|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:25:00 | WinXP | 212.106.18.14 (POLBOX.PL): POLBOX, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 3 hits: 09-29 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:00:25:00 | WinXP | 212.106.18.14 (POLBOX.PL): POLBOX, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 3 hits: 09-29 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:00:36:00 | WinXP | 118.12.228.231 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:582 hits: 01-01 to 10-04] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:00:39:00 | Win2K-f | 4.160.207.139 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 210 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:52:00 | Win2K-f | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 57ce4acac2 [Firefox:233 hits: 06-17 to 10-04] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:01:00 | WinXP | 68.148.141.65 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] e07c29c4ae [Firefox:566 hits: 06-19 to 10-04] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 01:05:00 | Win2K-f | 64.140.213.75 (WORLDPATH.NET): WORLDPATH INTERNET SERVICES, GLOUCESTER, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:205.128.73.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:07:00 | Win2K-f | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:13:00 | WinXP | 86.153.22.117 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:448 hits: 12-31 to 10-04] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:20:00 | Win2K-f | 24.83.3.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
05b1ed9c9c [Firefox: 2 hits: 09-22 to 10-04] 0c87a74ebe [Firefox: 2 hits: 09-22 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:41:00 | Win2K-f | 218.54.9.103 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 30 of 32 |
1509c8d024 [Firefox:33 hits: 06-17 to 09-28] f23b040440 [Firefox:22 hits: 06-22 to 09-28] |
none[4] f23b040440[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:01:49:00 | WinXP | 94.137.13.23 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:43 hits: 09-13 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 01:52:00 | WinXP | 94.137.13.23 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:43 hits: 09-13 to 10-04] |
none[none] | none:none |
none|none | none | none | |
| 01:56:00 | WinXP | 70.74.216.48 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 257 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 0 of 33 |
6df1b03604 [Firefox: 2 hits: 09-14 to 09-18] 74fa06e356 [Firefox: 2 hits: 09-14 to 09-18] e07c29c4ae [Firefox:566 hits: 06-19 to 10-04] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:02:18:00 | WinXP | 203.184.8.114 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, AUCKLAND, AUCKLAND, NZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:91 hits: 01-14 to 10-04] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:02:23:00 | WinXP | 41.232.129.130 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:46:00 | WinXP | 59.104.253.7 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:674 hits: 12-31 to 10-04] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:02:00 | WinXP | 67.79.121.7 (RR.COM): ROAD RUNNER HOLDCO LLC, AUSTIN, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:25:00 | WinXP | 85.87.239.18 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7354ff7015 NEW |
none[none] | none:none |
none|none | none | none |
| 03:25:00 | WinXP | 85.87.239.18 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7354ff7015 NEW |
none[none] | none:none |
none|none | none | none |
| 03:34:00 | WinXP | 217.202.114.62 (-): TELECOM ITALIA MOBILE, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:91 hits: 01-14 to 10-04] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 03:34:00 | Win2K-f | 202.169.240.71 (BLUELINE.CO.ID): PT. RABIK BANGUN PERTIWI PMA, DENPASAR, BALI, ID. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 0 of 32 33 of 36 |
91990df207 NEW b5919931fe [Firefox:749 hits: 06-20 to 10-04] b737716fed NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:03:37:00 | WinXP | 219.105.118.25 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:582 hits: 01-01 to 10-04] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:46:00 | Win2K-f | 70.74.216.48 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
other 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
6df1b03604 [Firefox: 2 hits: 09-14 to 09-18] 74fa06e356 [Firefox: 2 hits: 09-14 to 09-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:55:00 | WinXP | 41.214.182.136 (-): . |
n/a | RU:moscow-advokat.ru :flanders.be.eu.undernet.org SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:674 hits: 12-31 to 10-04] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:15:00 | WinXP | 4.131.143.199 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:674 hits: 12-31 to 10-04] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:19:00 | WinXP | 202.233.219.75 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:582 hits: 01-01 to 10-04] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:27:00 | WinXP | 99.148.255.25 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 04:31:00 | WinXP | 24.67.228.47 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VERNON, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:32:00 | WinXP | 81.109.140.213 (NTL.COM): NTLI, LONDON, ENGLAND, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:91 hits: 01-14 to 10-04] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:04:33:00 | WinXP | 24.77.10.108 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 31 of 32 |
0e21c47e53 NEW 607b60ad51 [Firefox:40 hits: 06-20 to 10-03] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 04:43:00 | Win2K-f | 61.32.176.103 (BORA.NET): DACOM CORP, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:46:00 | WinXP | 81.198.187.134 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b18331c6d8 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:49:00 | WinXP | 85.85.66.197 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8b3bea4baf [Firefox: 2 hits: 10-03 to 10-03] |
none[none] | none:none |
none|none | none | none |
| T:04:56:00 | WinXP | 118.216.26.27 (-): . |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 32 |
475d9a7753 [Firefox: 6 hits: 06-22 to 10-03] e9a7fa27d5 [Firefox: 6 hits: 06-22 to 10-03] |
none[4] e9a7fa27d5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 05:06:00 | Win2K-f | 122.52.90.89 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:48 hits: 06-18 to 10-01] 76ee340669 [Firefox:48 hits: 06-18 to 10-01] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| T:05:07:00 | WinXP | 202.233.219.75 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:582 hits: 01-01 to 10-04] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:26:00 | Win2K-f | 4.137.237.5 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CONCORD, NORTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 146 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 4bc6ee3dbb NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:32:00 | WinXP | 87.110.17.204 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:20 hits: 01-20 to 10-02] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:33:00 | Win2K-f | 69.208.5.35 (AMERITECH.NET): RBACK3.AKRNOH, CANTON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 05:36:00 | WinXP | 122.118.152.7 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b NEW |
none[none] | none:none |
none|none | none | none |
| T:05:36:00 | WinXP | 122.118.152.7 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru :adult-empire.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b NEW |
none[none] | none:none |
none|none | none | none |
| T:05:55:00 | WinXP | 4.252.131.237 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad RU:www.bbin.ru US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:264 hits: 01-01 to 10-04] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:05:58:00 | WinXP | 86.96.47.60 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:01:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:11:00 | Win2K-f | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:23:00 | Win2K-f | 203.95.48.26 (THN.NE.JP): TOKAI CO.LTD, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 616 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 36 | ef45192710 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:51:00 | WinXP | 64.183.253.113 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 07:03:00 | WinXP | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
194.109.11.65:6556 | :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com |
135 | pcap | raw alerts ruleset |
other 323 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | fe22b8315f [Firefox: 9 hits: 06-19 to 09-28] |
none[4] | none:none |
StarForce| | none | trace |
| 07:04:00 | WinXP | 81.41.244.71 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, PALMA DE MALLORCA, BALEARES, ES. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | bc980dec04 NEW |
none[none] | none:none |
none|none | none | none |
| 07:19:00 | WinXP | 81.9.144.121 (CM-81-9-141-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 03c06c736c NEW |
none[none] | none:none |
none|none | none | none |
| T:07:45:00 | Win2K-f | 97.89.27.210 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 43 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 64c0656d5e NEW |
none[none] | none:none |
none|none | none | none | |
| 07:45:00 | WinXP | 97.89.27.210 (-): . |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 206 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 33 0 of 33 |
7ba9e53288 [Firefox: 7 hits: 07-11 to 09-25] d2e7fab9c3 [Firefox: 7 hits: 07-11 to 09-25] e07c29c4ae [Firefox:566 hits: 06-19 to 10-04] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:07:47:00 | WinXP | 85.85.162.171 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BASAURI, PAIS VASCO, ES. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:50:00 | Win2K-f | 69.23.158.94 (RR.COM): ROAD RUNNER HOLDCO LLC, RESEDA, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.126.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:04:00 | WinXP | 114.48.147.0 (-): . |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | eb8b3d7f91 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:06:00 | WinXP | 114.48.54.47 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:442 hits: 01-05 to 10-04] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 08:18:00 | Win2K-f | 69.216.138.218 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:08:29:00 | WinXP | 92.114.242.134 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6007d28092 NEW |
none[none] | none:none |
none|none | none | none |
| 08:29:00 | WinXP | 92.114.242.134 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6007d28092 NEW |
none[none] | none:none |
none|none | none | none |
| 08:37:00 | WinXP | 124.61.39.56 (-): POWERCOM, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 34 of 36 |
58408136a4 [Firefox:20 hits: 06-28 to 09-30] 7655e4d162 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:40:00 | WinXP | 155.239.217.129 (TELKOM-IPNET.CO.ZA): AFRINIC, DURBAN, KWAZULU-NATAL, ZA. |
n/a | DE:siliconfireware.ru RU:www.bbin.ru :wpad RU:195.200.213.54:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:561 hits: 01-01 to 10-04] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:08:57:00 | WinXP | 195.174.6.25 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c6059fcbd5 [Firefox: 2 hits: 09-23 to 09-25] |
none[none] | none:none |
none|none | none | none |
| T:08:58:00 | Win2K-f | 218.220.166.118 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, TOYONAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 09:04:00 | WinXP | 118.236.174.229 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 27b945de66 [Firefox:28 hits: 06-20 to 10-04] |
none[4] | none:none |
none|none | none | trace | |
| 09:14:00 | Win2K-f | 70.63.133.180 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 228 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | 131351dd21 [Firefox:11 hits: 05-22 to 08-14] |
none[4] | none:none |
none|none | none | trace | |
| 09:27:00 | WinXP | 67.4.129.173 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, CHANHASSEN, MINNESOTA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:29:00 | WinXP | 81.181.83.108 (AIRBITES.RO): SC ISP TOPALL SRL, RO. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 7bff4f7b36 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:29:00 | Win2K-f | 4.84.76.239 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MOBILE, ALABAMA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:33:00 | WinXP | 89.43.149.92 (TVSATRM.RO): SC TV SAT 2002 SRL, BUZAU, BUZAU, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 NEW |
none[none] | none:none |
none|none | none | none |
| 09:39:00 | Win2K-f | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:10:02:00 | WinXP | 79.19.181.73 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:04:00 | Win2K-f | 24.195.234.117 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:05:00 | WinXP | 4.173.203.204 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CENTEREACH, NEW YORK, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 66 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 10:09:00 | WinXP | 98.135.191.172 (-): . |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 82573923df NEW |
none[none] | none:none |
none|none | none | none |
| T:10:10:00 | WinXP | 98.135.191.172 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 82573923df NEW |
none[none] | none:none |
none|none | none | none |
| 10:14:00 | WinXP | 67.150.0.136 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:674 hits: 12-31 to 10-04] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:25:00 | Win2K-f | 71.100.3.210 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALRICO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:25:00 | WinXP | 24.65.47.35 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1513777af1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:38:00 | WinXP | 77.198.63.99 (GAOLAND.NET): DYNAMIC POOLS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:43 hits: 09-13 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 10:40:00 | WinXP | 82.66.112.133 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | HK:proxima.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1ad17171c2 NEW |
none[none] | none:none |
none|none | none | none |
| 11:30:00 | WinXP | 81.35.68.63 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MADRID, MADRID, ES. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f5501ecc1c [Firefox: 3 hits: 09-24 to 09-28] |
none[none] | none:none |
none|none | none | none |
| T:11:30:00 | WinXP | 62.215.39.139 (-): FAST TELCO INFRA STRUCTURE WEB ACCESS USERS, KUWAIT, AL KUWAYT, KW. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:19 hits: 09-14 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:11:36:00 | WinXP | 98.141.160.84 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:36:00 | WinXP | 76.173.80.156 (RR.COM): ROAD RUNNER HOLDCO LLC, SARASOTA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 36 31 of 36 0 of 33 |
9086fe4014 NEW c337e5a5cd NEW e07c29c4ae [Firefox:566 hits: 06-19 to 10-04] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:11:37:00 | WinXP | 70.67.134.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
12e484a198 [Firefox: 4 hits: 10-01 to 10-04] 2e43dc0077 [Firefox: 4 hits: 10-01 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:38:00 | WinXP | 41.214.170.180 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7dc7a28625 NEW |
none[none] | none:none |
none|none | none | none |
| 11:50:00 | Win2K-f | 74.130.243.154 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, CARROLLTON, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:58:00 | WinXP | 77.21.190.186 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 47f8cf336a [Firefox: 2 hits: 09-22 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 11:59:00 | WinXP | 74.67.48.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:08:00 | WinXP | 70.253.229.38 (SWBELL.NET): PPPOX POOL - RBACK3 WACOTX, WACO, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 9c1f1407f9 [Firefox: 4 hits: 09-30 to 10-04] |
none[none] | none:none |
none|none | none | none | |
| 12:16:00 | WinXP | 58.78.37.44 (-): POW-HFC-GOYANG, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
09c3d90250 [Firefox:11 hits: 08-04 to 10-04] 8f34a39070 [Firefox:11 hits: 08-04 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:18:00 | WinXP | 41.214.174.88 (-): . |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:34 hits: 07-28 to 09-19] |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | Win2K-f | 118.221.48.236 (-): . |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 32 |
168aab35a3 [Firefox:155 hits: 06-17 to 10-04] 667f0c59f3 [Firefox:26 hits: 07-04 to 09-28] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| none|none ASProtect| |
none none lines=90 |
trace none trace |
| T:12:22:00 | WinXP | 85.86.14.226 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, SAN SEBASTIAN, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:43 hits: 09-13 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 12:31:00 | WinXP | 12.219.244.164 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:12:32:00 | WinXP | 92.114.191.167 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 63ad1757f8 NEW |
none[none] | none:none |
none|none | none | none |
| 12:35:00 | WinXP | 92.114.191.167 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 63ad1757f8 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:38:00 | WinXP | 172.131.209.51 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:29 hits: 07-03 to 10-02] c73f738c30 [Firefox:29 hits: 07-03 to 10-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:48:00 | Win2K-f | 63.28.88.31 (UU.NET): UUNET TECHNOLOGIES INC, HONOLULU, HAWAII, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | dec249f52e NEW |
none[none] | none:none |
none|none | none | none | |
| 12:57:00 | Win2K-f | 98.141.162.205 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:59:00 | WinXP | 119.77.171.135 (-): . |
n/a | HK:proxima.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a5dfa6f948 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:02:00 | WinXP | 89.43.81.131 (-): SC CENTURY NET SRL, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:22:00 | WinXP | 85.24.166.165 (BAHNHOF.SE): GENERAL-PRIVATE-NET, SE. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox:12 hits: 09-14 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 13:22:00 | WinXP | 85.24.166.165 (BAHNHOF.SE): GENERAL-PRIVATE-NET, SE. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox:12 hits: 09-14 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 13:22:00 | WinXP | 86.56.76.120 (-): INFOCITY, DE. |
n/a | RU:moscow-advokat.ru AT:graz.at.eu.undernet.org BE:london.uk.eu.undernet.org SE:ced.dal.net :caen.fr.eu.undernet.org SE:vancouver.dal.net SE:broadway.ny.us.dal.net :gaspode.zanet.org.za :washington.dc.us.undernet.org SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:13 hits: 02-16 to 10-04] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:13:40:00 | Win2K-f | 70.74.66.77 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:42:00 | Win2K-f | 4.142.57.70 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
other 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 13:49:00 | WinXP | 92.1.45.147 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b632266bbd [Firefox: 6 hits: 09-21 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 13:53:00 | WinXP | 208.126.145.194 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:02:00 | Win2K-f | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 57ce4acac2 [Firefox:233 hits: 06-17 to 10-04] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:06:00 | Win2K-f | 64.185.100.20 (POCKETINET.COM): POCKETINET, WALLA WALLA, WASHINGTON, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
4c24bfa0ab NEW 55a1c0f96a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:32:00 | WinXP | 190.191.107.52 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b NEW |
none[none] | none:none |
none|none | none | none |
| T:14:34:00 | WinXP | 117.99.43.36 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:135 hits: 01-03 to 10-04] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:41:00 | WinXP | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:51:00 | WinXP | 88.175.93.243 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e98a5fa83f NEW |
none[none] | none:none |
none|none | none | none | |
| 14:52:00 | WinXP | 186.9.48.126 (-): . |
n/a | RU:moscow-advokat.ru NL:london.uk.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:674 hits: 12-31 to 10-04] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:53:00 | Win2K-f | 4.161.198.254 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUDSON, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:59:00 | WinXP | 68.88.96.122 (SWBELL.NET): SBC INTERNET SERVICES - SOUTHWEST, TEMPLE, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 9c1f1407f9 [Firefox: 4 hits: 09-30 to 10-04] |
none[none] | none:none |
none|none | none | none | |
| 15:29:00 | WinXP | 217.151.135.150 (GAZSVYAZ.RU): GAZSVYAZ-MSK, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 40 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
5ea6495d3c NEW a12cab51ef [Firefox:561 hits: 01-01 to 10-04] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:15:31:00 | WinXP | 70.70.51.121 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.42.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
73f1082158 [Firefox:1394 hits: 06-18 to 10-04] 79c01ec060 [Firefox:50 hits: 06-18 to 10-01] |
73f1082158 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 15:32:00 | WinXP | 200.146.69.230 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:49:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 0 of 33 |
3cd7958258 [Firefox:29 hits: 06-17 to 10-02] 41efedf70f [Firefox:28 hits: 06-19 to 10-02] e07c29c4ae [Firefox:566 hits: 06-19 to 10-04] |
none[4] 41efedf70f[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| T:16:13:00 | WinXP | 201.94.173.146 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:33 hits: 08-09 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:16:14:00 | Win2K-f | 68.151.163.161 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 0 of 32 35 of 36 |
4e56b449dc NEW b5919931fe [Firefox:749 hits: 06-20 to 10-04] cfbd74f042 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 16:16:00 | WinXP | 122.17.204.27 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 3b2958417b [Firefox:10 hits: 07-09 to 09-19] |
none[none] | none:none |
none|none | none | none | |
| 16:28:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:48:00 | WinXP | 65.173.136.35 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:50:00 | WinXP | 213.22.70.20 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:31 hits: 04-05 to 10-04] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 16:50:00 | Win2K-f | 98.30.116.168 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:11:00 | Win2K-f | 209.240.113.91 (BMTS.COM): BRUCE MUNICIPAL TELEPHONE SYSTEM, ONTARIO, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:26:00 | WinXP | 130.13.133.167 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:39:00 | WinXP | 208.234.50.251 (ARIN.NET): CENTENNIAL DE PUERTO RICO, PR. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net SE:vancouver.dal.net :los-angeles.ca.us.undernet.org SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03f64bb952 NEW |
none[none] | none:none |
none|none | none | none |
| 17:44:00 | Win2K-f | 173.16.103.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:50:00 | WinXP | 189.49.206.173 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | bfdd984464 [Firefox: 2 hits: 09-13 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 18:09:00 | WinXP | 70.235.77.217 (SBCGLOBAL.NET): PPPOX POOL - BRAS12 MRDNCT, CONNECTICUT, US. |
n/a | US:www.yahoo.com US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 2 hits: 09-26 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 18:13:00 | Win2K-f | 68.187.205.120 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:18:00 | WinXP | 70.235.77.217 (SBCGLOBAL.NET): PPPOX POOL - BRAS12 MRDNCT, CONNECTICUT, US. |
n/a | US:www.yahoo.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 2 hits: 09-26 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:18:20:00 | WinXP | 122.54.40.202 (PLDT.NET): IPG, PH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 2 hits: 10-03 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:18:24:00 | Win2K-f | 24.65.253.120 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:34 hits: 06-18 to 10-02] e53a9ea82e [Firefox:34 hits: 06-18 to 10-02] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 18:48:00 | WinXP | 119.94.52.216 (-): . |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:31 hits: 04-05 to 10-04] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 18:56:00 | Win2K-f | 4.244.183.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BRANSON, MISSOURI, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:07:00 | Win2K-f | 4.84.29.71 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, COLUMBIA, SOUTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:12:00 | WinXP | 190.190.138.15 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 470d935476 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:30:00 | Win2K-f | 208.104.56.171 (COMPORIUM.NET): ROCK HILL TELEPHONE COMPANY, COLUMBIA, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:30:00 | WinXP | 4.252.135.203 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:46:00 | WinXP | 211.22.172.147 (E-LEAD.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
269540d8b6 NEW 9b272b04ec NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:03:00 | Win2K-f | 211.186.219.164 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 0 of 32 |
8a75955033 [Firefox:38 hits: 06-20 to 09-30] 9276c8b36b [Firefox:38 hits: 06-20 to 09-30] b5919931fe [Firefox:749 hits: 06-20 to 10-04] |
none[4] 9276c8b36b[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:20:18:00 | Win2K-f | 67.89.32.206 (ALGX.NET): XO COMMUNICATIONS, DRACUT, MASSACHUSETTS, US. |
n/a | US:microsoft.com HK:proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 0 of 32 35 of 36 |
4575d9d4f6 [Firefox: 2 hits: 10-01 to 10-01] b5919931fe [Firefox:749 hits: 06-20 to 10-04] ed570a2e4d NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 20:27:00 | WinXP | 118.166.165.137 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 38 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:20:31:00 | Win2K-f | 85.139.230.200 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:20:34:00 | WinXP | 89.218.5.194 (-): ALMATYTELECOM, KZ. |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:20:38:00 | Win2K-f | 91.65.245.153 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 20:42:00 | Win2K-f | 118.161.13.77 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:20:49:00 | WinXP | 118.161.175.239 (-): . |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 20:51:00 | Win2K-f | 85.139.230.200 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 33 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:21:02:00 | Win2K-f | 85.113.12.242 (STATIC.KTNET.KG): OSH-JOROEV, KG. (100Mbps) |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:21:03:00 | WinXP | 24.82.95.87 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0c390db94d NEW |
none[none] | none:none |
none|none | none | none |
| T:21:03:00 | Win2K-f | 190.90.105.206 (EQUITEL.COM.CO): INTERNEXA S.A. E.S.P, CO. |
n/a | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:21:09:00 | WinXP | 67.66.202.81 (SWBELL.NET): AT&T INTERNET SERVICES, HOUSTON, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:16:00 | WinXP | 62.87.147.225 (NET.PL): DYNAMIC BROADBAND SERVICES, WROCLAW, DOLNOSLASKIE, PL. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 21:19:00 | Win2K-f | 118.161.175.239 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:697 hits: 03-31 to 08-30] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 21:35:00 | WinXP | 58.227.69.117 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:12 hits: 07-10 to 10-03] 740e3bffe0 [Firefox:13 hits: 06-25 to 10-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:38:00 | WinXP | 217.114.229.147 (AHA.RU): PROVIDER LOCAL INTERNET REGISTRY, RU. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:39:00 | WinXP | 64.38.67.153 (SPEAKEASY.NET): US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:01:00 | WinXP | 70.166.113.228 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:23 hits: 08-05 to 10-01] f685f8e027 [Firefox:27 hits: 06-18 to 10-01] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:22:07:00 | WinXP | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:09:00 | WinXP | 75.143.200.230 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:46:00 | Win2K-f | 116.121.133.5 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 144 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:12 hits: 07-10 to 10-03] 740e3bffe0 [Firefox:13 hits: 06-25 to 10-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:07:00 | Win2K-f | 24.213.224.230 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:11:00 | Win2K-f | 24.213.224.230 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] a08f3b74a4 [Firefox:989 hits: 06-18 to 10-04] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:11:00 | WinXP | 81.9.144.202 (CM-81-9-141-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c NEW |
none[none] | none:none |
none|none | none | none |
| 23:18:00 | Win2K-f | 70.69.63.230 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] 73f1082158 [Firefox:1394 hits: 06-18 to 10-04] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:43:00 | WinXP | 4.131.218.57 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2819 hits: 06-17 to 10-04] b7082104e4 [Firefox:174 hits: 06-18 to 10-04] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:23:53:00 | WinXP | 68.204.161.117 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1244 hits: 12-31 to 10-04] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:56:00 | WinXP | 86.96.47.125 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 790dcb2cfc [Firefox: 3 hits: 08-06 to 09-12] |
none[none] | none:none |
none|none | none | none |