|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:14:00 | Win2K-f | 208.127.97.158 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 29 of 33 |
0d3fafbf29 [Firefox: 5 hits: 06-21 to 09-30] d401773a07 [Firefox: 5 hits: 06-21 to 09-30] |
0d3fafbf29 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 00:20:00 | Win2K-f | 122.53.222.210 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:207.123.37.124:80 US:207.123.37.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 171 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:47 hits: 06-18 to 09-29] 76ee340669 [Firefox:47 hits: 06-18 to 09-29] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 00:38:00 | WinXP | 67.89.32.207 (ALGX.NET): XO COMMUNICATIONS, DRACUT, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:198.78.201.126:80 US:198.78.220.126:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 33 of 33 |
4575d9d4f6 NEW 53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 00:57:00 | WinXP | 192.160.7.142 (ALCATEL.COM): ALCATEL NETWORK SERVICES, PLANO, TEXAS, US. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none |
168aab35a3 [Firefox:148 hits: 06-17 to 09-29] bba5ec5f4d [Firefox: 3 hits: 09-22 to 09-29] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 01:24:00 | Win2K-f | 69.121.161.229 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), STRATFORD, CONNECTICUT, US. |
194.109.11.65:6556 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 185 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 [Firefox:11 hits: 06-10 to 08-26] |
none[4] | none:none |
StarForce| | none | trace |
| T:01:38:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:27:00 | Win2K-f | 118.216.235.20 (-): . |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:148 hits: 06-17 to 09-29] 4c3df24b32 [Firefox:205 hits: 06-17 to 09-30] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:36:00 | WinXP | 119.154.55.183 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 778cdbeb40 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:41:00 | Win2K-f | 4.242.171.121 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTLAND, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 163 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 02:45:00 | Win2K-f | 121.73.141.6 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:18 hits: 08-02 to 09-30] a51a50404e [Firefox:18 hits: 08-02 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:47:00 | WinXP | 93.177.133.195 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 778cdbeb40 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:59:00 | WinXP | 79.12.125.219 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, FIRENZE, TOSCANA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:88 hits: 01-14 to 09-29] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:03:04:00 | WinXP | 59.190.14.172 (EONET.NE.JP): K-OPTICOM CORPORATION, SINGAPORE, SINGAPORE, SG. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:573 hits: 01-01 to 09-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 03:07:00 | WinXP | 83.132.73.19 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | DE:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 30 | af79e0c602 [Firefox: 8 hits: 01-08 to 09-18] |
none[4] | none:none |
ASPack| | none | trace |
| 03:14:00 | Win2K-f | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:22:00 | WinXP | 24.241.63.121 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 319 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
378a4bac36 [Firefox: 8 hits: 07-01 to 08-17] d11b4c2e19 [Firefox: 8 hits: 07-01 to 08-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:53:00 | Win2K-f | 211.239.4.83 (EPNETWORKS.CO.KR): ENTERPRISENET-INFRA, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
686d4ca67b [Firefox: 8 hits: 07-08 to 09-30] b7e379b157 [Firefox: 8 hits: 07-08 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:59:00 | Win2K-f | 4.178.108.115 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CENTRAL POINT, OREGON, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.37.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:04:00 | Win2K-f | 172.130.131.188 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:27 hits: 07-03 to 09-30] c73f738c30 [Firefox:27 hits: 07-03 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:11:00 | WinXP | 12.208.68.144 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, STREAMWOOD, ILLINOIS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 44163e3b88 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:18:00 | WinXP | 92.114.235.134 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4b2541d5f7 [Firefox:13 hits: 08-19 to 09-30] |
none[none] | none:none |
none|none | none | none |
| 04:42:00 | WinXP | 118.108.194.38 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:573 hits: 01-01 to 09-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:48:00 | WinXP | 85.179.250.62 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
213.239.192.125:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 04:49:00 | WinXP | 88.170.70.155 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | fee215afd0 [Firefox: 2 hits: 09-26 to 09-29] |
none[none] | none:none |
none|none | none | none |
| 05:23:00 | WinXP | 195.215.230.130 (RAS.TELE.DK): TELEDANMARK-DIAL-UP-USERS, KOLDING, VEJLE, DK. |
n/a | 445 | pcap | raw alerts ruleset |
other 2 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:24:00 | WinXP | 114.48.181.221 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 05:28:00 | WinXP | 80.102.60.32 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:28:00 | Win2K-f | 218.211.217.215 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.37.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:40:00 | Win2K-f | 12.219.244.164 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.53.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] b7082104e4 [Firefox:159 hits: 06-18 to 09-30] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:05:51:00 | WinXP | 220.137.194.103 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:654 hits: 12-31 to 09-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:06:21:00 | Win2K-f | 116.41.149.250 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
4ab2ecbc0f [Firefox: 7 hits: 06-29 to 08-19] 65eb2e3aee [Firefox: 7 hits: 06-29 to 08-19] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:28:00 | Win2K-f | 4.228.186.201 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DURANGO, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:56:00 | WinXP | 200.165.198.145 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | dfdc4b62b3 NEW |
none[none] | none:none |
none|none | none | none |
| 07:05:00 | WinXP | 66.217.131.192 (USLEC.NET): USLEC CORP, PORTLAND, OREGON, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:26:00 | Win2K-f | 66.61.16.150 (RR.COM): ROAD RUNNER HOLDCO LLC, ALEXANDRIA, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:36:00 | WinXP | 81.41.32.1 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, ES. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1d7b35b012 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:42:00 | Win2K-f | 24.79.198.216 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox: 6 hits: 09-12 to 09-29] 321f4fc27d [Firefox: 6 hits: 09-12 to 09-29] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:50:00 | WinXP | 213.22.71.81 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:26 hits: 04-05 to 09-30] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:07:50:00 | WinXP | 92.40.166.103 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:02:00 | WinXP | 170.51.51.160 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
213.239.192.125:5001 | DE:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 264d107aeb NEW |
none[none] | none:none |
none|none | none | none |
| 08:04:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:06:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:25:00 | WinXP | 24.164.52.101 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:00:00 | WinXP | 82.231.173.171 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 24e607bccb NEW |
none[none] | none:none |
none|none | none | none |
| T:09:04:00 | WinXP | 93.149.162.50 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 557fac1fa8 NEW |
none[none] | none:none |
none|none | none | none |
| 09:25:00 | WinXP | 83.68.70.169 (TNP.PL): TELENETCENTRUM-NET, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 79fdac8c50 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:25:00 | WinXP | 83.68.70.169 (TNP.PL): TELENETCENTRUM-NET, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 79fdac8c50 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:32:00 | Win2K-f | 125.58.89.94 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] b7082104e4 [Firefox:159 hits: 06-18 to 09-30] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:09:40:00 | WinXP | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:31 hits: 06-18 to 09-29] e53a9ea82e [Firefox:31 hits: 06-18 to 09-29] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 09:54:00 | Win2K-f | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:31 hits: 06-18 to 09-29] e53a9ea82e [Firefox:31 hits: 06-18 to 09-29] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 10:04:00 | WinXP | 193.248.104.169 (ABO.WANADOO.FR): TELECOM, METZ, NANTERRE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:441 hits: 12-31 to 09-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:09:00 | Win2K-f | 24.76.226.5 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:204.160.104.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 133 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
40870345c3 [Firefox: 4 hits: 09-22 to 09-30] 6c539a9f23 [Firefox: 4 hits: 09-22 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:10:00 | WinXP | 66.53.81.176 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:654 hits: 12-31 to 09-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:15:00 | WinXP | 98.112.3.44 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:16:00 | WinXP | 88.67.3.75 (ARCOR-IP.NET): ARCOR-DSL-NET, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:10:20:00 | WinXP | 88.27.172.185 (CAMPUSPARTY06.NET): TELEFONICA DE ESPANA (NCC#2007050901), ES. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 7 hits: 09-12 to 09-22] |
none[none] | none:none |
none|none | none | none |
| T:10:30:00 | WinXP | 41.214.182.190 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 9 hits: 09-14 to 09-19] |
none[none] | none:none |
none|none | none | none |
| 10:30:00 | WinXP | 41.214.182.190 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox: 9 hits: 09-14 to 09-19] |
none[none] | none:none |
none|none | none | none |
| T:10:35:00 | WinXP | 202.169.240.71 (BLUELINE.CO.ID): PT. RABIK BANGUN PERTIWI PMA, DENPASAR, BALI, ID. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 33 of 36 |
91990df207 NEW b737716fed NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:43:00 | Win2K-f | 186.12.92.111 (-): . |
213.239.192.125:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 10:44:00 | WinXP | 98.135.236.46 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d99da8735e [Firefox: 5 hits: 09-18 to 09-23] |
none[none] | none:none |
none|none | none | none |
| 10:57:00 | Win2K-f | 208.125.77.239 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:13:00 | WinXP | 190.225.83.153 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox: 9 hits: 09-17 to 09-29] |
none[none] | none:none |
none|none | none | none |
| 11:25:00 | Win2K-f | 96.11.196.93 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 0 of 32 |
0bfa79dc19 [Firefox:16 hits: 07-22 to 09-29] 8dfb3b619f [Firefox:17 hits: 07-22 to 09-29] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 11:35:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:37:00 | WinXP | 24.94.138.206 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:550 hits: 01-01 to 09-30] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 11:38:00 | Win2K-f | 170.51.39.30 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:11:38:00 | WinXP | 170.51.39.30 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:44:00 | WinXP | 67.89.32.206 (ALGX.NET): XO COMMUNICATIONS, DRACUT, MASSACHUSETTS, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.46.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
4575d9d4f6 NEW ed570a2e4d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:49:00 | WinXP | 189.49.189.218 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org :flanders.be.eu.undernet.org SE:qis.md.us.dal.net SE:ozbytes.dal.net SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
28 of 29 | 61c9be2a00 [Firefox: 3 hits: 01-27 to 02-29] |
1931062d39 [0] | ASM:Graph |
PolyEnE| | lines=111 embedded dns |
trace |
| T:12:00:00 | WinXP | 72.35.49.94 (CASS.NET): D&P COMMUNICATIONS, DUNDEE, MICHIGAN, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:07:00 | Win2K-f | 61.34.136.38 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:204.160.104.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:12:00 | WinXP | 201.212.36.69 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:15:00 | WinXP | 85.241.233.82 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | GB:welcome3.smile.co.uk :wpad DE:siliconfireware.ru US:searchportal.information.com GB:new.egg.com GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:550 hits: 01-01 to 09-30] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:12:16:00 | Win2K-f | 63.246.120.141 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:19:00 | Win2K-f | 186.12.50.144 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:21:00 | Win2K-f | 70.72.209.63 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
12e484a198 NEW 2e43dc0077 NEW b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:12:23:00 | Win2K-f | 151.80.40.216 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:29:00 | WinXP | 170.51.189.114 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 12:31:00 | WinXP | 186.12.75.242 (-): . |
64.85.160.111:5001 | US:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 12:39:00 | Win2K-f | 186.12.14.144 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 12:41:00 | Win2K-f | 170.51.89.120 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | DE:cookie.roltf.ws DE:213.239.192.125:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 30d50bdc3d [Firefox: 7 hits: 09-12 to 09-29] |
none[none] | none:none |
none|none | none | none |
| 12:51:00 | WinXP | 71.68.86.69 (RR.COM): ROAD RUNNER HOLDCO LLC, MONROE, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:550 hits: 01-01 to 09-30] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 12:51:00 | WinXP | 41.214.184.145 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:52:00 | WinXP | 41.214.184.145 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:52:00 | Win2K-f | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:57:00 | Win2K-f | 170.51.138.180 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| 12:57:00 | Win2K-f | 170.51.138.180 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace | |
| T:13:01:00 | WinXP | 74.78.249.119 (RR.COM): ROAD RUNNER HOLDCO LLC, MIDDLETOWN, NEW YORK, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:05:00 | Win2K-f | 151.23.131.199 (-): INFOSTRADA (IUNET), IT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:16:00 | WinXP | 186.12.83.237 (-): . |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | e8161390e4 NEW |
none[none] | none:none |
none|none | none | none |
| 13:19:00 | WinXP | 118.216.26.27 (-): . |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 0 of 33 30 of 32 |
475d9a7753 [Firefox: 4 hits: 06-22 to 09-24] e07c29c4ae [Firefox:535 hits: 06-19 to 09-30] e9a7fa27d5 [Firefox: 4 hits: 06-22 to 09-24] |
none[4] e07c29c4ae[1] e9a7fa27d5[1] |
none:none ASM:Graph ASM:Graph |
tElock| FSG| Armadillo| |
none lines=92 lines=82 |
trace trace trace |
| T:13:23:00 | WinXP | 41.214.178.96 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:37:00 | Win2K-f | 170.51.125.111 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:41:00 | WinXP | 4.158.0.145 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com US:www.counterdata.com DE:m1.webstats.motigo.com GB:www.chechenpress.co.uk FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com US:208.73.210.32:80 US:72.29.65.216:80 FI:80.81.183.151:80 FI:80.81.183.162:80 |
445 | pcap | raw alerts ruleset |
http http 136 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:41 hits: 01-02 to 09-25] |
none[3] | none:none |
ASPack| | none | trace |
| T:13:43:00 | Win2K-f | 118.218.21.111 (-): . |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:29 hits: 06-21 to 09-29] 58c343a8d8 [Firefox:32 hits: 06-21 to 09-29] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 13:47:00 | WinXP | 212.183.70.162 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
64.85.160.111:5001 | DE:cookie.roltf.ws US:64.85.160.111:5001 |
445 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 382279b44f [Firefox:263 hits: 05-22 to 09-30] |
049e62d55b [0] | ASM:Graph |
Armadillo| | lines=192 | trace |
| 13:52:00 | WinXP | 170.51.135.59 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
64.85.160.111:5001 | US:cookie.roltf.ws | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | e63559344d NEW |
none[none] | none:none |
none|none | none | none |
| 14:03:00 | WinXP | 165.123.123.67 (UPENN.EDU): UNIVERSITY OF PENNSYLVANIA, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:09:00 | WinXP | 89.41.89.106 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2322158770 NEW |
none[none] | none:none |
none|none | none | none |
| 14:11:00 | WinXP | 4.231.88.142 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:14:12:00 | WinXP | 82.241.109.249 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | e8cc9c1f8b NEW |
none[none] | none:none |
none|none | none | none |
| T:14:15:00 | WinXP | 70.184.216.4 (COX.NET): COX COMMUNICATIONS, OMAHA, NEBRASKA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | f677e0c423 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:37:00 | WinXP | 201.69.52.192 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:128 hits: 01-03 to 09-30] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:48:00 | Win2K-f | 140.239.41.75 (XO.NET): XO COMMUNICATIONS, CAMBRIDGE, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 32 |
73ce2b74da [Firefox:19 hits: 06-18 to 09-30] 79c01ec060 [Firefox:49 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
73ce2b74da [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 14:49:00 | Win2K-f | 69.110.85.225 (-): JAY KWON, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox: 9 hits: 08-01 to 09-22] dc92683d9a [Firefox:16 hits: 06-19 to 09-22] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:14:55:00 | WinXP | 213.22.209.94 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:vancouver.dal.net :los-angeles.ca.us.undernet.org :flanders.be.eu.undernet.org US:lia.zanet.net SE:ced.dal.net SE:viking.dal.net :diemen.nl.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:26 hits: 04-05 to 09-30] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 15:03:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:06:00 | Win2K-f | 203.118.238.245 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:12:00 | WinXP | 24.211.136.50 (RR.COM): ROAD RUNNER HOLDCO LLC, CARY, NORTH CAROLINA, US. (100Mbps) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 321052074e [Firefox:14 hits: 02-23 to 09-29] |
1a587de3ca [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:21:00 | WinXP | 4.164.162.154 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OMAHA, NEBRASKA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:654 hits: 12-31 to 09-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:28:00 | WinXP | 200.117.167.200 (NET.AR): TELECOM ARGENTINA S.A, AR. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | cc263a661d [Firefox: 8 hits: 09-24 to 09-28] |
none[none] | none:none |
none|none | none | none |
| 15:52:00 | WinXP | 96.249.202.166 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] e07c29c4ae [Firefox:535 hits: 06-19 to 09-30] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:54:00 | Win2K-f | 68.164.120.19 (COVAD.NET): COVAD COMMUNICATIONS CO, CAMDEN, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:00:00 | Win2K-f | 70.169.52.82 (COX.NET): COX COMMUNICATIONS, TULSA, OKLAHOMA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 34 of 36 28 of 33 |
b5919931fe [Firefox:700 hits: 06-20 to 09-30] da00a8e7a1 [Firefox:22 hits: 08-05 to 09-28] f685f8e027 [Firefox:26 hits: 06-18 to 09-28] |
b5919931fe [1] none [none] f685f8e027[1] |
ASM:Graph none:none ASM:Graph |
ASProtect| none|none Armadillo| |
lines=90 none lines=82 |
trace none trace |
| T:16:06:00 | WinXP | 24.109.57.160 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e61928f16c NEW |
none[none] | none:none |
none|none | none | none |
| T:16:31:00 | WinXP | 24.79.81.3 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox: 6 hits: 09-12 to 09-29] 321f4fc27d [Firefox: 6 hits: 09-12 to 09-29] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:45:00 | WinXP | 99.151.167.48 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:88 hits: 01-14 to 09-29] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 16:50:00 | WinXP | 122.30.193.216 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:56:00 | WinXP | 201.32.90.87 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | c61ba7b6b9 [Firefox: 2 hits: 01-26 to 01-26] |
none[none] | none:none |
none|none | none | none |
| 16:56:00 | WinXP | 201.32.90.87 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | c61ba7b6b9 [Firefox: 2 hits: 01-26 to 01-26] |
none[none] | none:none |
none|none | none | none |
| 17:08:00 | WinXP | 41.214.185.28 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:654 hits: 12-31 to 09-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:10:00 | Win2K-f | 76.177.149.52 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:44:00 | Win2K-f | 202.222.43.88 (NIIGATA-U.AC.JP): JAPAN NETWORK INFORMATION CENTER, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:20:00 | WinXP | 76.212.169.83 (SBCGLOBAL.NET): PPPOX POOL - BRAS8 SNDGCA, OCEANSIDE, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:128 hits: 01-03 to 09-30] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:26:00 | WinXP | 86.99.89.189 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 18:30:00 | Win2K-f | 24.79.81.3 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 32 |
0115338c8b [Firefox: 6 hits: 09-12 to 09-29] 321f4fc27d [Firefox: 6 hits: 09-12 to 09-29] b5919931fe [Firefox:700 hits: 06-20 to 09-30] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 18:49:00 | Win2K-f | 60.249.242.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 57ce4acac2 [Firefox:221 hits: 06-17 to 09-30] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:55:00 | WinXP | 24.144.20.62 (CONWAYCORP.NET): CONWAY CORPORATION, CONWAY, ARKANSAS, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f3aadc574a NEW |
none[none] | none:none |
none|none | none | none |
| T:19:08:00 | WinXP | 130.13.135.94 (QWEST.NET): QWEST BROADBAND SERVICES INC, CAVE CREEK, ARIZONA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e540a70fe0 [Firefox: 5 hits: 09-21 to 09-29] |
none[none] | none:none |
none|none | none | none |
| 19:16:00 | Win2K-f | 75.136.138.238 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:25:00 | Win2K-f | 67.237.53.86 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.53.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:36:00 | WinXP | 4.131.137.179 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:19:56:00 | WinXP | 149.99.86.165 (ROGERSTELECOM.NET): ROGERS TELECOM INC, SIMCOE, ONTARIO, CA. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:550 hits: 01-01 to 09-30] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:05:00 | WinXP | 117.99.54.8 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:654 hits: 12-31 to 09-30] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:20:09:00 | Win2K-f | 70.68.159.116 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:16:00 | WinXP | 72.174.98.86 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, DELTA, COLORADO, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8d9d28ce7 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:16:00 | WinXP | 72.174.98.86 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, DELTA, COLORADO, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8d9d28ce7 NEW |
none[none] | none:none |
none|none | none | none |
| 20:35:00 | WinXP | 66.65.198.3 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad :www.proxy-socks.net US:208.73.210.32:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:260 hits: 01-01 to 09-30] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:20:55:00 | Win2K-f | 99.180.48.162 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:20:57:00 | Win2K-f | 70.66.76.237 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.104.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
12e484a198 NEW 2e43dc0077 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:00:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:441 hits: 12-31 to 09-30] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:02:00 | Win2K-f | 61.17.249.66 (VSNL.NET.IN): VIDESH SANCHAR NIGAM LTD - INDIA, HYDERABAD, ANDHRA PRADESH, IN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:15:00 | Win2K-f | 211.187.200.45 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 34 of 36 30 of 33 |
b5919931fe [Firefox:700 hits: 06-20 to 09-30] eb9217b966 NEW ff2150aa95 [Firefox: 3 hits: 07-03 to 08-22] |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| 21:27:00 | WinXP | 24.82.183.149 (SHELLCOMPUTERS.COM): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 0 of 33 |
2e7969c422 NEW 9063722e22 NEW e07c29c4ae [Firefox:535 hits: 06-19 to 09-30] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:21:50:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 56 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 22:16:00 | WinXP | 4.239.0.43 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHILADELPHIA, PENNSYLVANIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1209 hits: 12-31 to 09-30] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:18:00 | WinXP | 24.82.183.149 (SHELLCOMPUTERS.COM): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0c390db94d NEW |
none[none] | none:none |
none|none | none | none |
| 22:30:00 | WinXP | 58.242.137.108 (-): CNC GROUP ANHUI PROVINCE NETWORK, ANHUI, ANHUI, CN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6b1c6d0395 [Firefox: 3 hits: 09-18 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:22:30:00 | WinXP | 58.242.137.108 (-): CNC GROUP ANHUI PROVINCE NETWORK, ANHUI, ANHUI, CN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6b1c6d0395 [Firefox: 3 hits: 09-18 to 09-27] |
none[none] | none:none |
none|none | none | none |
| T:22:40:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] a08f3b74a4 [Firefox:936 hits: 06-18 to 09-30] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:18:00 | WinXP | 174.151.251.74 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:32:00 | WinXP | 122.146.83.69 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:43:00 | WinXP | 12.214.124.202 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, VERNON HILLS, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:419 hits: 01-05 to 09-30] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 23:44:00 | Win2K-f | 64.138.243.170 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2672 hits: 06-17 to 09-30] 73f1082158 [Firefox:1329 hits: 06-18 to 09-30] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:48:00 | WinXP | 219.66.165.76 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), NAHA, OKINAWA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:573 hits: 01-01 to 09-30] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace |