|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:11:00 | Win2K-f | 74.67.48.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:29:00 | Win2K-f | 207.5.201.124 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:31:00 | WinXP | 78.156.209.71 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:36:00 | WinXP | 70.245.110.9 (SWBELL.NET): PPPOX POOL - BRAS2 OKCYOK 070704, EDMOND, OKLAHOMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:45:00 | WinXP | 24.77.25.5 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 672 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 8ea2e3e4cd NEW |
none[none] | none:none |
none|none | none | none | |
| 00:47:00 | WinXP | 93.147.89.145 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 210.245.211.11:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 743e23a8fe NEW |
none[none] | none:none |
none|none | none | none |
| T:01:03:00 | Win2K-f | 4.225.232.230 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:19:00 | WinXP | 67.77.251.134 (EMBARQHSD.NET): EMBARQ CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 01:24:00 | Win2K-f | 76.87.210.98 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:33:00 | Win2K-f | 24.195.234.117 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:42:00 | Win2K-f | 210.155.240.247 (MZ0IP010.MII.JP): MNET INC, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:46:00 | WinXP | 75.138.118.126 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 672 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | bd5213518c NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:46:00 | WinXP | 68.149.40.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:47:00 | Win2K-f | 210.126.168.137 (KRLINE.NET): KRNIC, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:53:00 | WinXP | 75.138.118.126 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 673 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | bd5213518c NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:59:00 | WinXP | 4.225.88.254 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 02:06:00 | WinXP | 173.16.103.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:07:00 | WinXP | 118.15.146.148 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:590 hits: 01-01 to 10-06] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:12:00 | WinXP | 119.92.223.251 (-): . |
210.245.211.11:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b158.bundlext.com :randomnewnames.com :weeweewee.net US:192.221.110.125:80 US:204.160.126.124:80 US:207.123.37.124:80 HK:210.245.211.11:65520 76.9.9.190:80 |
135 | pcap | raw alerts ruleset |
irc http 148 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 35 of 36 22 of 36 2 of 36 18 of 36 |
2f1e19c17f NEW 57a9fa2bde NEW 59f1b164b0 [Firefox: 5 hits: 10-06 to 10-06] b21ba08b9a NEW d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| 02:27:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:27:00 | WinXP | 89.218.218.133 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:38:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru SE:viking.dal.net SE:coins.dal.net :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org :flanders.be.eu.undernet.org SE:ozbytes.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:02:44:00 | Win2K-f | 75.33.94.157 (SBCGLOBAL.NET): PPPOX POOL - RBACK7 BCVLOH, CLEVELAND, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:12:00 | WinXP | 67.246.238.254 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad :www.proxy-socks.net US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:564 hits: 01-01 to 10-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:03:20:00 | WinXP | 83.88.124.205 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, ROSKILDE, ROSKILDE, DK. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | bf1ba17fdd NEW |
none[none] | none:none |
none|none | none | none |
| 03:24:00 | WinXP | 93.147.89.145 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 743e23a8fe NEW |
none[none] | none:none |
none|none | none | none |
| 03:24:00 | WinXP | 82.207.18.73 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN KIEV, UA. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:28:00 | WinXP | 84.73.184.37 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 743e23a8fe NEW |
none[none] | none:none |
none|none | none | none |
| 03:29:00 | WinXP | 4.181.98.125 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:30:00 | Win2K-f | 70.117.144.53 (RR.COM): ROAD RUNNER HOLDCO LLC, GROVES, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:32:00 | Win2K-f | 4.181.98.125 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MODESTO, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:54:00 | Win2K-f | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:01:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.110.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 57ce4acac2 [Firefox:240 hits: 06-17 to 10-06] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:09:00 | WinXP | 222.149.225.127 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:11:00 | WinXP | 122.146.241.114 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:55:00 | WinXP | 121.254.126.125 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 555fd0d0b3 NEW |
none[none] | none:none |
none|none | none | none |
| 05:01:00 | Win2K-f | 70.184.250.238 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
210.245.211.11:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:208.111.148.108:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http irc 126 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 0 of 32 32 of 36 18 of 36 35 of 36 |
59f1b164b0 [Firefox: 5 hits: 10-06 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] bea8cb1865 [Firefox:26 hits: 08-11 to 10-06] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] fac78fde16 [Firefox: 9 hits: 09-13 to 10-06] |
none[none] b5919931fe[1] none [none] none [none] none [none] |
none:none ASM:Graph none:none none:none none:none |
none|none ASProtect| none|none none|none none|none |
none lines=90 none none none |
none trace none none none |
| T:05:06:00 | Win2K-f | 67.89.32.207 (ALGX.NET): XO COMMUNICATIONS, DRACUT, MASSACHUSETTS, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
4575d9d4f6 [Firefox: 3 hits: 10-01 to 10-05] ed570a2e4d [Firefox: 2 hits: 10-01 to 10-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:12:00 | WinXP | 62.204.241.194 (TTNET.CZ): JAN VANICKY NETWORK, CZ. |
n/a | :www.google.com.au US:www.yahoo.com :jbeegvia.ru US:www.worldbank.org DE:kavkaz.co.uk :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:39 hits: 04-18 to 10-02] |
none[3] | none:none |
tElock| | none | trace |
| 05:15:00 | WinXP | 4.153.8.157 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 151 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 05:19:00 | Win2K-f | 221.126.241.110 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
210.245.211.11:65520 | :proxim.ircgalaxy.pl IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 36 18 of 36 |
59f1b164b0 [Firefox: 5 hits: 10-06 to 10-06] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:38:00 | WinXP | 89.41.89.175 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8dbc2b2f86 [Firefox: 2 hits: 10-03 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 05:45:00 | WinXP | 203.73.84.102 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:198.78.220.124:80 US:199.93.53.126:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 57ce4acac2 [Firefox:240 hits: 06-17 to 10-06] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:02:00 | WinXP | 77.39.91.150 (STAVROPOL.RU): PJSC SOUTHERN TELECOMMUNICATIONS COMPANY, RU. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a9cfbd1b0c [Firefox:12 hits: 09-12 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 06:11:00 | WinXP | 89.41.81.87 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:49 hits: 09-13 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 06:13:00 | WinXP | 86.106.34.6 (UPCNET.RO): SC UPC ROMANIA SA, TIMISOARA, TIMIS, RO. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:49 hits: 09-13 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:06:18:00 | WinXP | 123.222.119.17 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:22:00 | Win2K-f | 208.126.20.97 (NETINS.NET): COOPERATIVE TELEPHONE COMPANY VICTOR, LIVERMORE, IOWA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 616 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 36 | ef45192710 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:25:00 | Win2K-f | 98.133.104.170 (-): ALLTEL MIP CUSTOMERS - LITTLE ROCK, LITTLE ROCK, ARKANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 720 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 69ea6772a5 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:27:00 | WinXP | 61.20.166.165 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] f64394d4d8 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 06:28:00 | WinXP | 92.114.201.193 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 210.245.211.11:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8793d64e05 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:54:00 | WinXP | 92.96.107.134 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:155 hits: 01-08 to 10-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:05:00 | Win2K-f | 67.77.251.134 (EMBARQHSD.NET): EMBARQ CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:05:00 | WinXP | 121.73.141.6 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:21 hits: 08-02 to 10-04] a51a50404e [Firefox:21 hits: 08-02 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:06:00 | Win2K-f | 70.71.250.130 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:19:00 | Win2K-f | 172.132.79.15 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 0 of 32 |
0474b4b09f [Firefox: 3 hits: 09-24 to 09-28] 1c3210698a [Firefox: 4 hits: 07-13 to 09-28] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 07:29:00 | WinXP | 70.166.93.100 (COX.NET): COX COMMUNICATIONS, EL CAJON, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:30:00 | WinXP | 80.121.18.0 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:155 hits: 01-08 to 10-06] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:32:00 | WinXP | 62.11.117.108 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:267 hits: 01-01 to 10-06] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 07:55:00 | Win2K-f | 65.24.122.221 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:08:00 | WinXP | 121.254.83.177 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:09:00 | WinXP | 121.254.83.177 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:20:00 | WinXP | 124.18.74.78 (R-124-18-16-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 193308a2d8 NEW |
none[none] | none:none |
none|none | none | none |
| 08:31:00 | WinXP | 222.233.182.167 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
210.245.211.11:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:dl.targetsaver.com IL:weba.freeprod.com US:b161.bundlext.com US:206.71.190.187:80 US:208.111.148.108:80 US:208.111.148.115:80 US:216.133.246.155:80 US:216.133.246.157:80 |
135 | pcap | raw alerts ruleset |
irc http 410 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 19 of 36 22 of 36 22 of 36 18 of 36 30 of 32 |
1509c8d024 [Firefox:36 hits: 06-17 to 10-06] 25d09238c1 NEW 46671c0870 NEW 59f1b164b0 [Firefox: 5 hits: 10-06 to 10-06] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] f23b040440 [Firefox:24 hits: 06-22 to 10-06] |
none[4] none [none] none [none] none [none] none [none] f23b040440[1] |
none:none none:none none:none none:none none:none ASM:Graph |
tElock| none|none none|none none|none none|none Armadillo| |
none none none none none lines=82 |
trace none none none none trace |
| 08:49:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:52:00 | WinXP | 93.146.51.37 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:267 hits: 01-01 to 10-06] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 09:07:00 | Win2K-f | 208.105.172.35 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:207.123.46.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:13:00 | WinXP | 115.165.79.247 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 09:17:00 | WinXP | 66.19.151.207 (POPSITE.NET): USLEC CORP, CHARLOTTE, NORTH CAROLINA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:23:00 | WinXP | 216.211.249.202 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
other 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
31514ea511 NEW e821ac5d65 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:09:24:00 | WinXP | 92.98.21.94 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:36 hits: 08-09 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:10:10:00 | WinXP | 93.147.89.176 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
210.245.211.11:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 743e23a8fe NEW |
none[none] | none:none |
none|none | none | none |
| 10:12:00 | WinXP | 93.147.89.176 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 743e23a8fe NEW |
none[none] | none:none |
none|none | none | none |
| T:10:18:00 | Win2K-f | 69.239.122.13 (PACBELL.NET): DANIEL D CLAXTON, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:22:00 | Win2K-f | 190.220.51.142 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:29:00 | Win2K-f | 122.146.241.114 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:36:00 | WinXP | 87.247.98.62 (-): MIKROVISATA, LT. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 4c934f9489 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:41:00 | Win2K-f | 4.236.126.234 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROOKLYN, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:43:00 | WinXP | 98.26.217.130 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:43:00 | WinXP | 98.105.132.42 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:28 hits: 09-17 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:10:44:00 | WinXP | 117.99.42.234 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:180 hits: 01-01 to 10-06] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 10:45:00 | WinXP | 117.99.42.234 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:180 hits: 01-01 to 10-06] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:11:23:00 | Win2K-f | 63.17.206.190 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 11:33:00 | Win2K-f | 125.58.78.76 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:03:00 | WinXP | 172.132.79.15 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
0474b4b09f [Firefox: 3 hits: 09-24 to 09-28] 1c3210698a [Firefox: 4 hits: 07-13 to 09-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:07:00 | WinXP | 124.18.74.78 (R-124-18-16-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-02.mx.aol.com US:ftp.newaol.com HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 193308a2d8 NEW |
none[none] | none:none |
none|none | none | none |
| 12:17:00 | WinXP | 24.188.235.252 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NEWARK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:21:00 | Win2K-f | 4.131.221.95 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] b7082104e4 [Firefox:182 hits: 06-18 to 10-06] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 12:23:00 | WinXP | 84.73.238.198 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7354ff7015 [Firefox: 3 hits: 10-05 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 12:36:00 | WinXP | 82.15.41.177 (NTL.COM): NTL INFRASTRUCTURE - BAGULEY, HARTLEPOOL, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 10-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:44:00 | WinXP | 93.105.75.131 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:49 hits: 09-13 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:13:02:00 | WinXP | 98.135.246.171 (-): . |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 132 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 34 0 of 33 |
0bfa79dc19 [Firefox:19 hits: 07-22 to 10-03] 8dfb3b619f [Firefox:20 hits: 07-22 to 10-03] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:13:05:00 | WinXP | 217.201.114.171 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:07:00 | WinXP | 87.57.182.39 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox:26 hits: 08-02 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:13:16:00 | WinXP | 58.70.100.173 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:590 hits: 01-01 to 10-06] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:17:00 | WinXP | 75.177.21.236 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENSBORO, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:26:00 | WinXP | 192.160.7.142 (ALCATEL.COM): ALCATEL NETWORK SERVICES, PLANO, TEXAS, US. |
210.245.211.11:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn DE:kitroneza.cn US:do-scan-progress.com US:xpas-2009.com :wpad IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 32 of 36 15 of 36 15 of 36 none 18 of 36 |
168aab35a3 [Firefox:158 hits: 06-17 to 10-06] 40d8554b40 NEW 8c591b9370 NEW 91dc355a93 [Firefox:24 hits: 09-25 to 10-06] bba5ec5f4d [Firefox: 4 hits: 09-22 to 10-01] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] |
none[4] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
tElock| none|none none|none none|none none|none none|none |
none none none none none none |
trace none none none none none |
| 13:38:00 | WinXP | 85.84.210.147 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:44:00 | WinXP | 70.71.7.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com US:b155.bundlext.com US:208.111.148.174:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
http irc 1393 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 22 of 36 18 of 36 0 of 33 |
0a72dd04b2 NEW 26d8882340 NEW 59f1b164b0 [Firefox: 5 hits: 10-06 to 10-06] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[none] none [none] none [none] none [none] e07c29c4ae[1] |
none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none FSG| |
none none none none lines=92 |
none none none none trace |
| 13:57:00 | Win2K-f | 122.146.81.247 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:00:00 | WinXP | 195.249.212.189 (RAS.TELE.DK): TELEDANMARK-DIAL-UP-USERS, SLAGELSE, VESTSJALLAND, DK. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:11:00 | WinXP | 193.239.254.120 (PODOL.NET): PODOL.NET, UA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b NEW |
none[none] | none:none |
none|none | none | none |
| T:14:11:00 | WinXP | 98.15.253.174 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:11:00 | WinXP | 193.239.254.120 (PODOL.NET): PODOL.NET, UA. |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net SE:viking.dal.net SE:vancouver.dal.net NL:diemen.nl.eu.undernet.org :lulea.se.eu.undernet.org :flanders.be.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b NEW |
none[none] | none:none |
none|none | none | none |
| 14:18:00 | Win2K-f | 65.183.135.100 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, BURLINGTON, VERMONT, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:27:00 | WinXP | 83.132.9.226 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 667bf08ae8 NEW |
none[none] | none:none |
none|none | none | none |
| 14:51:00 | WinXP | 41.214.173.149 (-): . |
210.245.211.11:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c9d01112a8 [Firefox:12 hits: 08-06 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 14:52:00 | WinXP | 212.233.203.10 (-): NTL, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 10-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:01:00 | Win2K-f | 70.66.68.184 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com US:xpas-2009.com DE:kitroneza.cn US:208.111.148.115:80 HK:210.245.211.11:80 |
135 | pcap | raw alerts ruleset |
irc http 534 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 36 32 of 36 34 of 36 15 of 36 18 of 36 33 of 36 |
2b095a212d NEW 40d8554b40 NEW 6ea2758c07 NEW 91dc355a93 [Firefox:24 hits: 09-25 to 10-06] d2e0990a9d [Firefox: 5 hits: 10-06 to 10-06] d4406c307b NEW |
none[none] none [none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none none|none |
none none none none none none |
none none none none none none |
| 15:09:00 | WinXP | 201.94.174.27 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 210.245.211.11:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 2210605667 NEW |
none[none] | none:none |
none|none | none | none |
| 15:15:00 | WinXP | 124.100.182.170 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:15:26:00 | WinXP | 81.215.65.71 (TTNET.NET.TR): ADSL-MET-GAYRETTEPE-DYNAMIC POOL, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox: 5 hits: 10-01 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 15:29:00 | Win2K-f | 211.124.220.170 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:29:00 | Win2K-f | 58.230.192.35 (-): THRUNET-INFRA-SEOUL03, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 0 of 32 31 of 33 |
1951eee0cd [Firefox:13 hits: 06-18 to 10-04] b5919931fe [Firefox:775 hits: 06-20 to 10-06] e5e0dbde57 [Firefox:13 hits: 06-18 to 10-04] |
1951eee0cd [1] b5919931fe[1] none [4] |
ASM:Graph ASM:Graph none:none |
Armadillo| ASProtect| tElock| |
lines=82 lines=90 none |
trace trace trace |
| 15:33:00 | WinXP | 94.191.146.216 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:33:00 | WinXP | 94.191.146.216 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:38:00 | WinXP | 68.203.248.121 (RR.COM): ROAD RUNNER HOLDCO LLC, LAREDO, TEXAS, US. (100Mbps) |
n/a | RU:moscow-advokat.ru SE:ced.dal.net :caen.fr.eu.undernet.org SE:ozbytes.dal.net SE:broadway.ny.us.dal.net SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:38:00 | WinXP | 68.203.248.121 (RR.COM): ROAD RUNNER HOLDCO LLC, LAREDO, TEXAS, US. (100Mbps) |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org AT:graz.at.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:coins.dal.net SE:broadway.ny.us.dal.net NO:london.uk.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:47:00 | Win2K-f | 216.208.194.14 (BELL.CA): BELL CANADA, TRENTON, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 159 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:49:00 | WinXP | 65.188.148.177 (RR.COM): ROAD RUNNER HOLDCO LLC, POMPANO BEACH, FLORIDA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad DE:ebookfinaltrash.ru |
445 | pcap | raw alerts ruleset |
http http http http http 50 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 0 of 36 29 of 29 |
795d56974a NEW 7c94233ae0 NEW a12cab51ef [Firefox:564 hits: 01-01 to 10-06] |
none[none] none [none] 40f7f463c4[0] |
none:none none:none ASM:Graph |
none|none none|none ASPack| |
none none lines=281 embedded dns |
none none trace |
| 15:56:00 | WinXP | 114.48.18.206 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:04:00 | WinXP | 97.76.195.173 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:36 hits: 08-09 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:16:12:00 | WinXP | 70.183.164.164 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | :proxim.ircgalaxy.pl HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
other 306 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 3320c728b1 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:20:00 | WinXP | 190.208.121.135 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 HK:210.245.211.11:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2d815d2be3 NEW |
none[none] | none:none |
none|none | none | none |
| 16:23:00 | WinXP | 68.146.198.143 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:28:00 | WinXP | 70.21.155.217 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BERGENFIELD, NEW JERSEY, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 9c1f1407f9 [Firefox: 6 hits: 09-30 to 10-05] |
none[none] | none:none |
none|none | none | none | |
| 16:35:00 | WinXP | 65.173.138.42 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:44:00 | WinXP | 65.7.78.163 (BELLSOUTH.NET): BELLSOUTH.NET INC, ELORA, TENNESSEE, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9302b1518e NEW |
none[none] | none:none |
none|none | none | none |
| T:16:46:00 | WinXP | 68.151.161.222 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:03:00 | Win2K-f | 24.83.3.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
210.245.211.11:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:192.221.110.125:80 US:199.93.44.126:80 US:204.160.126.126:80 HK:210.245.211.11:65520 |
135 | pcap | raw alerts ruleset |
irc http 123 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none 15 of 36 15 of 36 |
05b1ed9c9c [Firefox: 3 hits: 09-22 to 10-05] 0c87a74ebe [Firefox: 3 hits: 09-22 to 10-05] 91dc355a93 [Firefox:24 hits: 09-25 to 10-06] d03ffe9388 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 17:16:00 | Win2K-f | 71.111.249.169 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:18:00 | WinXP | 122.24.118.80 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:24:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 10-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:35:00 | WinXP | 65.190.214.183 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 321052074e [Firefox:15 hits: 02-23 to 10-01] |
1a587de3ca [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:49:00 | Win2K-f | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 57ce4acac2 [Firefox:240 hits: 06-17 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:52:00 | Win2K-f | 151.118.195.173 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:59:00 | WinXP | 75.0.229.177 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, US. (DSL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 0 of 36 |
1ca46a361d NEW a12cab51ef [Firefox:564 hits: 01-01 to 10-06] b42aaebf54 NEW |
none[none] 40f7f463c4[0] none [none] |
none:none ASM:Graph none:none |
none|none ASPack| none|none |
none lines=281 embedded dns none |
none trace none |
| T:18:04:00 | WinXP | 74.220.78.203 (CRUZIO.COM): CRUZIO, SANTA CRUZ, CALIFORNIA, US. (DSL) |
n/a | RU:moscow-advokat.ru SE:ced.dal.net SE:broadway.ny.us.dal.net :flanders.be.eu.undernet.org SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox:17 hits: 07-04 to 09-30] |
none[none] | none:none |
none|none | none | none |
| 18:09:00 | Win2K-f | 121.73.144.57 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:21 hits: 08-02 to 10-04] a51a50404e [Firefox:21 hits: 08-02 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:13:00 | WinXP | 190.138.26.22 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:15 hits: 09-17 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:18:14:00 | WinXP | 220.209.254.178 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 10-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:18:00 | WinXP | 68.146.194.51 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | d7f9cdd0d0 NEW |
none[none] | none:none |
none|none | none | none |
| 18:31:00 | Win2K-f | 60.249.242.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 57ce4acac2 [Firefox:240 hits: 06-17 to 10-06] b5919931fe [Firefox:775 hits: 06-20 to 10-06] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:18:33:00 | WinXP | 75.0.229.177 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad :www.proxy-socks.net US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http http http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:564 hits: 01-01 to 10-06] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:52:00 | Win2K-f | 122.53.240.206 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:50 hits: 06-18 to 10-06] 76ee340669 [Firefox:50 hits: 06-18 to 10-06] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 19:04:00 | WinXP | 208.105.170.95 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:36 hits: 08-09 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 19:06:00 | WinXP | 4.90.35.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:687 hits: 12-31 to 10-06] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:22:00 | Win2K-f | 58.227.69.117 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 144 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:15 hits: 07-10 to 10-06] 740e3bffe0 [Firefox:16 hits: 06-25 to 10-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:23:00 | WinXP | 92.40.179.182 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad RU:www.bbin.ru US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3aa8b0b266 NEW |
none[none] | none:none |
none|none | none | none |
| 19:31:00 | WinXP | 89.204.197.99 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 NEW |
none[none] | none:none |
none|none | none | none |
| 19:31:00 | WinXP | 220.209.254.178 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:51:00 | Win2K-f | 207.5.188.145 (GWI.NET): GREAT WORKS INTERNET, SHAPLEIGH, MAINE, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | ca832de942 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:57:00 | Win2K-f | 4.88.112.103 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ACWORTH, GEORGIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:03:00 | WinXP | 165.138.2.149 (IN.US): INDIANA DEPARTMENT OF EDUCATION, GOSHEN, INDIANA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox: 8 hits: 08-15 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:20:04:00 | WinXP | 165.138.2.149 (IN.US): INDIANA DEPARTMENT OF EDUCATION, GOSHEN, INDIANA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox: 8 hits: 08-15 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 20:06:00 | WinXP | 220.239.3.241 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 36 | c5dee159d0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:20:52:00 | WinXP | 58.224.59.143 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 31 of 33 |
a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] ddd2a2b264 [Firefox: 5 hits: 06-17 to 10-06] |
a08f3b74a4 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:21:02:00 | WinXP | 4.232.75.14 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1261 hits: 12-31 to 10-06] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:07:00 | WinXP | 194.9.8.159 (-): SC PROACTIV NETWORK SRL, BUCHAREST, BUCURESTI, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 89a4bbb636 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:07:00 | WinXP | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:15:00 | WinXP | 203.184.2.209 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, CHRISTCHURCH, CANTERBURY, NZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:94 hits: 01-14 to 10-05] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 21:17:00 | Win2K-f | 63.22.141.53 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 21:23:00 | WinXP | 118.231.79.178 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:38:00 | WinXP | 96.15.174.125 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 33 31 of 33 0 of 33 |
6d86a1ff5a [Firefox:40 hits: 06-25 to 10-02] 7f6e032fc0 [Firefox:40 hits: 06-25 to 10-02] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:21:39:00 | WinXP | 212.233.203.10 (-): NTL, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:450 hits: 12-31 to 10-06] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:27:00 | WinXP | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] a08f3b74a4 [Firefox:1024 hits: 06-18 to 10-06] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:33:00 | WinXP | 69.59.90.98 (NCTV.COM): NORTHLAND CABLE TELEVISION, GREENWOOD, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] e07c29c4ae [Firefox:578 hits: 06-19 to 10-06] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:38:00 | WinXP | 75.136.133.219 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:53:00 | WinXP | 4.143.32.241 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MINNEAPOLIS, MINNESOTA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 30 of 36 |
2ce489b91a NEW 2f1ec86326 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:02:00 | WinXP | 60.47.40.198 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:444 hits: 01-05 to 10-06] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:09:00 | Win2K-f | 24.86.167.61 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LANGLEY, BRITISH COLUMBIA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:19:00 | WinXP | 99.145.178.183 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:21:00 | Win2K-f | 64.138.243.170 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 73f1082158 [Firefox:1429 hits: 06-18 to 10-06] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:36:00 | WinXP | 59.103.100.46 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:140 hits: 01-03 to 10-06] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:40:00 | Win2K-f | 124.241.177.125 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2902 hits: 06-17 to 10-06] 57ce4acac2 [Firefox:240 hits: 06-17 to 10-06] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |