|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:12:00 | WinXP | 76.180.232.33 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | f2668b51f1 [Firefox: 7 hits: 01-04 to 06-25] |
none[4] | none:none |
PolyEnE| | none | trace |
| T:01:21:00 | WinXP | 125.58.77.194 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.73.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:03:00 | WinXP | 24.59.6.38 (RR.COM): ROAD RUNNER HOLDCO LLC, ROME, NEW YORK, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:265 hits: 01-01 to 10-05] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 02:07:00 | Win2K-f | 64.183.253.113 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] b7082104e4 [Firefox:180 hits: 06-18 to 10-05] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 02:08:00 | WinXP | 117.97.127.101 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4515dee6bc NEW |
none[none] | none:none |
none|none | none | none |
| 02:18:00 | WinXP | 140.239.41.46 (XO.NET): XO COMMUNICATIONS, CAMBRIDGE, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:20 hits: 06-18 to 10-01] 79c01ec060 [Firefox:51 hits: 06-18 to 10-05] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 02:22:00 | WinXP | 78.156.218.44 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:30:00 | Win2K-f | 70.184.3.48 (COX.NET): COX COMMUNICATIONS, WARNER ROBINS, GEORGIA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:11 hits: 07-18 to 10-04] b4fe4581c3 [Firefox:11 hits: 07-18 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:36:00 | WinXP | 62.201.94.124 (T-ONLINE.HU): T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL), HU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:443 hits: 01-05 to 10-05] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:38:00 | WinXP | 80.218.30.146 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox: 3 hits: 10-01 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 03:28:00 | WinXP | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 33 |
87e1117f2a [Firefox:11 hits: 07-18 to 10-04] b4fe4581c3 [Firefox:11 hits: 07-18 to 10-04] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:03:41:00 | Win2K-f | 76.173.80.156 (RR.COM): ROAD RUNNER HOLDCO LLC, SARASOTA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 36 31 of 36 |
9086fe4014 NEW c337e5a5cd NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:59:00 | WinXP | 118.12.207.239 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:586 hits: 01-01 to 10-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:06:00 | Win2K-f | 70.119.123.66 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:20:00 | Win2K-f | 122.53.6.49 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com HK:proxim.ircgalaxy.pl US:192.221.99.124:80 US:204.160.104.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:49 hits: 06-18 to 10-05] 76ee340669 [Firefox:49 hits: 06-18 to 10-05] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 04:29:00 | WinXP | 82.237.101.56 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:34 hits: 08-09 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:04:35:00 | Win2K-f | 125.212.53.163 (-): THENET-PH-AP, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 163 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | cc6554837b NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:50:00 | WinXP | 24.234.205.187 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:56:00 | WinXP | 122.30.139.162 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:586 hits: 01-01 to 10-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:07:00 | WinXP | 69.59.90.98 (NCTV.COM): NORTHLAND CABLE TELEVISION, GREENWOOD, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:05:08:00 | WinXP | 120.28.145.233 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:136 hits: 01-03 to 10-05] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 05:08:00 | WinXP | 120.28.145.233 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:136 hits: 01-03 to 10-05] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:16:00 | WinXP | 186.9.1.106 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 05:28:00 | WinXP | 68.118.77.222 (CHARTER.COM): CHARTER COMMUNICATIONS, NEWPORT, OREGON, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:28:00 | WinXP | 89.28.81.54 (89-28-0-10.STARNET.MD): STARNET, CHISINAU, CHISINAU, MD. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8d9d28ce7 [Firefox: 2 hits: 10-01 to 10-01] |
none[none] | none:none |
none|none | none | none |
| 05:34:00 | WinXP | 82.247.35.211 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:43:00 | WinXP | 217.201.167.222 (-): TELECOM ITALIA MOBILE, IT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ae024849a2 [Firefox: 3 hits: 09-13 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:05:44:00 | WinXP | 87.11.22.162 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru :lulea.se.eu.undernet.org SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c6059fcbd5 [Firefox: 3 hits: 09-23 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 06:01:00 | WinXP | 92.114.242.134 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | ea096a2bdf [Firefox:20 hits: 07-12 to 10-04] |
none[none] | none:none |
none|none | none | none | |
| T:06:19:00 | WinXP | 116.59.161.148 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 [Firefox: 6 hits: 09-13 to 09-25] |
none[none] | none:none |
none|none | none | none |
| T:06:19:00 | WinXP | 87.57.191.231 (IP.TELE.DK): TELEDANMARK, DK. |
n/a | RU:moscow-advokat.ru EU:gaz-prom.ru :irc.kar.net :brussels.be.eu.undernet.org :los-angeles.ca.us.undernet.org :washington.dc.us.undernet.org US:lia.zanet.net |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:24 hits: 01-11 to 10-02] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| T:06:26:00 | WinXP | 69.204.155.179 (RR.COM): ROAD RUNNER HOLDCO LLC, MECHANICVILLE, NEW YORK, US. |
n/a | RU:moscow-advokat.ru :gaspode.zanet.org.za :irc.kar.net NL:london.uk.eu.undernet.org :caen.fr.eu.undernet.org US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:22 hits: 01-01 to 10-03] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 06:26:00 | WinXP | 69.204.155.179 (RR.COM): ROAD RUNNER HOLDCO LLC, MECHANICVILLE, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:22 hits: 01-01 to 10-03] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 06:30:00 | WinXP | 85.152.185.146 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c6059fcbd5 [Firefox: 3 hits: 09-23 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 06:36:00 | WinXP | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:38:00 | WinXP | 85.138.226.4 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7354ff7015 [Firefox: 2 hits: 10-05 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:06:46:00 | WinXP | 89.218.72.34 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 9dc3d96bce NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:49:00 | Win2K-f | 69.59.90.98 (NCTV.COM): NORTHLAND CABLE TELEVISION, GREENWOOD, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:51:00 | WinXP | 41.210.197.2 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8533808823 NEW |
none[none] | none:none |
none|none | none | none |
| 06:57:00 | Win2K-f | 4.181.99.168 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 07:21:00 | WinXP | 118.174.101.77 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:21:00 | WinXP | 118.174.101.77 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:26:00 | Win2K-f | 222.237.133.203 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:34 hits: 06-17 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] f23b040440 [Firefox:23 hits: 06-22 to 10-05] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| T:07:43:00 | WinXP | 78.34.7.129 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | HK:proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 NEW |
none[none] | none:none |
none|none | none | none |
| 08:05:00 | Win2K-f | 70.245.110.9 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:13:00 | WinXP | 190.5.192.132 (EMTEL.NET.CO): EMTEL S.A. E.S.P, CO. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net :brussels.be.eu.undernet.org SE:broadway.ny.us.dal.net :los-angeles.ca.us.undernet.org :caen.fr.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:14 hits: 02-16 to 10-05] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 08:35:00 | WinXP | 114.45.56.134 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:49:00 | Win2K-f | 75.33.89.45 (SBCGLOBAL.NET): PPPOX POOL - RBACK7 BCVLOH, CLEVELAND, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:08:51:00 | WinXP | 77.56.65.33 (HISPEED.CH): CABLECOM, ZURICH, ZURICH, CH. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:47 hits: 09-13 to 10-05] |
none[none] | none:none |
none|none | none | none | |
| T:09:04:00 | WinXP | 85.85.27.183 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e104071f90 NEW |
none[none] | none:none |
none|none | none | none |
| 09:16:00 | WinXP | 87.57.60.80 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | HK:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3208c0041e NEW |
none[none] | none:none |
none|none | none | none |
| T:09:42:00 | WinXP | 72.130.58.25 (RR.COM): ROAD RUNNER HOLDCO LLC, TORRANCE, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:586 hits: 01-01 to 10-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:47:00 | WinXP | 81.9.145.119 (CM-81-9-145-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c [Firefox: 3 hits: 10-04 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 10:02:00 | WinXP | 24.234.205.187 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:02:00 | WinXP | 208.222.46.228 (WHEATSTATE.COM): NETWORK TOOL AND DIE COMPANY, UDALL, KANSAS, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox: 9 hits: 02-14 to 10-04] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| 10:07:00 | Win2K-f | 70.119.123.66 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:19:00 | WinXP | 24.28.164.199 (RR.COM): ROAD RUNNER HOLDCO LLC, EL PASO, TEXAS, US. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:52 hits: 01-02 to 10-03] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:24:00 | WinXP | 89.24.105.207 (4GINTERNET.CZ): RADIOMOBIL, CZ. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c3bc53e727 [Firefox: 5 hits: 09-14 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 10:30:00 | WinXP | 83.68.71.69 (TNP.PL): TELENETCENTRUM-NET, PL. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 79fdac8c50 [Firefox: 4 hits: 09-16 to 10-02] |
none[none] | none:none |
none|none | none | none |
| 10:33:00 | WinXP | 193.248.185.16 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:154 hits: 01-08 to 10-03] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:10:34:00 | WinXP | 87.58.10.79 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 31b8bb70f7 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:36:00 | Win2K-f | 209.226.103.100 (BELL.CA): BELL CANADA, OWEN SOUND, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 152 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:45:00 | Win2K-f | 118.218.224.32 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:213 hits: 06-17 to 10-04] 53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:10:47:00 | WinXP | 77.21.188.239 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bfec7d0b0b [Firefox:14 hits: 08-06 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:10:51:00 | WinXP | 212.106.18.158 (POLBOX.PL): POLBOX, PL. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 5 hits: 09-29 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 11:00:00 | WinXP | 208.104.56.171 (COMPORIUM.NET): ROCK HILL TELEPHONE COMPANY, COLUMBIA, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.201.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:12:00 | Win2K-f | 118.221.48.236 (-): . |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:156 hits: 06-17 to 10-05] 667f0c59f3 [Firefox:27 hits: 07-04 to 10-05] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 11:16:00 | Win2K-f | 218.50.159.218 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 33 |
14d64882da [Firefox: 2 hits: 09-21 to 09-27] 1509c8d024 [Firefox:34 hits: 06-17 to 10-05] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 11:17:00 | WinXP | 122.233.12.157 (HZ.ZJ.CN): CHINANET ZHEJIANG PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:22 hits: 01-01 to 10-03] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| T:11:26:00 | Win2K-f | 206.169.217.139 (NETPTC.NET): PONDEROSA CABLEVISION, HANFORD, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:26:00 | Win2K-f | 58.78.37.44 (-): POW-HFC-GOYANG, SEOUL, KYONGGI-DO, KR. |
n/a | HK:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
09c3d90250 [Firefox:12 hits: 08-04 to 10-05] 8f34a39070 [Firefox:12 hits: 08-04 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 11:28:00 | Win2K-f | 78.48.190.248 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn |
445 | pcap | raw alerts ruleset |
irc http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
13 of 36 15 of 36 |
72b1a321fb NEW 91dc355a93 [Firefox:21 hits: 09-25 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:31:00 | WinXP | 70.183.164.236 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 11:34:00 | WinXP | 62.11.34.141 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, FLORENCE, TOSCANA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:spi.domainsponsor.com GB:welcome3.smile.co.uk DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
1fd891fe6b NEW df17a625ee [Firefox:265 hits: 01-01 to 10-05] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| 11:37:00 | WinXP | 79.132.209.35 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:siliconfireware.ru UA:vit.ln.ua DE:ebookfinaltrash.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad :baner.vit :www.proxy-socks.net UA:195.189.16.10:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 99 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7dd1fe2970 [Firefox:21 hits: 02-03 to 09-28] |
dcc673c815 [0] | ASM:Graph |
ASPack| | lines=374 embedded dns |
trace |
| 11:54:00 | Win2K-f | 72.190.32.136 (RR.COM): ROAD RUNNER HOLDCO LLC, MESQUITE, TEXAS, US. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl :fleshkatera.cn US:download.microsoft.com 115.126.2.110:80 US:192.221.99.124:80 US:198.78.220.124:80 US:4.23.60.126:80 |
445 | pcap | raw alerts ruleset |
irc 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:05:00 | Win2K-f | 4.227.130.190 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SALT LAKE CITY, UTAH, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 177 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:08:00 | WinXP | 66.205.15.94 (SUNBEACH.NET): SUNBEACH COMMUNICATIONS INC, BRIDGETOWN, ST. MICHAEL, BB. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:34 hits: 08-09 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 12:18:00 | WinXP | 117.99.47.67 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:136 hits: 01-03 to 10-05] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:27:00 | Win2K-f | 98.172.138.101 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:27:00 | WinXP | 190.188.30.87 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:136 hits: 01-03 to 10-05] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:33:00 | WinXP | 70.119.51.201 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:53:00 | WinXP | 64.85.215.157 (SOCKET.NET): SOCKET INTERNET SERVICES CORPORATION, WARRENTON, MISSOURI, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:179 hits: 01-01 to 09-29] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:12:57:00 | WinXP | 88.170.56.118 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fccab86427 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:58:00 | Win2K-f | 71.79.78.63 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTERVILLE, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:58:00 | WinXP | 85.85.69.9 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:449 hits: 12-31 to 10-05] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:00:00 | WinXP | 85.85.69.9 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:563 hits: 01-01 to 10-05] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 13:13:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
210.245.211.11:65520 | US:microsoft.com HK:proxim.ircgalaxy.pl :fleshkatera.cn US:download.microsoft.com :lolika.cn :www.upononjob.cn :mulfika.cn US:207.123.42.126:80 US:207.123.46.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
irc http 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
15 of 36 32 of 36 13 of 36 35 of 36 |
91dc355a93 [Firefox:21 hits: 09-25 to 09-30] bea8cb1865 [Firefox:25 hits: 08-11 to 10-03] e255e100de NEW fac78fde16 [Firefox: 8 hits: 09-13 to 10-03] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 13:37:00 | WinXP | 74.220.11.35 (AIRSTREAMCOMM.NET): CHIBARDUN TELEPHONE COOPERATIVE INC, DALLAS, WISCONSIN, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 31b8bb70f7 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:37:00 | WinXP | 74.220.11.35 (AIRSTREAMCOMM.NET): CHIBARDUN TELEPHONE COOPERATIVE INC, DALLAS, WISCONSIN, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 31b8bb70f7 NEW |
none[none] | none:none |
none|none | none | none |
| 13:38:00 | Win2K-f | 12.219.197.236 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, EXCELSIOR SPRINGS, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 13:42:00 | WinXP | 98.173.193.183 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:54:00 | WinXP | 89.123.58.175 (PLATINUMGROUP.RO): ARTELECOM, RO. |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a639f0b353 NEW |
none[none] | none:none |
none|none | none | none |
| 13:54:00 | WinXP | 83.91.63.16 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | bf1ba17fdd NEW |
none[none] | none:none |
none|none | none | none |
| T:13:55:00 | WinXP | 77.253.151.247 (COM.PL): NETIA, PL. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:ozbytes.dal.net SE:coins.dal.net :los-angeles.ca.us.undernet.org SE:ced.dal.net HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 26e3526604 [Firefox: 6 hits: 09-16 to 09-27] |
none[none] | none:none |
none|none | none | none |
| 14:00:00 | Win2K-f | 70.61.108.77 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 14:16:00 | Win2K-f | 190.50.173.230 (COM.AR): TELEFONICA DE ARGENTINA, AR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
2 of 36 | 49ef7837c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:20:00 | WinXP | 123.48.65.203 (R-123-48-0-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:586 hits: 01-01 to 10-05] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:28:00 | WinXP | 24.80.118.202 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 606 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:48:00 | Win2K-f | 208.103.136.12 (CORETEL.NET): CORETEL AMERICA INC, CLEARFIELD, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:49:00 | WinXP | 140.239.42.146 (XO.NET): XO COMMUNICATIONS, HOPKINTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:20 hits: 06-18 to 10-01] 79c01ec060 [Firefox:51 hits: 06-18 to 10-05] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 14:53:00 | WinXP | 72.251.15.186 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:56:00 | Win2K-f | 60.249.242.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 57ce4acac2 [Firefox:235 hits: 06-17 to 10-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:02:00 | WinXP | 206.51.112.27 (SPEAKEASY.NET): US. |
n/a | RU:moscow-advokat.ru NL:london.uk.eu.undernet.org SE:qis.md.us.dal.net US:lia.zanet.net SE:vancouver.dal.net :lulea.se.eu.undernet.org SE:ced.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:02:00 | WinXP | 206.51.112.27 (SPEAKEASY.NET): US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:19:00 | WinXP | 75.138.116.40 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:19:00 | WinXP | 75.138.116.40 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:28:00 | WinXP | 4.224.201.10 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, INDIANAPOLIS, INDIANA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:47 hits: 09-13 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 15:29:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | bc28340042 NEW |
none[none] | none:none |
none|none | none | none |
| 15:35:00 | WinXP | 87.97.232.87 (GGBIT.NET): EKK CATV PLOVDIV, PLOVDIV, PLOVDIV, BG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bd24805706 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:36:00 | WinXP | 87.97.232.87 (GGBIT.NET): EKK CATV PLOVDIV, PLOVDIV, PLOVDIV, BG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8b2985b52d NEW |
none[none] | none:none |
none|none | none | none |
| 15:53:00 | WinXP | 4.143.17.141 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MINNEAPOLIS, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 30 of 36 0 of 33 |
2ce489b91a NEW 2f1ec86326 NEW e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 16:09:00 | WinXP | 64.250.78.116 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox: 3 hits: 10-01 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 16:12:00 | Win2K-f | 192.116.98.106 (012.NET.IL): GILAT-SATCOM-BLOCK, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
14 of 36 | 405ee58b18 NEW |
none[none] | none:none |
none|none | none | none | |
| T:16:12:00 | Win2K-f | 192.116.98.106 (012.NET.IL): GILAT-SATCOM-BLOCK, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
14 of 36 | 405ee58b18 NEW |
none[none] | none:none |
none|none | none | none | |
| T:16:20:00 | WinXP | 69.85.101.33 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:21:00 | Win2K-f | 172.132.100.28 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 217 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 16:28:00 | Win2K-f | 12.215.100.211 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, BURLINGTON, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:30:00 | WinXP | 66.19.187.100 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:52:00 | WinXP | 4.175.255.120 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHILADELPHIA, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:01:00 | WinXP | 24.85.245.64 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:05:00 | Win2K-f | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 57ce4acac2 [Firefox:235 hits: 06-17 to 10-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:07:00 | Win2K-f | 190.50.78.76 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 139 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
2 of 36 | 49ef7837c2 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:07:00 | Win2K-f | 190.50.78.76 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 139 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
2 of 36 | 49ef7837c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:17:25:00 | Win2K-f | 68.124.56.119 (PACBELL.NET): PPPOX POOL - BRAS1 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:26:00 | WinXP | 66.19.188.85 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:26:00 | WinXP | 66.19.188.85 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:28:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 57ce4acac2 [Firefox:235 hits: 06-17 to 10-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:31:00 | WinXP | 117.99.21.168 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | f9d832dfd2 [Firefox: 2 hits: 09-22 to 10-03] |
none[none] | none:none |
none|none | none | none |
| T:17:40:00 | WinXP | 151.118.213.205 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:47:00 | WinXP | 67.11.55.212 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:679 hits: 12-31 to 10-05] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:53:00 | Win2K-f | 4.153.11.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUMBOLDT, TENNESSEE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:53:00 | WinXP | 4.153.11.150 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUMBOLDT, TENNESSEE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:56:00 | Win2K-f | 70.247.224.169 (SWBELL.NET): JORGE RICHARDO GARCIA , DALLAS, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:58:00 | WinXP | 216.198.166.233 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
a4d3ac0cbe NEW b360625b8c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:04:00 | Win2K-f | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:12:00 | WinXP | 213.22.72.250 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 18:24:00 | Win2K-f | 144.139.189.50 (TMNS.NET.AU): TELSTRAINTERNET32, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:45:00 | WinXP | 68.148.141.65 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:54:00 | WinXP | 72.253.181.41 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | bc28340042 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:54:00 | WinXP | 72.253.181.41 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | bc28340042 NEW |
none[none] | none:none |
none|none | none | none |
| 18:55:00 | Win2K-f | 66.65.188.140 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:55:00 | WinXP | 190.220.87.79 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 47af15bf90 NEW |
none[none] | none:none |
none|none | none | none |
| 19:02:00 | WinXP | 75.79.45.163 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 | 53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] |
none[4] | none:none |
tElock| | none | trace |
| T:19:24:00 | WinXP | 65.183.151.137 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:199.93.44.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:47:00 | WinXP | 219.105.120.169 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1a8dccb1b8 NEW |
none[none] | none:none |
none|none | none | none |
| 19:49:00 | Win2K-f | 68.74.67.150 (-): PPPOX POOL - EMHRIL RBACK, CHICAGO, ILLINOIS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:30:00 | WinXP | 58.224.59.143 (HANANET.NET): HANARO TELECOM INC, KR. |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com US:b155.bundlext.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 0 of 33 18 of 36 31 of 33 |
59f1b164b0 NEW a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] d2e0990a9d NEW ddd2a2b264 [Firefox: 4 hits: 06-17 to 10-04] |
none[none] a08f3b74a4[1] none [none] none [4] |
none:none ASM:Graph none:none none:none |
none|none Armadillo| none|none tElock| |
none lines=81 none none |
none trace none trace |
| 20:34:00 | WinXP | 64.183.209.202 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] b7082104e4 [Firefox:180 hits: 06-18 to 10-05] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 20:38:00 | WinXP | 4.176.147.236 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, EL PASO, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:39:00 | Win2K-f | 216.205.211.212 (CINERGYCOM.NET): CINERGY COMMUNICATIONS COMPANY, HOPE, INDIANA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:50:00 | WinXP | 75.181.170.131 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:58:00 | WinXP | 117.65.37.6 (AH163.NET): CHINANET ANHUI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | a43ad8c21e NEW |
none[none] | none:none |
none|none | none | none |
| 20:59:00 | WinXP | 96.15.103.245 (-): . |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b156.bundlext.com IL:mtn6.com-com.ws US:b157.bundlext.com :www.speed-runner.com US:adserving.cpxinteractive.com US:ad.yieldmanager.com 67.55.107.36:80 |
135 | pcap | raw alerts ruleset |
irc http http 318 lines |
Yeah : 1.8 profile |
none | summary tarball |
8 of 33 22 of 36 33 of 36 18 of 36 |
1ac39aea6b [Firefox: 5 hits: 06-28 to 09-29] 59f1b164b0 NEW bfed6c7250 NEW d2e0990a9d NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 21:10:00 | WinXP | 98.132.173.214 (-): ALLTEL SIP CUSTOMERS - CHARLOTTE, MATTHEWS, NORTH CAROLINA, US. |
194.54.90.246:80 210.245.211.11:65520 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox:14 hits: 09-14 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 21:24:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 57ce4acac2 [Firefox:235 hits: 06-17 to 10-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:29:00 | WinXP | 24.84.1.224 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
210.245.211.11:65520 | HK:proxim.ircgalaxy.pl IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com IL:194.90.224.86:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 709 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 18 of 36 32 of 36 |
59f1b164b0 NEW d2e0990a9d NEW e3a22772ff NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:21:30:00 | WinXP | 68.204.161.208 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1251 hits: 12-31 to 10-05] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:38:00 | Win2K-f | 24.234.205.187 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:52:00 | WinXP | 204.193.212.253 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:13 hits: 09-17 to 10-04] |
none[none] | none:none |
none|none | none | none |
| T:21:52:00 | WinXP | 204.193.212.253 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:13 hits: 09-17 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 22:16:00 | WinXP | 88.164.226.106 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | HK:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 778cdbeb40 [Firefox: 2 hits: 10-01 to 10-01] |
none[none] | none:none |
none|none | none | none |
| T:22:18:00 | WinXP | 75.181.170.131 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox: 7 hits: 08-15 to 09-16] |
none[none] | none:none |
none|none | none | none |
| 22:40:00 | Win2K-f | 58.227.69.117 (HANANET.NET): HANARO TELECOM INC, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 164 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 31 of 33 24 of 33 18 of 36 |
59f1b164b0 NEW 6e2eaa0359 [Firefox:14 hits: 07-10 to 10-05] 740e3bffe0 [Firefox:15 hits: 06-25 to 10-05] d2e0990a9d NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:22:43:00 | Win2K-f | 75.138.49.213 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 0 of 32 |
83e033e38f NEW b347153b02 NEW b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 22:47:00 | WinXP | 210.155.240.247 (MZ0IP010.MII.JP): MNET INC, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] e07c29c4ae [Firefox:571 hits: 06-19 to 10-05] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:53:00 | Win2K-f | 61.175.224.214 (-): TAIZHOU LUQIAO ENSURE PUBLIC SECURITY LTD, CN. (100Mbps) |
210.245.211.11:65520 | HK:proxima.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn |
445 | pcap | raw alerts ruleset |
irc http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 14 of 36 |
91dc355a93 [Firefox:21 hits: 09-25 to 09-30] ab39c3329a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:00:00 | Win2K-f | 116.123.42.88 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | US:microsoft.com HK:proxima.ircgalaxy.pl US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
irc http 108 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 22 of 36 18 of 36 |
168aab35a3 [Firefox:156 hits: 06-17 to 10-05] 4c3df24b32 [Firefox:213 hits: 06-17 to 10-04] 59f1b164b0 NEW d2e0990a9d NEW |
none[4] 4c3df24b32[1] none [none] none [none] |
none:none ASM:Graph none:none none:none |
tElock| Armadillo| none|none none|none |
none lines=81 none none |
trace trace none none |
| 23:26:00 | Win2K-f | 69.208.5.35 (AMERITECH.NET): RBACK3.AKRNOH, CANTON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] a08f3b74a4 [Firefox:1006 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:23:27:00 | Win2K-f | 98.173.193.183 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 73f1082158 [Firefox:1410 hits: 06-18 to 10-05] b5919931fe [Firefox:760 hits: 06-20 to 10-05] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:38:00 | WinXP | 211.24.192.134 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.125:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2857 hits: 06-17 to 10-05] 57ce4acac2 [Firefox:235 hits: 06-17 to 10-05] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |