|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:20:00 | Win2K-f | 74.212.6.213 (EPIX.NET): PA TELEPHONE, WILLIAMSPORT, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:35:00 | WinXP | 58.210.48.229 (163DATA.COM.CN): CHINANET JIANGSU PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:00:36:00 | WinXP | 24.85.107.74 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:37:00 | WinXP | 24.67.162.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 1595515522 NEW |
none[none] | none:none |
none|none | none | none |
| 00:41:00 | Win2K-f | 122.146.241.137 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:47:00 | Win2K-f | 116.120.243.68 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 32 |
168aab35a3 [Firefox:159 hits: 06-17 to 10-07] 4c3df24b32 [Firefox:215 hits: 06-17 to 10-06] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
none[4] 4c3df24b32[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:51:00 | WinXP | 82.245.189.119 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 176ca2b1f1 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:52:00 | WinXP | 82.245.189.119 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 176ca2b1f1 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:04:00 | Win2K-f | 70.166.81.141 (COX.NET): COX COMMUNICATIONS, SAN DIEGO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:16:00 | WinXP | 4.169.29.72 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FONTANA, CALIFORNIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:32 hits: 01-07 to 09-24] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| 01:40:00 | WinXP | 220.105.164.199 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:593 hits: 01-01 to 10-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:04:00 | WinXP | 200.165.81.107 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 19a5a36f52 NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:09:00 | WinXP | 118.86.72.36 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.104.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 [Firefox: 3 hits: 08-19 to 10-03] e4ed4df0f0 [Firefox: 3 hits: 08-19 to 10-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:11:00 | Win2K-f | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:14 hits: 07-18 to 10-08] b4fe4581c3 [Firefox:14 hits: 07-18 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:31:00 | WinXP | 4.248.38.222 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WILLARDS, MARYLAND, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:54:00 | Win2K-f | 122.146.83.249 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:02:00 | WinXP | 115.69.136.27 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 3 hits: 10-03 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:03:12:00 | Win2K-f | 124.62.212.116 (-): POWERCOM, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
09c3d90250 [Firefox:13 hits: 08-04 to 10-06] 8f34a39070 [Firefox:13 hits: 08-04 to 10-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:03:20:00 | WinXP | 81.215.71.176 (TTNET.NET.TR): ADSL-MET-GAYRETTEPE-DYNAMIC POOL, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:10 hits: 10-01 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 03:21:00 | Win2K-f | 70.74.216.48 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 255 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 0 of 32 |
6df1b03604 [Firefox: 4 hits: 09-14 to 10-05] 74fa06e356 [Firefox: 4 hits: 09-14 to 10-05] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 03:39:00 | WinXP | 61.126.227.140 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:593 hits: 01-01 to 10-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:40:00 | WinXP | 213.168.35.45 (-): JSC SZKTI, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:48:00 | Win2K-f | 202.81.7.69 (-): ASIAKOMNET MULTIMEDIA PTE. LTD. INTERNET SERVICE PROVIDER SINGAPORE, SINGAPORE, SINGAPORE, SG. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:12:00 | WinXP | 209.127.71.14 (-): KINGSVILLE CITY HALL, KINGSVILLE, TEXAS, US. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 285 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 36 | d184a8ac3c NEW |
none[none] | none:none |
none|none | none | none | |
| 04:13:00 | WinXP | 88.157.58.164 (REV-82-102-32-10.TVTEL.PT): TVTEL - GRANDE PORTO COMUNICACOES SA, PORTO, PORTO, PT. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d94c8976cd NEW |
none[none] | none:none |
none|none | none | none |
| 04:18:00 | WinXP | 125.196.167.124 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:593 hits: 01-01 to 10-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:33:00 | WinXP | 81.9.145.187 (CM-81-9-145-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c [Firefox: 4 hits: 10-04 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:04:52:00 | WinXP | 59.104.250.23 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:52:00 | WinXP | 79.124.193.15 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ad027a0632 NEW |
none[none] | none:none |
none|none | none | none |
| 04:59:00 | WinXP | 81.84.215.206 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6c8056d10c NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:01:00 | WinXP | 121.13.8.215 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1b9a1f025e NEW |
none[none] | none:none |
none|none | none | none |
| T:05:02:00 | WinXP | 85.180.215.172 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | RU:moscow-advokat.ru SE:ced.dal.net NL:diemen.nl.eu.undernet.org SE:coins.dal.net SE:viking.dal.net SE:ozbytes.dal.net :gaspode.zanet.org.za RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 05:05:00 | WinXP | 85.180.215.172 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:18:00 | Win2K-f | 68.150.38.191 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| T:05:24:00 | WinXP | 213.22.214.35 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, ALMADA, SETUBAL, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4dd604b809 NEW |
none[none] | none:none |
none|none | none | none |
| 05:37:00 | WinXP | 221.242.80.212 (UCOM.NE.JP): UCOM CORP, JP. (100Mbps) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 05:43:00 | WinXP | 93.157.72.81 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:43:00 | WinXP | 93.157.72.81 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:05:44:00 | WinXP | 115.125.50.225 (-): . |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ad728af44d NEW |
none[none] | none:none |
none|none | none | none |
| 05:55:00 | WinXP | 118.216.26.27 (-): . |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 32 |
475d9a7753 [Firefox: 7 hits: 06-22 to 10-05] e9a7fa27d5 [Firefox: 7 hits: 06-22 to 10-05] |
none[4] e9a7fa27d5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 06:13:00 | WinXP | 66.66.118.96 (RR.COM): ROAD RUNNER HOLDCO LLC, ROCHESTER, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 06:41:00 | WinXP | 122.53.168.255 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 08bdf1770f NEW |
none[none] | none:none |
none|none | none | none | |
| 06:46:00 | WinXP | 93.105.75.131 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:53 hits: 09-13 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:06:52:00 | Win2K-f | 130.13.130.79 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 32 |
7f66e51c85 [Firefox:11 hits: 07-11 to 09-21] 9d12fe9d3b [Firefox:12 hits: 07-11 to 09-21] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:56:00 | Win2K-f | 70.183.228.79 (COX.NET): COX COMMUNICATIONS, FT. WALTON BEACH, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:11:00 | WinXP | 120.28.143.222 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:150 hits: 01-03 to 10-08] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:26:00 | WinXP | 4.245.179.99 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HARTFORD, CONNECTICUT, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:28:00 | WinXP | 4.224.45.48 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DELAWARE, OHIO, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 162 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
70ec75ed62 NEW fa32be2706 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:32:00 | WinXP | 85.152.216.112 (CM-85-152-232-10.TELECABLE.ES): TELECABLE, AVILES, ASTURIAS, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a2d4fbad48 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:36:00 | WinXP | 157.161.55.207 (INTERGGA.CH): IMPROWARE AG, BASEL, BASEL-STADT, CH. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:53 hits: 09-13 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 07:48:00 | WinXP | 88.170.66.225 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | af41df7df9 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:37:00 | WinXP | 63.147.185.2 (INTERTECH.NET): UCN INC, TULLAHOMA, TENNESSEE, US. |
n/a | US:www.google.com.au :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 5 hits: 09-26 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:08:37:00 | WinXP | 85.84.216.148 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:18 hits: 09-17 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:08:42:00 | Win2K-f | 99.253.125.90 (STERLINGSTUDENTS.NET): ROGERS CABLE COMMUNICATIONS INC, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:204.160.126.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:48:00 | WinXP | 213.22.123.111 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 13754a62da NEW |
none[none] | none:none |
none|none | none | none |
| 08:57:00 | WinXP | 85.139.242.236 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 30 |
2587501592 NEW af79e0c602 [Firefox:10 hits: 01-08 to 10-08] |
none[none] none [4] |
none:none none:none |
none|none ASPack| |
none none |
none trace |
| T:08:58:00 | WinXP | 85.84.164.176 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 21f85bf125 NEW |
none[none] | none:none |
none|none | none | none |
| 08:58:00 | WinXP | 85.84.164.176 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | c83514acfc NEW |
none[none] | none:none |
none|none | none | none |
| 09:27:00 | WinXP | 77.37.164.72 (NCNET.RU): NCN-INFRA, RU. |
n/a | US:www.google.com.au US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 5 hits: 09-26 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:09:27:00 | WinXP | 77.37.164.72 (NCNET.RU): NCN-INFRA, RU. |
n/a | US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 5 hits: 09-26 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 09:32:00 | WinXP | 83.132.155.119 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:33 hits: 04-05 to 10-05] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:09:33:00 | WinXP | 92.98.9.253 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:42 hits: 08-09 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 09:36:00 | WinXP | 92.98.9.253 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:42 hits: 08-09 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:09:45:00 | WinXP | 122.53.1.39 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6672dcb81a [Firefox: 2 hits: 10-04 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 09:52:00 | WinXP | 85.138.11.192 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, QUARTEIRA, FARO, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 667bf08ae8 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:52:00 | WinXP | 85.138.11.192 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, QUARTEIRA, FARO, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 667bf08ae8 NEW |
none[none] | none:none |
none|none | none | none |
| 09:54:00 | WinXP | 68.95.70.243 (SWBELL.NET): PPPOX POOL - BRAS1.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk FI:imgs2.kavkazcenter.com US:www.google.com US:www.google-analytics.com US:www.youtube.com US:video.google.com GB:217.194.210.198:80 US:66.242.19.44:80 69.64.157.16:80 US:72.29.65.216:80 74.125.19.147:80 FI:80.81.183.151:80 FI:80.81.183.162:80 SE:88.80.5.157:80 |
445 | pcap | raw alerts ruleset |
http 62 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:45 hits: 01-02 to 10-08] |
none[3] | none:none |
ASPack| | none | trace |
| T:09:56:00 | Win2K-f | 211.22.172.147 (E-LEAD.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
269540d8b6 [Firefox: 2 hits: 10-03 to 10-05] 9b272b04ec [Firefox: 2 hits: 10-03 to 10-05] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:59:00 | WinXP | 12.19.39.174 (-): VALLEY CABLE TV INC, FT. VALLEY, GEORGIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:18 hits: 09-17 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:10:02:00 | Win2K-f | 71.112.105.186 (VERIZON.NET): VERIZON INTERNET SERVICES INC, REDMOND, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:02:00 | WinXP | 91.124.100.1 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2bf8f809de NEW |
none[none] | none:none |
none|none | none | none |
| 10:08:00 | WinXP | 88.100.187.52 (IOL.CZ): XDSL NETWORK-ADSL, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
n/a | US:daymohk.info :marsho.dk US:www.jamaatshariat.com FI:static.kavkazchat.com FI:imgs2.kavkazcenter.com US:www.google.com GB:www.chechenpress.co.uk :www.islamicfinder.org US:www.youtube.com US:66.242.19.44:80 FI:80.81.183.151:80 FI:80.81.183.162:80 |
445 | pcap | raw alerts ruleset |
http 376 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:13:00 | WinXP | 24.188.235.252 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NEWARK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:17:00 | WinXP | 117.195.4.33 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 28f541b1b3 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:26:00 | WinXP | 41.232.129.122 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:27:00 | WinXP | 93.148.177.238 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru SE:ced.dal.net :caen.fr.eu.undernet.org :brussels.be.eu.undernet.org NO:london.uk.eu.undernet.org SE:viking.dal.net SE:qis.md.us.dal.net :gaspode.zanet.org.za :flanders.be.eu.undernet.org :los-angeles.ca.us.undernet.org :lulea.se.eu.undernet.org SE:broadway.ny.us.dal.net NL:diemen.nl.eu.undernet.org :washington.dc.us.undernet.org AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:33:00 | Win2K-f | 71.111.249.169 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:36:00 | WinXP | 87.205.76.7 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:150 hits: 01-03 to 10-08] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:48:00 | WinXP | 4.136.177.139 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLARKSVILLE, TENNESSEE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 118 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] b7082104e4 [Firefox:184 hits: 06-18 to 10-08] e07c29c4ae [Firefox:592 hits: 06-19 to 10-08] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:11:02:00 | WinXP | 87.59.118.10 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e4baeefcc1 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:08:00 | WinXP | 82.59.5.46 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, ANCONA, MARCHE, IT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96dd1ffa53 NEW |
none[none] | none:none |
none|none | none | none |
| 11:09:00 | WinXP | 82.59.5.46 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, ANCONA, MARCHE, IT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96dd1ffa53 NEW |
none[none] | none:none |
none|none | none | none |
| 11:34:00 | Win2K-f | 70.79.6.99 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
6f64f9065d NEW fec2f7360e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 11:44:00 | WinXP | 204.193.216.91 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f9e03b93bc NEW |
none[none] | none:none |
none|none | none | none |
| T:11:46:00 | WinXP | 204.193.216.91 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f9e03b93bc NEW |
none[none] | none:none |
none|none | none | none |
| T:11:48:00 | WinXP | 82.233.209.250 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:49:00 | WinXP | 4.226.231.205 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MCKINNEY, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:44 hits: 01-02 to 09-24] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| T:11:51:00 | WinXP | 4.226.231.205 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MCKINNEY, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:44 hits: 01-02 to 09-24] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 12:05:00 | WinXP | 85.152.184.242 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a2d4fbad48 NEW |
none[none] | none:none |
none|none | none | none |
| 12:05:00 | Win2K-f | 24.234.205.170 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:11:00 | Win2K-f | 24.234.205.170 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:15:00 | WinXP | 87.247.111.3 (-): MIKROVISATA, LT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:18:00 | WinXP | 89.155.84.210 (-): TVCABO PORTUGAL S.A, OEIRAS, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 818e0a7e99 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:457 hits: 12-31 to 10-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:22:00 | WinXP | 92.114.200.106 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:ced.dal.net SE:qis.md.us.dal.net SE:vancouver.dal.net NL:diemen.nl.eu.undernet.org :washington.dc.us.undernet.org US:lia.zanet.net :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org SE:viking.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 51835ccab3 NEW |
none[none] | none:none |
none|none | none | none |
| 12:28:00 | WinXP | 200.234.89.119 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | e6c448e3f3 NEW |
none[none] | none:none |
none|none | none | none |
| 12:32:00 | WinXP | 68.207.249.196 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7b1a3bf102 [Firefox: 2 hits: 08-02 to 08-27] |
none[none] | none:none |
none|none | none | none |
| 12:43:00 | WinXP | 151.54.125.235 (38-151.NET24.IT): IUNET-BNET, VENICE, VENETO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 18c7040ea0 [Firefox: 2 hits: 09-15 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:12:44:00 | WinXP | 92.115.118.43 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:48:00 | WinXP | 80.189.167.36 (GLOBAL.NET.UK): LONDON-DIAL-POOLS, LINCOLN, ENGLAND, UK. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:453 hits: 01-05 to 10-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:12:50:00 | WinXP | 189.67.196.246 (-): . |
194.54.90.246:80 | UA:citi-bank.ru :parex-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:13:00 | WinXP | 80.218.27.152 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | fe9ec83ed0 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:17:00 | WinXP | 93.184.226.76 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1540ff87bb NEW |
none[none] | none:none |
none|none | none | none |
| T:13:29:00 | WinXP | 89.152.211.118 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5a6eafb317 NEW |
none[none] | none:none |
none|none | none | none |
| 13:39:00 | WinXP | 200.45.98.47 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:46:00 | WinXP | 12.74.52.188 (ATT.NET): AT&T WORLDNET SERVICES, LOUISVILLE, KENTUCKY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 159 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 3d92fb16ce NEW |
none[none] | none:none |
none|none | none | none | |
| 13:53:00 | WinXP | 78.88.141.79 (-): VECTRA TECHNOLOGIE S.A, PL. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fe12e0d1f8 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:08:00 | WinXP | 89.165.67.252 (-): NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK, IR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 5531ef78c6 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:11:00 | WinXP | 12.77.213.197 (ATT.NET): AT&T WORLDNET SERVICES, MORRISTOWN, NEW JERSEY, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:18:00 | WinXP | 78.139.164.251 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b62fa10cc4 NEW |
none[none] | none:none |
none|none | none | none |
| 14:23:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
b74e792974 [Firefox:11 hits: 06-18 to 09-30] f0e73c39a8 [Firefox:12 hits: 06-18 to 09-30] |
b74e792974 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 14:51:00 | WinXP | 84.120.247.234 (ONO.COM): CABLEUROPA - ONO, VALENCIA, VALENCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:150 hits: 01-03 to 10-08] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:52:00 | WinXP | 84.120.247.234 (ONO.COM): CABLEUROPA - ONO, VALENCIA, VALENCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:150 hits: 01-03 to 10-08] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:00:00 | WinXP | 201.252.30.142 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 1a88bd5450 [Firefox: 2 hits: 10-02 to 10-04] |
none[none] | none:none |
none|none | none | none |
| 15:00:00 | Win2K-f | 140.239.42.89 (XO.NET): XO COMMUNICATIONS, HOPKINTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:22 hits: 06-18 to 10-06] 79c01ec060 [Firefox:53 hits: 06-18 to 10-06] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:15:02:00 | Win2K-f | 24.70.26.59 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:08:00 | WinXP | 4.228.6.110 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, AURORA, COLORADO, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:13:00 | WinXP | 98.141.161.136 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:17:00 | Win2K-f | 4.164.183.208 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OMAHA, NEBRASKA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:15:18:00 | Win2K-f | 61.20.165.26 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
d30ff1b325 NEW f64394d4d8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:19:00 | WinXP | 87.116.206.109 (TNP.PL): BROADBAND_SERVICES, PL. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0e40342969 NEW |
none[none] | none:none |
none|none | none | none |
| 15:23:00 | WinXP | 190.225.192.215 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 801c8f8e60 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:32:00 | Win2K-f | 220.130.83.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 0 of 32 |
57ce4acac2 [Firefox:249 hits: 06-17 to 10-08] 83f26f5044 [Firefox:26 hits: 06-20 to 10-08] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
57ce4acac2 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 15:45:00 | WinXP | 114.48.15.6 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:453 hits: 01-05 to 10-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 15:46:00 | Win2K-f | 4.224.189.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.73.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:48:00 | WinXP | 118.15.69.116 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:453 hits: 01-05 to 10-08] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 15:55:00 | WinXP | 99.237.204.183 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:215 hits: 06-17 to 10-06] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 15:59:00 | Win2K-f | 76.250.136.157 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:22:00 | WinXP | 66.19.188.186 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:46:00 | Win2K-f | 121.73.98.27 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:204.160.126.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:23 hits: 08-02 to 10-07] a51a50404e [Firefox:23 hits: 08-02 to 10-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:46:00 | WinXP | 68.149.40.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:56:00 | WinXP | 70.75.187.122 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 09e933c12d NEW |
none[none] | none:none |
none|none | none | none |
| T:17:17:00 | WinXP | 86.144.169.134 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:457 hits: 12-31 to 10-08] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:17:18:00 | WinXP | 70.183.164.164 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 3320c728b1 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:20:00 | WinXP | 66.50.2.117 (PRTC.NET): PRTC RAS, SAN JUAN, PUERTO RICO, PR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 350916e912 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:20:00 | WinXP | 66.50.2.117 (PRTC.NET): PRTC RAS, SAN JUAN, PUERTO RICO, PR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 05b25f49cb NEW |
none[none] | none:none |
none|none | none | none |
| 17:25:00 | WinXP | 98.121.132.107 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:26:00 | WinXP | 98.121.132.107 (-): . |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org AT:graz.at.eu.undernet.org US:lia.zanet.net SE:coins.dal.net NL:diemen.nl.eu.undernet.org NO:london.uk.eu.undernet.org :los-angeles.ca.us.undernet.org :gaspode.zanet.org.za :flanders.be.eu.undernet.org SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:34:00 | WinXP | 76.247.46.238 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:160 hits: 01-08 to 10-08] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 17:54:00 | WinXP | 60.250.193.210 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
67.43.236.66:8080 72.10.172.211:8080 67.43.236.99:1863 | CA:xx.ka3ek.com :xx.nadnadzz.info CA:xx.enterhere.biz CA:zonetech.info US:130.107.157.214:5657 CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:67.43.236.98:1863 CA:72.10.172.211:8080 |
135 | pcap | raw alerts ruleset |
irc http 312 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 21 of 36 26 of 36 |
3e01fb69e1 [Firefox: 3 hits: 09-29 to 10-04] 6b997bcb17 [Firefox: 3 hits: 09-29 to 10-04] d184a8ac3c NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:18:09:00 | WinXP | 66.19.188.102 (USLEC.NET): USLEC CORP, MIAMI, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:22:00 | WinXP | 65.24.122.221 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] e07c29c4ae [Firefox:592 hits: 06-19 to 10-08] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:18:24:00 | Win2K-f | 4.136.177.139 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLARKSVILLE, TENNESSEE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 122 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] b7082104e4 [Firefox:184 hits: 06-18 to 10-08] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 18:26:00 | Win2K-f | 24.69.97.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 224 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 36 0 of 32 |
090753e602 NEW 79595a71bb NEW b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 18:35:00 | WinXP | 201.250.147.74 (COM.AR): TELEFONICA DE ARGENTINA, RAMOS MEJIA, BUENOS AIRES, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 83c75e25f8 NEW |
none[none] | none:none |
none|none | none | none |
| 18:37:00 | WinXP | 118.231.133.129 (-): . |
n/a | RU:moscow-advokat.ru SE:viking.dal.net SE:coins.dal.net :caen.fr.eu.undernet.org AT:graz.at.eu.undernet.org SE:qis.md.us.dal.net :brussels.be.eu.undernet.org :washington.dc.us.undernet.org NL:diemen.nl.eu.undernet.org :los-angeles.ca.us.undernet.org :lulea.se.eu.undernet.org :flanders.be.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | d61760f6a1 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:40:00 | WinXP | 63.160.235.184 (SPRINTLINK.NET): SPRINT, PULLMAN, WASHINGTON, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:31 hits: 09-17 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 18:48:00 | WinXP | 70.72.11.252 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WEYBURN, SASKATCHEWAN, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:183 hits: 01-01 to 10-08] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:18:59:00 | WinXP | 119.94.51.243 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:33 hits: 04-05 to 10-05] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 19:00:00 | WinXP | 119.94.51.243 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:33 hits: 04-05 to 10-05] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:19:17:00 | WinXP | 66.217.137.173 (USLEC.NET): USLEC CORP, ABINGDON, MARYLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 158 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:27:00 | WinXP | 61.20.165.26 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
d30ff1b325 NEW f64394d4d8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:54:00 | Win2K-f | 122.109.55.95 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 244 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
1a9ce5b5e9 NEW a2db11fbb8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:11:00 | WinXP | 151.118.216.197 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:15:00 | WinXP | 117.99.4.14 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:19:00 | Win2K-f | 64.130.176.155 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] b5919931fe [Firefox:799 hits: 06-20 to 10-08] b7082104e4 [Firefox:184 hits: 06-18 to 10-08] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 20:28:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 57ce4acac2 [Firefox:249 hits: 06-17 to 10-08] e07c29c4ae [Firefox:592 hits: 06-19 to 10-08] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:20:31:00 | WinXP | 117.99.62.56 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:37:00 | Win2K-f | 4.136.246.188 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OAK ISLAND, NORTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 146 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] b5919931fe [Firefox:799 hits: 06-20 to 10-08] b7082104e4 [Firefox:184 hits: 06-18 to 10-08] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 20:43:00 | WinXP | 24.82.95.87 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 0c390db94d [Firefox: 2 hits: 10-01 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:20:46:00 | WinXP | 70.75.187.122 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 09e933c12d NEW |
none[none] | none:none |
none|none | none | none |
| 21:04:00 | WinXP | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 57ce4acac2 [Firefox:249 hits: 06-17 to 10-08] e07c29c4ae [Firefox:592 hits: 06-19 to 10-08] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:09:00 | WinXP | 116.126.201.193 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 0 of 36 30 of 32 |
475d9a7753 [Firefox: 7 hits: 06-22 to 10-05] 62abca87d8 NEW e9a7fa27d5 [Firefox: 7 hits: 06-22 to 10-05] |
none[4] none [none] e9a7fa27d5[1] |
none:none none:none ASM:Graph |
tElock| none|none Armadillo| |
none none lines=82 |
trace none trace |
| T:21:12:00 | WinXP | 64.139.99.92 (NCIDATA.COM): NCI DATA.COM INC, BREWSTER, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:31:00 | WinXP | 60.250.57.53 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 09e933c12d NEW |
none[none] | none:none |
none|none | none | none |
| 21:44:00 | WinXP | 67.77.52.4 (EMBARQHSD.NET): EMBARQ CORPORATION, HOLLY SPRINGS, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:47:00 | WinXP | 4.131.142.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1281 hits: 12-31 to 10-08] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:19:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:10 hits: 08-01 to 10-01] dc92683d9a [Firefox:17 hits: 06-19 to 10-01] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 22:19:00 | WinXP | 77.78.190.93 (-): LULIN-NET, BG. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:53 hits: 09-13 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 22:27:00 | WinXP | 117.99.20.216 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:28:00 | WinXP | 117.99.20.216 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:42:00 | Win2K-f | 122.52.73.88 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:51 hits: 06-18 to 10-07] 76ee340669 [Firefox:51 hits: 06-18 to 10-07] b5919931fe [Firefox:799 hits: 06-20 to 10-08] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 22:47:00 | Win2K-f | 211.176.176.188 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
776985f561 [Firefox:17 hits: 06-24 to 09-30] 8ec6129efe [Firefox:16 hits: 06-24 to 09-30] |
776985f561 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 22:59:00 | WinXP | 118.8.221.80 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:593 hits: 01-01 to 10-08] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:05:00 | Win2K-f | 210.18.111.157 (SIFY.NET): SATYAM INFOWAY (P) LTD, MUMBAI, MAHARASHTRA, IN. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] a08f3b74a4 [Firefox:1064 hits: 06-18 to 10-08] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:11:00 | WinXP | 202.213.94.204 (HCTV.NE.JP): HIGASHIMATSUYAMA CABLE TELEVISION CO. LTD, JP. |
n/a | EU:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru US:spi.domainsponsor.com :wpad US:208.73.210.32:80 DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
0ffc9bc5ec NEW a12cab51ef [Firefox:568 hits: 01-01 to 10-07] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:23:12:00 | WinXP | 70.61.156.64 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:2996 hits: 06-17 to 10-08] 73f1082158 [Firefox:1475 hits: 06-18 to 10-08] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:22:00 | WinXP | 122.42.94.57 (-): POWERCOMM, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 0 of 33 30 of 33 |
2949152a24 [Firefox: 6 hits: 07-02 to 08-15] e07c29c4ae [Firefox:592 hits: 06-19 to 10-08] f1a10a0d85 [Firefox: 6 hits: 07-02 to 08-15] |
none[none] e07c29c4ae[1] none [none] |
none:none ASM:Graph none:none |
none|none FSG| none|none |
none lines=92 none |
none trace none |
| T:23:35:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net SE:broadway.ny.us.dal.net FI:london.uk.eu.undernet.org :caen.fr.eu.undernet.org SE:viking.dal.net :washington.dc.us.undernet.org :flanders.be.eu.undernet.org SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:35:00 | WinXP | 24.78.55.236 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:54:00 | WinXP | 117.99.10.83 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:702 hits: 12-31 to 10-08] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |