|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:10:00 | WinXP | 92.97.212.168 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 00:25:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:26:00 | WinXP | 88.59.145.14 (-): ISTITUTO STATALE D'ARTE CATANIA, CATANIA, SICILIA, IT. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:29:00 | Win2K-f | 119.70.186.75 (-): . |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:207.123.37.123:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 32 |
168aab35a3 [Firefox:153 hits: 06-17 to 10-03] 4c3df24b32 [Firefox:208 hits: 06-17 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 4c3df24b32[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:31:00 | Win2K-f | 68.184.109.17 (CHARTER.COM): CHARTER COMMUNICATIONS, DOUGLAS, GEORGIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:36:00 | Win2K-f | 202.179.235.55 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, JP. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:00:47:00 | WinXP | 124.241.189.147 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 00:48:00 | Win2K-f | 208.125.77.239 (RR.COM): ROAD RUNNER HOLDCO LLC, SYRACUSE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:52:00 | Win2K-f | 98.172.137.247 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:17:00 | WinXP | 65.173.138.42 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:22:00 | Win2K-f | 64.90.218.95 (AIRADVANTAGE.NET): AIR ADVANTAGE, SEBEWAING, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:27:00 | WinXP | 4.163.169.227 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GOLDEN, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:47:00 | Win2K-f | 70.64.230.180 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, PRINCE ALBERT, SASKATCHEWAN, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:50:00 | WinXP | 59.173.194.42 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, WUHAN, HUBEI, CN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:39 hits: 09-13 to 10-03] |
none[none] | none:none |
none|none | none | none |
| T:02:21:00 | Win2K-f | 211.74.49.211 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
214bc429e1 [Firefox: 2 hits: 09-25 to 09-26] 9ad48d782a [Firefox: 2 hits: 09-25 to 09-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:32:00 | Win2K-f | 222.237.114.222 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 36 |
2e04b06527 [Firefox:11 hits: 06-18 to 10-03] 514265be41 [Firefox: 2 hits: 09-24 to 10-03] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:02:35:00 | WinXP | 212.171.164.123 (POOL212171.INTERBUSINESS.IT): TELECOM ITALIA S.P.A, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:35:00 | WinXP | 81.9.145.119 (CM-81-9-145-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c NEW |
none[none] | none:none |
none|none | none | none |
| T:03:15:00 | Win2K-f | 116.127.237.60 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0c3d1ec2df [Firefox:10 hits: 08-11 to 09-29] 8de905030e [Firefox:10 hits: 08-11 to 09-29] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:30:00 | WinXP | 125.4.3.213 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:19 hits: 06-19 to 09-27] 53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 03:42:00 | WinXP | 84.237.208.70 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0e75ae41b0 NEW |
none[none] | none:none |
none|none | none | none |
| 03:51:00 | WinXP | 219.110.167.193 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:437 hits: 01-05 to 10-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:57:00 | Win2K-f | 211.74.112.179 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
214bc429e1 [Firefox: 2 hits: 09-25 to 09-26] 9ad48d782a [Firefox: 2 hits: 09-25 to 09-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:07:00 | WinXP | 78.156.202.141 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 2 hits: 09-29 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:04:46:00 | Win2K-f | 68.187.205.120 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:51:00 | Win2K-f | 4.255.44.15 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 351 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | dae793fa4a NEW |
none[none] | none:none |
none|none | none | none | |
| 05:00:00 | WinXP | 58.237.84.35 (-): THRUNET-INFRA-DAEGU11, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none 0 of 33 |
4c3df24b32 [Firefox:208 hits: 06-17 to 10-03] 6a4845ca11 [Firefox:13 hits: 06-27 to 10-02] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
4c3df24b32 [1] none [none] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| none|none FSG| |
lines=81 none lines=92 |
trace none trace |
| 05:04:00 | Win2K-f | 70.74.66.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:12:00 | Win2K-f | 71.112.111.147 (VERIZON.NET): VERIZON INTERNET SERVICES INC, REDMOND, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.46.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:13:00 | WinXP | 89.50.79.13 (PPPOOL.DE): FREENET CITYLINE GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:437 hits: 01-05 to 10-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:17:00 | Win2K-f | 58.237.84.35 (-): THRUNET-INFRA-DAEGU11, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.124:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 none |
4c3df24b32 [Firefox:208 hits: 06-17 to 10-03] 6a4845ca11 [Firefox:13 hits: 06-27 to 10-02] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| 05:20:00 | WinXP | 125.83.120.228 (163DATA.COM.CN): CHINANET CHONGQING PROVINCE NETWORK, CHONGQING, CHONGQING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:580 hits: 01-01 to 10-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:27:00 | WinXP | 114.48.132.7 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:437 hits: 01-05 to 10-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:41:00 | WinXP | 41.214.178.199 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:46:00 | Win2K-f | 172.134.71.240 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:05:00 | WinXP | 24.164.122.49 (RR.COM): ROAD RUNNER HOLDCO LLC, SHELBY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:06:20:00 | WinXP | 118.109.87.107 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:437 hits: 01-05 to 10-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:28:00 | WinXP | 88.162.158.207 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 15ee4e7627 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:42:00 | WinXP | 4.253.116.149 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PLYMOUTH, INDIANA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:669 hits: 12-31 to 10-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 06:58:00 | WinXP | 124.62.212.116 (-): POWERCOM, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
09c3d90250 [Firefox:10 hits: 08-04 to 09-26] 8f34a39070 [Firefox:10 hits: 08-04 to 09-26] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:07:16:00 | WinXP | 92.115.6.190 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 1a88bd5450 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:26:00 | Win2K-f | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:10 hits: 07-18 to 09-30] b4fe4581c3 [Firefox:10 hits: 07-18 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:28:00 | Win2K-f | 4.239.249.233 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WHITEHALL, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:07:28:00 | Win2K-f | 219.138.126.130 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, HUANG SHAN, ANHUI, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 517 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 5041f56276 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:38:00 | WinXP | 70.235.66.77 (SBCGLOBAL.NET): PPPOX POOL - BRAS12.MRDNCT, CONNECTICUT, US. |
n/a | US:www.yahoo.com :jbeegvia.ru EU:crutop.nu US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru RU:alfabank.ru :kfwfceki.ru :nhuwxyuw.ru :udluzuq.ru US:crime-research.ru :fiazpvnne.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | bb7681eca8 NEW |
none[none] | none:none |
none|none | none | none |
| 07:47:00 | WinXP | 78.175.193.80 (SMYTHECRAMER.COM): TELEKOM, TR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none | |
| T:07:47:00 | WinXP | 78.175.193.80 (SMYTHECRAMER.COM): TELEKOM, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 07:55:00 | WinXP | 4.228.6.130 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:669 hits: 12-31 to 10-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:02:00 | WinXP | 186.9.70.36 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7c42ab929f NEW |
none[none] | none:none |
none|none | none | none |
| T:08:04:00 | Win2K-f | 58.227.83.134 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:208 hits: 06-17 to 10-03] 53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 08:14:00 | WinXP | 196.208.94.104 (TELKOM-IPNET.CO.ZA): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:23:00 | Win2K-f | 70.241.125.36 (SWBELL.NET): PPPOX POOL - RBACK21 HSTNTX, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:34:00 | Win2K-f | 117.20.153.176 (KMTCSIN.COM.SG): STARHUB INTERNET PTE LTD, SG. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:40:00 | Win2K-f | 209.226.103.137 (BELL.CA): BELL CANADA, OWEN SOUND, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 08:43:00 | WinXP | 70.69.62.14 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
e90f8b883b [Firefox: 3 hits: 09-22 to 09-27] f0e937602b [Firefox: 3 hits: 09-22 to 09-27] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:49:00 | WinXP | 41.214.176.248 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1540ff87bb NEW |
none[none] | none:none |
none|none | none | none |
| T:09:02:00 | WinXP | 4.89.132.34 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WOLCOTTVILLE, INDIANA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:132 hits: 01-03 to 10-03] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:10:00 | WinXP | 87.205.38.219 (INETIA.PL): INTERNETIA, PL. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:669 hits: 12-31 to 10-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:42:00 | WinXP | 65.188.147.178 (RR.COM): ROAD RUNNER HOLDCO LLC, POMPANO BEACH, FLORIDA, US. |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 48 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:558 hits: 01-01 to 10-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:09:45:00 | WinXP | 208.116.232.218 (IN.US): ST. JOSEPH COUNTY PUBLIC LIBRARY, SOUTH BEND, INDIANA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:47:00 | WinXP | 208.116.232.218 (IN.US): ST. JOSEPH COUNTY PUBLIC LIBRARY, SOUTH BEND, INDIANA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:52:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:446 hits: 12-31 to 10-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:56:00 | WinXP | 67.0.73.47 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, MASON CITY, IOWA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | bf23b00abd NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:26:00 | WinXP | 79.163.94.232 (-): IDEA, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 97bc7b537b NEW |
none[none] | none:none |
none|none | none | none |
| T:10:27:00 | WinXP | 93.108.115.229 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 28 | ddfb108f62 [Firefox: 2 hits: 02-16 to 02-25] |
b2cfa85049 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:27:00 | WinXP | 93.108.115.229 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
28 of 28 | ddfb108f62 [Firefox: 2 hits: 02-16 to 02-25] |
b2cfa85049 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:37:00 | WinXP | 190.191.165.27 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6b1c6d0395 [Firefox: 7 hits: 09-18 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 10:47:00 | Win2K-f | 121.73.98.27 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
http 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
7f89b38665 [Firefox:20 hits: 08-02 to 10-02] a51a50404e [Firefox:20 hits: 08-02 to 10-02] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 10:56:00 | WinXP | 203.73.84.16 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:10:56:00 | WinXP | 189.49.173.128 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:669 hits: 12-31 to 10-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:10:00 | WinXP | 24.78.165.140 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7ab7b989fe NEW |
none[none] | none:none |
none|none | none | none |
| 11:18:00 | WinXP | 165.29.122.25 (AR.US): ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK, MONTICELLO, ARKANSAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:24:00 | WinXP | 217.201.165.167 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 8ef9e03ad3 [Firefox: 4 hits: 09-12 to 09-28] |
none[none] | none:none |
none|none | none | none |
| 11:26:00 | WinXP | 85.139.132.160 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:39 hits: 09-13 to 10-03] |
none[none] | none:none |
none|none | none | none |
| T:11:26:00 | WinXP | 85.139.132.160 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:39 hits: 09-13 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 11:28:00 | WinXP | 217.219.164.16 (-): RAH-E-JAHAN SARI, SARI, MAZANDARAN, IR. (100Mbps) |
n/a | :www.proxy-socks.net :wpad DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:558 hits: 01-01 to 10-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 11:29:00 | Win2K-f | 4.138.43.40 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:11:58:00 | WinXP | 203.180.17.8 (BMOBILE.NE.JP): JAPAN COMMUNICATION INC, JP. |
n/a | EU:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:558 hits: 01-01 to 10-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:12:02:00 | WinXP | 64.186.106.206 (APTALASKA.NET): ALASKA POWER & TELEPHONE CO, CRAIG, ALASKA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 12:19:00 | Win2K-f | 71.113.167.57 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BLOOMINGTON, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 12:19:00 | WinXP | 98.24.47.113 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:263 hits: 01-01 to 10-02] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 12:41:00 | WinXP | 81.43.48.232 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, BARCELONA, CATALUñA, ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:437 hits: 01-05 to 10-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 12:42:00 | WinXP | 67.0.73.47 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, MASON CITY, IOWA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 0 of 33 |
4cc010006c NEW bf23b00abd NEW e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 12:48:00 | Win2K-f | 4.237.44.128 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:51:00 | WinXP | 208.83.218.3 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 12:57:00 | WinXP | 4.153.20.248 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 13:14:00 | WinXP | 70.44.39.32 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a9cfbd1b0c [Firefox:11 hits: 09-12 to 09-28] |
none[none] | none:none |
none|none | none | none |
| T:13:18:00 | WinXP | 217.201.154.9 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:22:00 | WinXP | 75.6.250.79 (SBCGLOBAL.NET): RBACK5.PLTNCA, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:24:00 | WinXP | 99.139.194.192 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:24:00 | WinXP | 220.130.194.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:226 hits: 06-17 to 10-03] 83f26f5044 [Firefox:24 hits: 06-20 to 10-03] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 13:35:00 | WinXP | 68.187.205.120 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:42:00 | WinXP | 91.141.124.221 (I-ONE.AT): NETWORK OF ONE GMBH, VIENNA, WIEN, AT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 97a3feb53f [Firefox: 3 hits: 09-18 to 09-26] |
none[none] | none:none |
none|none | none | none |
| 14:12:00 | WinXP | 88.164.107.11 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox:19 hits: 07-12 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 14:18:00 | WinXP | 41.214.168.26 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:132 hits: 01-03 to 10-03] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:18:00 | WinXP | 41.214.168.26 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:132 hits: 01-03 to 10-03] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:35:00 | WinXP | 70.65.147.143 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8d74af6d5 NEW |
none[none] | none:none |
none|none | none | none |
| 15:04:00 | WinXP | 66.53.220.172 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:06:00 | WinXP | 221.139.182.244 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 31 of 33 |
a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] ddd2a2b264 [Firefox: 3 hits: 06-17 to 08-23] |
a08f3b74a4 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:15:16:00 | WinXP | 61.34.136.38 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 15:19:00 | WinXP | 118.237.125.104 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:27 hits: 06-20 to 09-29] |
none[4] | none:none |
none|none | none | trace | |
| T:15:21:00 | WinXP | 201.253.248.12 (NET.AR): APOLO -GOLD-TELECOM-PER, SAN ISIDRO, BUENOS AIRES, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:669 hits: 12-31 to 10-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:38:00 | Win2K-f | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:49:00 | WinXP | 4.131.79.32 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | 9d77b4ca8e [Firefox: 2 hits: 06-29 to 07-12] |
none[none] | none:none |
none|none | none | none | |
| 15:49:00 | WinXP | 82.64.42.177 (PROXAD.NET): PROXAD / FREE SAS, VERSAILLES, ILE-DE-FRANCE, FR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:53:00 | Win2K-f | 173.6.165.95 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:59:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:16:14:00 | WinXP | 190.5.192.132 (EMTEL.NET.CO): EMTEL S.A. E.S.P, CO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:12 hits: 02-16 to 10-03] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:16:26:00 | WinXP | 130.13.218.116 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6cf11d6364 [Firefox:11 hits: 09-12 to 09-24] |
none[none] | none:none |
none|none | none | none |
| 16:40:00 | WinXP | 24.46.158.249 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), HARRISON, NEW YORK, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:16:42:00 | WinXP | 69.218.229.153 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:16:47:00 | WinXP | 190.225.96.135 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:12 hits: 09-17 to 10-03] |
none[none] | none:none |
none|none | none | none | |
| T:17:10:00 | WinXP | 213.22.208.170 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:30 hits: 04-05 to 10-03] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 17:12:00 | WinXP | 70.119.51.201 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:14:00 | Win2K-f | 98.141.161.22 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:20:00 | WinXP | 62.215.39.156 (-): FAST TELCO INFRA STRUCTURE WEB ACCESS USERS, KUWAIT, AL KUWAYT, KW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 659ac922d6 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:20:00 | WinXP | 199.243.20.8 (BELL.CA): BELL CANADA / SYMPATICO DIAL, KINGSTON, ONTARIO, CA. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1234 hits: 12-31 to 10-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:17:20:00 | WinXP | 62.215.39.156 (-): FAST TELCO INFRA STRUCTURE WEB ACCESS USERS, KUWAIT, AL KUWAYT, KW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:18 hits: 09-14 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:17:43:00 | Win2K-f | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:45:00 | WinXP | 99.224.119.109 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] e07c29c4ae [Firefox:556 hits: 06-19 to 10-03] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:17:50:00 | WinXP | 209.127.71.14 (-): KINGSVILLE CITY HALL, KINGSVILLE, TEXAS, US. (100Mbps) |
67.43.236.98:1863 | :proxim.ircgalaxy.pl CA:xx.enterhere.biz CA:zonetech.info US:130.107.180.49:64508 |
135 | pcap | raw alerts ruleset |
irc http 342 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 21 of 36 21 of 36 33 of 36 10 of 36 |
1868867d02 [Firefox: 2 hits: 09-29 to 10-03] 3e01fb69e1 [Firefox: 2 hits: 09-29 to 10-03] 6b997bcb17 [Firefox: 2 hits: 09-29 to 10-03] 6ee401581b NEW c025f08a76 [Firefox: 6 hits: 09-15 to 10-03] |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| 18:02:00 | Win2K-f | 58.230.192.35 (-): THRUNET-INFRA-SEOUL03, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox:12 hits: 06-18 to 10-03] e5e0dbde57 [Firefox:12 hits: 06-18 to 10-03] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 18:03:00 | WinXP | 66.53.214.231 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:90 hits: 01-14 to 10-01] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:18:19:00 | Win2K-f | 218.238.57.61 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 33 of 35 |
168aab35a3 [Firefox:153 hits: 06-17 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] f7738e7352 [Firefox: 7 hits: 07-25 to 09-24] |
none[4] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
tElock| ASProtect| none|none |
none lines=90 none |
trace trace none |
| 18:22:00 | Win2K-f | 218.138.220.34 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:28:00 | WinXP | 208.105.170.95 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:18:39:00 | WinXP | 70.253.239.239 (SWBELL.NET): PPPOX POOL - RBACK3 WACOTX, PLANO, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 36 | 9c1f1407f9 [Firefox: 3 hits: 09-30 to 10-03] |
none[none] | none:none |
none|none | none | none | |
| 18:41:00 | Win2K-f | 124.241.148.4 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 18:43:00 | WinXP | 4.235.90.111 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 73 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:18:43:00 | Win2K-f | 211.124.220.170 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, OSAKA, OSAKA, JP. |
n/a | :proxima.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:44:00 | WinXP | 93.163.57.190 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | c736218316 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:45:00 | WinXP | 93.163.57.190 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c736218316 NEW |
none[none] | none:none |
none|none | none | none |
| 18:50:00 | WinXP | 65.23.161.84 (DRTEL.NET): DICKEY RURAL NETWORKS, ELLENDALE, NORTH DAKOTA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 18:54:00 | WinXP | 24.144.20.46 (CONWAYCORP.NET): CONWAY CORPORATION, CONWAY, ARKANSAS, US. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f3aadc574a [Firefox: 2 hits: 10-01 to 10-03] |
none[none] | none:none |
none|none | none | none |
| T:18:55:00 | WinXP | 24.144.20.46 (CONWAYCORP.NET): CONWAY CORPORATION, CONWAY, ARKANSAS, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f3aadc574a [Firefox: 2 hits: 10-01 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 19:01:00 | Win2K-f | 72.67.82.213 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
5706f2fc14 [Firefox: 3 hits: 09-14 to 10-03] 68c7a1f625 [Firefox: 3 hits: 09-14 to 10-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:11:00 | WinXP | 92.96.237.111 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:14:00 | WinXP | 70.64.230.180 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, PRINCE ALBERT, SASKATCHEWAN, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:45:00 | WinXP | 4.138.235.44 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MARLBOROUGH, MASSACHUSETTS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 66 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 19:56:00 | WinXP | 88.243.19.244 (TTNET.NET.TR): TT ADSL-ALCATEL DYNAMIC_ACI, BALIKESIR, BALIKESIR, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:19:57:00 | WinXP | 88.243.19.244 (TTNET.NET.TR): TT ADSL-ALCATEL DYNAMIC_ACI, BALIKESIR, BALIKESIR, TR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:26 hits: 08-09 to 10-02] |
none[none] | none:none |
none|none | none | none | |
| T:20:08:00 | Win2K-f | 71.104.45.152 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ONTARIO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:48:00 | WinXP | 221.191.213.73 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:580 hits: 01-01 to 10-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:49:00 | Win2K-f | 70.60.102.126 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:49:00 | WinXP | 117.65.33.173 (AH163.NET): CHINANET ANHUI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 623e0b5433 [Firefox:11 hits: 09-14 to 10-01] |
none[none] | none:none |
none|none | none | none |
| T:20:52:00 | WinXP | 122.53.15.51 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6672dcb81a NEW |
none[none] | none:none |
none|none | none | none |
| 20:59:00 | WinXP | 75.143.206.5 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 NEW |
none[none] | none:none |
none|none | none | none |
| 21:04:00 | WinXP | 4.142.129.93 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 162 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
3cd595a9ba NEW 68f3168201 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:06:00 | Win2K-f | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:08:00 | WinXP | 217.202.3.204 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 12003cc8c8 NEW |
none[none] | none:none |
none|none | none | none |
| 21:18:00 | WinXP | 4.158.255.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RACINE, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:25:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:42:00 | Win2K-f | 65.183.151.137 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:49:00 | WinXP | 76.205.209.227 (SBCGLOBAL.NET): PPPOX POOL - BRAS25.PLTN, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:53:00 | WinXP | 69.148.19.98 (SWBELL.NET): PPPOX POOL - RBACK7 AUSTTX, AUSTIN, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:446 hits: 12-31 to 10-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:18:00 | Win2K-f | 58.227.83.134 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:208 hits: 06-17 to 10-03] 53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:22:21:00 | Win2K-f | 124.241.148.4 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] b7082104e4 [Firefox:166 hits: 06-18 to 10-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:22:25:00 | Win2K-f | 4.158.255.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RACINE, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:25:00 | WinXP | 202.132.182.207 (TTN.NET): TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox: 8 hits: 02-14 to 10-03] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| T:22:34:00 | Win2K-f | 24.85.10.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:35:00 | Win2K-f | 208.127.8.230 (DSLEXTREME.COM): DSL EXTREME, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] 73f1082158 [Firefox:1372 hits: 06-18 to 10-03] b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:36:00 | WinXP | 94.137.15.161 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:39 hits: 09-13 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 22:44:00 | Win2K-f | 24.83.3.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none 0 of 32 |
05b1ed9c9c NEW 0c87a74ebe NEW b5919931fe [Firefox:735 hits: 06-20 to 10-03] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 22:45:00 | WinXP | 70.67.134.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
12e484a198 [Firefox: 3 hits: 10-01 to 10-02] 2e43dc0077 [Firefox: 3 hits: 10-01 to 10-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:47:00 | WinXP | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 36 |
53bfe15e91 [Firefox:2768 hits: 06-17 to 10-03] a08f3b74a4 [Firefox:974 hits: 06-18 to 10-03] e03407db94 NEW |
none[4] a08f3b74a4[1] none [none] |
none:none ASM:Graph none:none |
tElock| Armadillo| none|none |
none lines=81 none |
trace trace none |