82.210.196 (TELENOR.SE): TELENOR BUSINESS SOLUTION AB, SE. |
n/a | :www.google.com.au US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:37 hits: 04-18 to 09-25] |
none[3] | none:none |
tElock| | none | trace |
| 08:22:00 | WinXP | 89.152.38.87 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 1ec0fd8c30 NEW |
none[none] | none:none |
none|none | none | none |
| 08:24:00 | Win2K-f | 69.89.102.70 (ACD.NET): ACD.NET, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:28:00 | WinXP | 98.148.129.118 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:16:00 | WinXP | 222.233.15.114 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 30 of 32 |
1509c8d024 [Firefox:32 hits: 06-17 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] f23b040440 [Firefox:21 hits: 06-22 to 09-23] |
none[4] e07c29c4ae[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| FSG| Armadillo| |
none lines=92 lines=82 |
trace trace trace |
| T:09:19:00 | WinXP | 82.231.142.146 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:636 hits: 12-31 to 09-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:20:00 | WinXP | 66.51.232.127 (CTCINET.COM): CONSOLIDATED TELCOM, DICKINSON, NORTH DAKOTA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru :wpad RU:195.200.213.54:80 US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:541 hits: 01-01 to 09-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 09:28:00 | WinXP | 92.41.77.104 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:29:00 | WinXP | 200.216.127.84 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox: 6 hits: 09-17 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:09:34:00 | WinXP | 119.77.171.135 (-): . |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a5dfa6f948 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:51:00 | Win2K-f | 92.41.129.247 (IKBCC.COM): EU-ZZ, UK. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com IL:wrsavn.flutix.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com US:192.221.99.126:80 IL:194.90.224.86:80 US:199.93.44.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
irc http 242 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 15 of 36 30 of 32 none |
464a5bfd5b [Firefox:12 hits: 09-27 to 09-27] 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] 7452c8448d [Firefox:14 hits: 06-17 to 09-21] fd9b49840f [Firefox: 8 hits: 06-23 to 09-21] |
none[none] none [none] none [4] fd9b49840f[1] |
none:none none:none none:none ASM:Graph |
none|none none|none PolyEnE| Armadillo| |
none none none lines=81 |
none none trace trace |
| T:09:57:00 | WinXP | 125.215.124.181 (PIKARA.NE.JP): PIKARA(STNET INCORPORATED), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:567 hits: 01-01 to 09-27] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:07:00 | Win2K-f | 209.29.85.184 (TELUS.COM): TELUS COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:11:00 | Win2K-f | 87.169.103.187 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, DE. (DIAL) |
n/a | :proxim.ircgalaxy.pl IL:wrsavn.flutix.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:microsoft.com US:download.microsoft.com IL:194.90.224.86:80 |
445 | pcap | raw alerts ruleset |
irc http 109 lines |
Argh : 0.3 profile |
none | summary tarball |
6 of 36 15 of 36 |
464a5bfd5b [Firefox:12 hits: 09-27 to 09-27] 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:15:00 | WinXP | 85.185.233.206 (-): RAYANEH SARA ALVAND COMPANY, IR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 31 | 4d244a981f [Firefox: 8 hits: 03-30 to 07-11] |
b66b85d85f [0] | ASM:Graph |
PolyEnE| | lines=129 | trace |
| 10:16:00 | Win2K-f | 68.147.196.90 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | CA:dong.nagitiriheiwu.net US:130.107.217.36:39926 |
135 | pcap | raw alerts ruleset |
irc 240 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 30 | 6f48587848 [Firefox: 3 hits: 02-18 to 08-24] |
0bc04966dd [0] | none:none |
none|none | none | trace |
| 10:33:00 | WinXP | 68.74.73.176 (-): PPPOX POOL - EMHRIL RBACK, CHICAGO, ILLINOIS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:10:34:00 | Win2K-f | 213.22.209.131 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl IL:wrsavn.flutix.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:microsoft.com US:download.microsoft.com IL:194.90.224.86:80 US:204.160.104.126:80 |
445 | pcap | raw alerts ruleset |
irc http 109 lines |
Argh : 0.3 profile |
none | summary tarball |
15 of 36 | 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:10:39:00 | WinXP | 118.7.128.226 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:409 hits: 01-05 to 09-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 10:39:00 | WinXP | 98.28.15.111 (-): . |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:541 hits: 01-01 to 09-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:10:42:00 | WinXP | 85.204.133.120 (JUMP.RO): SC AZURE SOFTWARE SRL, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 5ed9c4adac [Firefox: 3 hits: 09-25 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:11:12:00 | WinXP | 98.28.15.111 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:541 hits: 01-01 to 09-27] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 11:13:00 | WinXP | 82.160.234.169 (EC.PL): TELEKOMUNIKACJA KOLEJOWA SP. Z O.O, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:28 hits: 09-13 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 11:13:00 | WinXP | 163.203.137.89 (VIP-ZA.COM): AFRINIC, PRETORIA, GAUTENG, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:21:00 | WinXP | 82.15.41.177 (NTL.COM): NTL INFRASTRUCTURE - BAGULEY, HARTLEPOOL, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 09-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:37:00 | Win2K-f | 99.181.179.213 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:42:00 | WinXP | 4.244.180.178 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OZARK, MISSOURI, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] |
none[4] e07c29c4ae[1] |
none:none ASM:Graph |
tElock| FSG| |
none lines=92 |
trace trace |
| 11:43:00 | WinXP | 87.3.67.22 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, ANCONA, MARCHE, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | dccd78bf99 NEW |
none[none] | none:none |
none|none | none | none |
| 11:45:00 | WinXP | 63.18.113.119 (UU.NET): UUNET TECHNOLOGIES INC, AULT, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:06:00 | WinXP | 213.206.50.20 (NOTUSED.UZPAK.UZ): PROVIDER LOCAL REGISTRY, UZ. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 12:09:00 | WinXP | 82.241.109.249 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | e8cc9c1f8b NEW |
none[none] | none:none |
none|none | none | none |
| 12:15:00 | WinXP | 99.224.126.113 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:15:00 | WinXP | 4.156.96.39 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BOSTON, MASSACHUSETTS, US. (DIAL) |
n/a | DE:siliconfireware.ru RU:www.bbin.ru RU:www.binbank.ru :wpad US:searchportal.information.com US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 36 | 9d9e018ca3 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 57ce4acac2 [Firefox:210 hits: 06-17 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 12:25:00 | WinXP | 86.129.234.222 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 09-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:56:00 | Win2K-f | 211.214.115.13 (-): HANANET-LLINE-SAHACABLE, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
4ef7771f3f NEW d29aef3217 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:20:00 | Win2K-f | 75.16.233.70 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:198.78.201.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:27:00 | WinXP | 201.5.27.185 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 69d773e78a NEW |
none[none] | none:none |
none|none | none | none |
| T:13:30:00 | WinXP | 190.225.197.202 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | cc263a661d [Firefox: 6 hits: 09-24 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:13:32:00 | WinXP | 200.165.196.220 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 571e381ed4 [Firefox:10 hits: 09-14 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 13:45:00 | WinXP | 130.13.62.223 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 09-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:47:00 | WinXP | 151.80.133.210 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 516f7aaac5 [Firefox: 8 hits: 09-19 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 14:06:00 | Win2K-f | 68.150.215.79 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SHERWOOD PARK, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
4e56b449dc NEW cfbd74f042 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:10:00 | WinXP | 88.25.1.242 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2006112951), ES. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f5501ecc1c [Firefox: 2 hits: 09-24 to 09-24] |
none[none] | none:none |
none|none | none | none |
| 14:11:00 | WinXP | 99.141.123.209 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:11:00 | WinXP | 85.138.189.149 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 3ff96af82f NEW |
none[none] | none:none |
none|none | none | none |
| T:14:13:00 | WinXP | 216.218.108.28 (FTC-I.NET): FARMERS TELEPHONE COOPERATIVE INC, KINGSTREE, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:22:00 | Win2K-f | 70.72.80.205 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:25:00 | WinXP | 4.230.30.98 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:26:00 | Win2K-f | 70.166.118.73 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn IL:wrsavn.flutix.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com |
135 | pcap | raw alerts ruleset |
irc http 137 lines |
Yeah : 1.8 profile |
none | summary tarball |
5 of 36 15 of 36 15 of 36 0 of 32 34 of 36 7 of 36 28 of 33 |
6a7fb64400 NEW 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] 91dc355a93 [Firefox:18 hits: 09-25 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] da00a8e7a1 [Firefox:21 hits: 08-05 to 09-27] e9b5f1306e NEW f685f8e027 [Firefox:25 hits: 06-18 to 09-27] |
none[none] none [none] none [none] b5919931fe[1] none [none] none [none] f685f8e027[1] |
none:none none:none none:none ASM:Graph none:none none:none ASM:Graph |
none|none none|none none|none ASProtect| none|none none|none Armadillo| |
none none none lines=90 none none lines=82 |
none none none trace none none trace |
| 14:28:00 | WinXP | 217.202.146.187 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 8ef9e03ad3 [Firefox: 2 hits: 09-12 to 09-16] |
none[none] | none:none |
none|none | none | none |
| T:14:28:00 | WinXP | 217.202.146.187 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 8ef9e03ad3 [Firefox: 2 hits: 09-12 to 09-16] |
none[none] | none:none |
none|none | none | none |
| T:14:31:00 | WinXP | 209.214.56.176 (BELLSOUTH.NET): BELLSOUTH.NET INC, HENDERSONVILLE, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:34:00 | Win2K-f | 70.68.69.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:35:00 | WinXP | 83.132.35.220 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, AMADORA, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru :adult-empire.com |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e4ed963a77 [Firefox: 5 hits: 09-18 to 09-22] |
none[none] | none:none |
none|none | none | none |
| 14:45:00 | Win2K-f | 99.158.41.225 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] b7082104e4 [Firefox:150 hits: 06-18 to 09-27] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:14:48:00 | WinXP | 83.97.207.165 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:50 hits: 01-02 to 09-24] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:05:00 | WinXP | 190.134.9.22 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fbe263609e NEW |
none[none] | none:none |
none|none | none | none |
| T:15:07:00 | Win2K-f | 68.149.130.169 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:15:00 | Win2K-f | 4.252.192.126 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ANNA, ILLINOIS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 179 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:22:00 | WinXP | 213.240.15.6 (ISTRA.CO.YU): YUNET INTERNATIONAL, CS. |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:new.egg.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 36 | c699b15f19 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:05:00 | WinXP | 63.19.22.133 (UU.NET): UUNET TECHNOLOGIES INC, ST. LOUIS, MISSOURI, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:636 hits: 12-31 to 09-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:08:00 | WinXP | 61.205.93.8 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 3a813df3ed [Firefox: 7 hits: 02-04 to 09-15] |
7759abbf55 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:08:00 | WinXP | 61.205.93.8 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 29 | 3a813df3ed [Firefox: 7 hits: 02-04 to 09-15] |
7759abbf55 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:11:00 | WinXP | 79.132.209.44 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru UA:vit.ln.ua :baner.vit GB:new.egg.com :wpad US:searchportal.information.com US:208.73.210.32:80 DE:217.11.54.126:80 GB:217.145.225.22:80 |
445 | pcap | raw alerts ruleset |
http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7dd1fe2970 [Firefox:20 hits: 02-03 to 09-27] |
dcc673c815 [0] | ASM:Graph |
ASPack| | lines=374 embedded dns |
trace |
| T:16:14:00 | WinXP | 208.100.249.105 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:20:00 | WinXP | 98.105.21.53 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:21 hits: 09-17 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:16:52:00 | Win2K-f | 4.224.195.41 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:59:00 | Win2K-f | 68.146.242.126 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:01:00 | WinXP | 24.74.22.132 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 09-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:08:00 | WinXP | 74.130.243.154 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, CARROLLTON, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:09:00 | WinXP | 190.225.202.134 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | cc263a661d [Firefox: 6 hits: 09-24 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 17:19:00 | Win2K-f | 68.149.130.169 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:28:00 | WinXP | 68.204.164.43 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:56:00 | Win2K-f | 72.236.206.144 (-): CENTRAL VIRGINIA ELECTRIC COOP, ROANOKE, VIRGINIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 18:10:00 | Win2K-f | 4.224.195.41 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:54:00 | WinXP | 200.165.198.231 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 69d773e78a NEW |
none[none] | none:none |
none|none | none | none |
| 18:59:00 | WinXP | 4.137.20.252 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 364 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | e9ee0d4d34 [Firefox: 3 hits: 09-15 to 09-24] |
none[none] | none:none |
none|none | none | none | |
| T:19:13:00 | WinXP | 41.214.187.247 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:23:00 | Win2K-f | 58.230.192.35 (-): THRUNET-INFRA-SEOUL03, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox:10 hits: 06-18 to 09-27] e5e0dbde57 [Firefox:10 hits: 06-18 to 09-27] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 19:31:00 | WinXP | 12.77.255.192 (ATT.NET): AT&T WORLDNET SERVICES, HOLLYWOOD, FLORIDA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:433 hits: 12-31 to 09-27] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:39:00 | Win2K-f | 221.139.78.138 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsavn.flutix.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com US:192.221.108.126:80 US:199.93.44.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
irc http 130 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 15 of 36 |
168aab35a3 [Firefox:144 hits: 06-17 to 09-27] 667f0c59f3 [Firefox:25 hits: 07-04 to 09-25] 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] |
none[4] none [none] none [none] |
none:none none:none none:none |
tElock| none|none none|none |
none none none |
trace none none |
| T:19:42:00 | WinXP | 67.150.53.42 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:142 hits: 01-08 to 09-27] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 19:46:00 | Win2K-f | 65.65.56.183 (SWBELL.NET): PPPOX POOL - RBACK2 WACOTX 081004-1919, NEWARK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 US:4.23.60.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:55:00 | WinXP | 151.118.199.183 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e540a70fe0 [Firefox: 3 hits: 09-21 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:19:57:00 | Win2K-f | 151.118.199.183 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl IL:wrsavn.flutix.com IL:bugreport.waverevenue.com |
445 | pcap | raw alerts ruleset |
irc http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 7085b2c2d6 [Firefox:15 hits: 09-27 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 19:57:00 | Win2K-f | 202.22.220.16 (KTV.NE.JP): GUNMA CABLE MEDIA CORP, TOKYO, TOKYO, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:02:00 | Win2K-f | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:04:00 | WinXP | 123.220.182.136 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:409 hits: 01-05 to 09-27] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 20:12:00 | WinXP | 70.44.129.92 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru :washington.dc.us.undernet.org SE:viking.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org NL:london.uk.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:ozbytes.dal.net SE:qis.md.us.dal.net :gaspode.zanet.org.za US:lia.zanet.net AT:graz.at.eu.undernet.org SE:vancouver.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a9cfbd1b0c [Firefox:10 hits: 09-12 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:20:24:00 | WinXP | 58.227.83.134 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:198 hits: 06-17 to 09-27] 53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:20:29:00 | Win2K-f | 74.130.243.154 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, CARROLLTON, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:42:00 | Win2K-f | 122.100.53.131 (-): SEODAEGU CABLE TV, TAEGU, KYONGSANG-BUKTO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 181 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 30 of 33 |
9963e9c1ff [Firefox: 3 hits: 06-26 to 08-24] a647a60592 [Firefox: 3 hits: 06-26 to 08-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:21:23:00 | WinXP | 59.104.248.60 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:23 hits: 04-05 to 09-27] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 21:25:00 | WinXP | 210.23.93.240 (MICRONESIANTEL.NET): VERIZON PACIFICA, SAIPAN, SAIPAN, MP. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | dff860d114 NEW |
none[none] | none:none |
none|none | none | none |
| 22:07:00 | WinXP | 24.80.178.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 0 of 33 2 of 32 |
607b60ad51 [Firefox:38 hits: 06-20 to 09-20] e07c29c4ae [Firefox:514 hits: 06-19 to 09-27] e5c7bce70e [Firefox:37 hits: 06-20 to 09-20] |
none[4] e07c29c4ae[1] e5c7bce70e[1] |
none:none ASM:Graph ASM:Graph |
tElock| FSG| Armadillo| |
none lines=92 lines=81 |
trace trace trace |
| T:22:08:00 | WinXP | 117.99.12.96 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:636 hits: 12-31 to 09-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:20:00 | Win2K-f | 71.148.35.35 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] b5919931fe [Firefox:666 hits: 06-20 to 09-27] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:29:00 | WinXP | 4.255.199.140 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLAREMORE, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:46:00 | WinXP | 68.151.225.86 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:199.93.53.125:80 US:204.160.104.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
22caea986a NEW b235125c92 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:58:00 | WinXP | 58.227.83.134 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.123:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:198 hits: 06-17 to 09-27] 53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 23:05:00 | Win2K-f | 218.210.225.206 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] 73f1082158 [Firefox:1262 hits: 06-18 to 09-27] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:08:00 | Win2K-f | 71.120.34.37 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ELKHART, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2547 hits: 06-17 to 09-27] a08f3b74a4 [Firefox:896 hits: 06-18 to 09-27] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:13:00 | WinXP | 117.99.59.20 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:636 hits: 12-31 to 09-27] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:23:18:00 | WinXP | 220.129.163.57 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:20:00 | WinXP | 91.145.236.178 (-): LIMITED LIABILITY COMPANY ASTELIT, AMSTERDAM, NOORD-HOLLAND, NL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1172 hits: 12-31 to 09-27] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:58:00 | Win2K-f | 24.67.173.53 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 225 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 32 of 36 |
c295ae7d97 [Firefox: 2 hits: 09-21 to 09-22] dd1fe232e8 [Firefox: 2 hits: 09-21 to 09-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |