|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:05:00 | WinXP | 210.187.158.41 (TM.NET.MY): INFRA-TMNET, IPOH, PERAK, MY. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 0f99623be1 [Firefox: 5 hits: 09-22 to 09-29] |
none[none] | none:none |
none|none | none | none |
| 00:13:00 | Win2K-f | 12.210.174.27 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, SALT LAKE CITY, UTAH, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:49:00 | WinXP | 190.246.174.29 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1b7ec6ce60 [Firefox: 7 hits: 09-16 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 01:22:00 | WinXP | 70.241.192.206 (SWBELL.NET): PPPOX POOL - BRAS1 STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk US:shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com GB:www.chechenpress.co.uk :www.google-analytics.com :www.youtube.com US:video.google.com US:209.85.173.100:80 DE:212.227.111.29:80 DE:217.11.54.126:80 US:66.242.19.44:80 |
445 | pcap | raw alerts ruleset |
http http 143 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:46 hits: 01-02 to 10-09] |
none[3] | none:none |
ASPack| | none | trace |
| 01:26:00 | WinXP | 59.105.88.58 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:31:00 | WinXP | 89.178.38.159 (CORBINA.RU): BROADBAND CUSTOMERS IN MOSCOW, MOSCOW, MOSKVA, RU. |
n/a | DE:siliconfireware.ru :wpad SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk US:shaheeds.org US:daymohk.info :chripress.org :marsho.dk FI:imgs2.kavkazcenter.com :www.google.com :www.islamicfinder.org :www.youtube.com :www.google-analytics.com US:video.google.com US:208.65.153.238:80 DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.194.210.198:80 US:66.242.19.44:80 67.210.105.112:80 69.64.157.16:80 EU:78.47.200.154:80 FI:80.81.183.162:80 SE:88.80.5.157:80 |
445 | pcap | raw alerts ruleset |
http 569 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:33:00 | Win2K-f | 68.118.77.222 (CHARTER.COM): CHARTER COMMUNICATIONS, NEWPORT, OREGON, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 0 of 32 |
37be569696 [Firefox: 2 hits: 09-21 to 09-25] b2fa7ba3a5 [Firefox: 2 hits: 09-21 to 09-25] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 01:56:00 | WinXP | 220.136.20.35 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:96 hits: 01-14 to 10-08] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 02:01:00 | WinXP | 63.28.36.224 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:09:00 | Win2K-f | 64.184.20.106 (SWAYZEE.COM): SWAYZEE TELEPHONE CO, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 35 |
372f785b1b NEW bd1e145278 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:47:00 | WinXP | 217.246.36.106 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 03:58:00 | WinXP | 70.15.64.55 (PTD.NET): PENTELEDATA INC. - CABLE, SELINSGROVE, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:03:00 | Win2K-f | 61.187.136.202 (CS.HN.CN): CHINANET-HN CHANGSHA NODE NETWORK, CHANGSHA, HUNAN, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:20:00 | WinXP | 92.114.223.126 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 313f5e1398 NEW |
none[none] | none:none |
none|none | none | none |
| 04:29:00 | Win2K-f | 4.225.139.132 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:48:00 | Win2K-f | 24.100.2.147 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 253 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 3 hits: 09-12 to 10-08] d8cf9fc784 [Firefox: 3 hits: 09-12 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:59:00 | WinXP | 65.26.201.18 (RR.COM): ROAD RUNNER HOLDCO LLC, OAK CREEK, WISCONSIN, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:00:00 | WinXP | 82.58.199.222 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MILANO, LOMBARDIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f3bfb92b73 NEW |
none[none] | none:none |
none|none | none | none |
| 05:18:00 | Win2K-f | 61.34.136.38 (BORA.NET): DACOM CORP, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:05:00 | Win2K-f | 4.160.135.201 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SOUTH BEND, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 157 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:07:00 | WinXP | 4.174.181.157 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
http 101 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:08:00 | WinXP | 117.200.161.209 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 79d7bedf4d NEW |
none[none] | none:none |
none|none | none | none |
| T:06:08:00 | WinXP | 117.200.161.209 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 79d7bedf4d NEW |
none[none] | none:none |
none|none | none | none |
| 06:32:00 | WinXP | 83.68.65.127 (TNP.PL): TELENETCENTRUM-NET, PL. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0e40342969 NEW |
none[none] | none:none |
none|none | none | none |
| 06:32:00 | WinXP | 78.34.7.83 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:11 hits: 10-01 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 06:43:00 | WinXP | 61.94.120.158 (TELKOM.NET.ID): PT TELKOM INDONESIA, BOGOR, JAWA BARAT (DJAWA BARAT), ID. |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:569 hits: 01-01 to 10-09] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:06:50:00 | Win2K-f | 4.248.241.45 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FREDERICK, MARYLAND, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:06:50:00 | WinXP | 84.237.166.248 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | e69e23fa76 NEW |
none[none] | none:none |
none|none | none | none |
| 07:15:00 | WinXP | 89.43.145.174 (TVSATRM.RO): SC TV SAT 2002 SRL, BUZAU, BUZAU, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:15:00 | WinXP | 89.43.145.174 (TVSATRM.RO): SC TV SAT 2002 SRL, BUZAU, BUZAU, RO. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:34:00 | Win2K-f | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:35:00 | WinXP | 88.172.38.87 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | f9d832dfd2 [Firefox: 3 hits: 09-22 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:07:37:00 | WinXP | 75.191.162.232 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru :gaspode.zanet.org.za US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:39:00 | WinXP | 87.110.106.116 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:11 hits: 10-01 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 07:43:00 | WinXP | 67.212.60.132 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:46:00 | Win2K-f | 65.27.194.90 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:48:00 | WinXP | 82.208.134.229 (ASTRAL.RO): ASTRAL-CJ-DOCSIS, CLUJ-NAPOCA, CLUJ, RO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | eb4de67b7a NEW |
none[none] | none:none |
none|none | none | none |
| 08:04:00 | WinXP | 219.105.88.161 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1a8dccb1b8 NEW |
none[none] | none:none |
none|none | none | none |
| 08:20:00 | WinXP | 80.199.42.28 (ADSL-FIXED.TELE.DK): TDC-INTERNET-STATIC-ASSIGNED-IP, COPENHAGEN, COPENHAGEN, DK. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:21 hits: 01-20 to 10-05] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:22:00 | Win2K-f | 216.209.249.61 (BELL.CA): DRYDEN MUNICIPAL TELEPHONE, OWEN SOUND, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 173 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:25:00 | WinXP | 41.214.180.119 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:154 hits: 01-03 to 10-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:39:00 | WinXP | 79.46.22.116 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | f1d556bf4b [Firefox: 3 hits: 10-05 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:08:42:00 | WinXP | 213.206.50.13 (NOTUSED.UZPAK.UZ): PROVIDER LOCAL REGISTRY, UZ. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:08:52:00 | WinXP | 4.252.152.37 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KENOSHA, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:04:00 | WinXP | 86.129.248.71 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 10-09] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:16:00 | WinXP | 216.76.235.136 (BELLSOUTH.NET): BELLSOUTH.NET INC, FLORENCE, ALABAMA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:26:00 | WinXP | 83.97.133.63 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8d858316eb NEW |
none[none] | none:none |
none|none | none | none |
| 09:34:00 | Win2K-f | 219.249.120.23 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:217 hits: 06-17 to 10-09] 53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:09:53:00 | WinXP | 202.69.143.83 (TTTMAXNET.COM): MAXNET INTERNET SERVICE PROVIDER BANGKOK, TH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 257 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 0 of 33 |
0b09052fb7 [Firefox: 3 hits: 09-12 to 10-08] d8cf9fc784 [Firefox: 3 hits: 09-12 to 10-08] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:10:02:00 | WinXP | 89.165.13.128 (-): NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK, IR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b4483f9892 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:03:00 | WinXP | 68.150.38.191 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | CA:dirty.eiheihre3.com | 135 | pcap | raw alerts ruleset |
irc http 525 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 36 36 of 36 |
03d5bf43b7 NEW 99bfd6101e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:09:00 | WinXP | 41.214.189.179 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b3caf20c97 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:21:00 | WinXP | 88.175.93.243 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | e98a5fa83f [Firefox: 2 hits: 10-03 to 10-05] |
none[none] | none:none |
none|none | none | none | |
| T:10:41:00 | WinXP | 72.251.93.123 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:16 hits: 02-16 to 10-08] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:10:43:00 | WinXP | 121.35.75.217 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, SHENZHEN, GUANGDONG, CN. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
98e59b9e40 NEW ed997367c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:43:00 | WinXP | 41.210.209.127 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 87bf2f533f [Firefox: 2 hits: 10-02 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | WinXP | 89.165.19.99 (-): NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK, IR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b4483f9892 NEW |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | WinXP | 151.118.216.197 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:03:00 | WinXP | 41.235.132.62 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:07:00 | WinXP | 92.114.159.11 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :washington.dc.us.undernet.org :caen.fr.eu.undernet.org SE:ced.dal.net :flanders.be.eu.undernet.org FI:london.uk.eu.undernet.org SE:coins.dal.net SE:ozbytes.dal.net :gaspode.zanet.org.za SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3325b2a067 NEW |
none[none] | none:none |
none|none | none | none |
| 11:12:00 | WinXP | 94.191.137.233 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:161 hits: 01-08 to 10-09] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:11:13:00 | WinXP | 212.106.23.208 (POLBOX.PL): POLBOX, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 6 hits: 09-29 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:11:18:00 | WinXP | 98.175.171.32 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 0 of 33 |
430b442da3 NEW bea8cb1865 [Firefox:27 hits: 08-11 to 10-07] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:11:38:00 | WinXP | 92.115.122.220 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 31ed6e606c NEW |
none[none] | none:none |
none|none | none | none |
| 11:40:00 | WinXP | 85.138.57.93 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2fc9b5998f NEW |
none[none] | none:none |
none|none | none | none |
| T:11:51:00 | WinXP | 97.81.102.133 (CHARTER.COM): CHARTER COMMUNICATIONS, LAWRENCEVILLE, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:20 hits: 09-14 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 11:57:00 | WinXP | 213.94.133.83 (EIRCOM.NET): EIRCOM LTD, DUBLIN, DUBLIN, IE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:58:00 | WinXP | 24.211.136.145 (RR.COM): ROAD RUNNER HOLDCO LLC, CARY, NORTH CAROLINA, US. (100Mbps) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 321052074e [Firefox:16 hits: 02-23 to 10-07] |
1a587de3ca [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:05:00 | WinXP | 41.214.161.135 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:05:00 | WinXP | 41.214.161.135 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:08:00 | WinXP | 41.233.71.115 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru US:www.microsoft.com DE:www.bpfq02.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 73d46aecd2 NEW |
none[none] | none:none |
none|none | none | none |
| 12:20:00 | Win2K-f | 70.184.153.71 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
bea8cb1865 [Firefox:27 hits: 08-11 to 10-07] fac78fde16 [Firefox:10 hits: 09-13 to 10-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:24:00 | WinXP | 92.41.231.248 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 32 | 1ab4d3d7b6 [Firefox:11 hits: 04-10 to 05-18] |
cc366b3f6c [0] | ASM:Graph |
none|none | lines=287 embedded dns |
trace |
| 12:33:00 | WinXP | 121.35.75.217 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, SHENZHEN, GUANGDONG, CN. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 35 of 36 |
98e59b9e40 NEW ed997367c3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:04:00 | WinXP | 85.152.184.112 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a2d4fbad48 [Firefox: 2 hits: 10-09 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 13:06:00 | WinXP | 166.165.228.189 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox:15 hits: 09-14 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:13:07:00 | WinXP | 166.165.228.189 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a84ffdf670 [Firefox:15 hits: 09-14 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 13:37:00 | WinXP | 61.218.193.218 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 57ce4acac2 [Firefox:252 hits: 06-17 to 10-09] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:42:00 | WinXP | 72.178.220.188 (RR.COM): ROAD RUNNER HOLDCO LLC, LAREDO, TEXAS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 13:50:00 | WinXP | 99.144.249.217 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:96 hits: 01-14 to 10-08] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:13:57:00 | Win2K-f | 64.183.209.202 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] b7082104e4 [Firefox:188 hits: 06-18 to 10-09] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 14:05:00 | Win2K-f | 70.71.244.4 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:15:00 | WinXP | 194.9.8.159 (-): SC PROACTIV NETWORK SRL, BUCHAREST, BUCURESTI, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 89a4bbb636 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:28:00 | WinXP | 173.16.236.115 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:459 hits: 12-31 to 10-09] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:38:00 | Win2K-f | 4.235.84.163 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TALLAHASSEE, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:42:00 | WinXP | 41.214.180.76 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:53:00 | WinXP | 64.184.20.106 (SWAYZEE.COM): SWAYZEE TELEPHONE CO, DALLAS, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 [Firefox: 8 hits: 09-13 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:14:55:00 | WinXP | 96.15.120.44 (-): . |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org US:lia.zanet.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:14:58:00 | WinXP | 72.174.155.40 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a246707e86 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:24:00 | WinXP | 12.77.212.146 (ATT.NET): AT&T WORLDNET SERVICES, MORRISTOWN, NEW JERSEY, US. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:33:00 | WinXP | 118.218.21.111 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 0 of 33 |
533d15b5ce [Firefox:31 hits: 06-21 to 10-03] 58c343a8d8 [Firefox:35 hits: 06-21 to 10-08] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[4] 58c343a8d8[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 15:54:00 | WinXP | 66.209.137.16 (BRIGHTOHIO.NET): TSC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 0 of 33 |
039e3fa376 [Firefox: 8 hits: 07-24 to 09-30] 76f2c59ef8 [Firefox: 8 hits: 07-24 to 09-30] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 16:00:00 | Win2K-f | 98.141.162.197 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:11:00 | WinXP | 24.76.19.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WHITE ROCK SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 33 |
8da9ca8dd8 NEW 954b58386b NEW e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:16:11:00 | WinXP | 124.8.135.82 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox:10 hits: 08-15 to 10-07] |
none[none] | none:none |
none|none | none | none |
| T:16:12:00 | WinXP | 204.193.210.140 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f9e03b93bc [Firefox: 2 hits: 10-09 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 16:13:00 | Win2K-f | 4.170.45.173 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MIAMI, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:25:00 | WinXP | 186.12.98.84 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | b8477d9f14 [Firefox: 5 hits: 04-12 to 04-18] |
ddf419f9fb [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| 16:27:00 | Win2K-f | 122.146.82.202 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:28:00 | WinXP | 63.23.4.134 (UU.NET): UUNET TECHNOLOGIES INC, SAN FRANCISCO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
be4acd70a6 NEW dae5a2e726 NEW e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:16:30:00 | WinXP | 24.95.241.93 (RR.COM): ROAD RUNNER HOLDCO LLC, KISSIMMEE, FLORIDA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:50:00 | WinXP | 117.96.128.92 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:12 hits: 09-16 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:16:53:00 | WinXP | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:09:00 | WinXP | 85.85.95.196 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:17:00 | WinXP | 24.78.166.33 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:10 hits: 09-12 to 10-08] 321f4fc27d [Firefox:10 hits: 09-12 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:32:00 | WinXP | 210.212.253.103 (-): PERIAR MANIAMMAI COLLEGE OF TECH FOR WOMEN VALLAM, CHENNAI, TAMIL NADU, IN. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:39:00 | WinXP | 74.78.119.220 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:96 hits: 01-14 to 10-08] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:17:39:00 | WinXP | 74.78.119.220 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:96 hits: 01-14 to 10-08] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:17:41:00 | WinXP | 41.210.204.63 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:51:00 | Win2K-f | 125.4.10.12 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:20 hits: 06-19 to 10-04] 53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 17:58:00 | WinXP | 202.69.143.83 (TTTMAXNET.COM): MAXNET INTERNET SERVICE PROVIDER BANGKOK, TH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 256 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 3 hits: 09-12 to 10-08] d8cf9fc784 [Firefox: 3 hits: 09-12 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:18:00 | WinXP | 24.80.178.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:32:00 | WinXP | 119.94.63.242 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:36 hits: 04-05 to 10-09] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 18:36:00 | Win2K-f | 4.250.30.96 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SUMMIT, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:18:37:00 | WinXP | 4.131.126.4 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:21 hits: 01-20 to 10-05] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 18:44:00 | Win2K-f | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:18:45:00 | WinXP | 209.214.200.172 (BELLSOUTH.NET): BELLSOUTH.NET INC, GREENVILLE, SOUTH CAROLINA, US. |
n/a | :www.proxy-socks.net :wpad EU:siliconfireware.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:569 hits: 01-01 to 10-09] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:45:00 | WinXP | 88.31.97.120 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a2d4fbad48 [Firefox: 2 hits: 10-09 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 18:48:00 | WinXP | 206.82.88.182 (ALLTEL.NET): ALLTEL DIAL POOL LIVE OAK FL, LIVE OAK, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:154 hits: 01-03 to 10-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:18:50:00 | WinXP | 206.82.88.182 (ALLTEL.NET): ALLTEL DIAL POOL LIVE OAK FL, LIVE OAK, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:154 hits: 01-03 to 10-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:01:00 | WinXP | 190.136.162.19 (NET.AR): APOLO -GOLD-TELECOM-PER, ROSARIO, SANTA FE, AR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:03:00 | Win2K-f | 24.85.10.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:05:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 57ce4acac2 [Firefox:252 hits: 06-17 to 10-09] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:06:00 | Win2K-f | 64.130.176.155 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] b7082104e4 [Firefox:188 hits: 06-18 to 10-09] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 19:07:00 | WinXP | 204.210.154.195 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:07:00 | WinXP | 204.210.154.195 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:09:00 | Win2K-f | 216.208.194.156 (BELL.CA): BELL CANADA, TRENTON, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:19:00 | WinXP | 67.10.221.39 (RR.COM): ROAD RUNNER HOLDCO LLC, SUGAR LAND, TEXAS, US. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net :brussels.be.eu.undernet.org :caen.fr.eu.undernet.org :washington.dc.us.undernet.org SE:ozbytes.dal.net SE:coins.dal.net SE:qis.md.us.dal.net NL:diemen.nl.eu.undernet.org SE:ced.dal.net BE:london.uk.eu.undernet.org SE:broadway.ny.us.dal.net SE:vancouver.dal.net :lulea.se.eu.undernet.org SE:viking.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:718 hits: 12-31 to 10-09] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:32:00 | Win2K-f | 172.129.84.111 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 0 of 32 29 of 33 |
3373948767 [Firefox:31 hits: 07-03 to 10-08] b5919931fe [Firefox:808 hits: 06-20 to 10-09] c73f738c30 [Firefox:31 hits: 07-03 to 10-08] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 19:39:00 | WinXP | 219.162.195.155 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:597 hits: 01-01 to 10-09] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:12:00 | WinXP | 222.15.161.187 (DION.NE.JP): DION (KDDI CORPORATION), JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:456 hits: 01-05 to 10-09] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:19:00 | WinXP | 4.170.18.253 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MIAMI, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 20:28:00 | WinXP | 122.53.54.128 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 821f57b5c5 NEW |
none[none] | none:none |
none|none | none | none |
| 20:39:00 | WinXP | 24.86.243.14 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:53:00 | Win2K-f | 24.89.19.246 (MYACTV.NET): ANTIETAM CABLE TELEVISION INC, HAGERSTOWN, MARYLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:05:00 | WinXP | 207.144.100.244 (LEXINGTONCHAMBER.NET): LEXCOM TELEPHONE, LEXINGTON, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:12 hits: 09-16 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:21:15:00 | Win2K-f | 99.170.21.97 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] b5919931fe [Firefox:808 hits: 06-20 to 10-09] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:21:16:00 | WinXP | 4.159.20.5 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KENOSHA, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:21:18:00 | WinXP | 87.247.64.191 (INTURBO.LT): OPTICAL RESIDENT CLIENT POOL, LT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 571e381ed4 [Firefox:11 hits: 09-14 to 09-28] |
none[none] | none:none |
none|none | none | none |
| 21:29:00 | Win2K-f | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 57ce4acac2 [Firefox:252 hits: 06-17 to 10-09] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:32:00 | Win2K-f | 24.85.208.53 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:34:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 21:36:00 | WinXP | 122.53.4.80 (PLDT.NET): IPG, PH. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6672dcb81a [Firefox: 3 hits: 10-04 to 10-09] |
none[none] | none:none |
none|none | none | none |
| T:21:42:00 | WinXP | 218.238.56.151 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 33 |
776985f561 [Firefox:18 hits: 06-24 to 10-09] 8ec6129efe [Firefox:17 hits: 06-24 to 10-09] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
776985f561 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=82 none lines=92 |
trace trace trace |
| T:21:50:00 | Win2K-f | 209.226.100.107 (BELL.CA): BELL CANADA, TORONTO, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:55:00 | WinXP | 82.217.239.7 (QUICKNET.NL): CABLE CUSTOMERS - QUICKNET-CUSTOMERS, AMSTERDAM, NOORD-HOLLAND, NL. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d2548a0bf5 NEW |
none[none] | none:none |
none|none | none | none |
| 21:55:00 | WinXP | 70.60.205.20 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:22:19:00 | WinXP | 78.52.75.64 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 28c2fc086f NEW |
none[none] | none:none |
none|none | none | none |
| 22:22:00 | WinXP | 65.173.136.42 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1293 hits: 12-31 to 10-09] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:25:00 | WinXP | 70.67.186.117 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e31e5c8933 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:32:00 | WinXP | 88.31.96.220 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a2d4fbad48 [Firefox: 2 hits: 10-09 to 10-09] |
none[none] | none:none |
none|none | none | none |
| T:22:42:00 | WinXP | 41.210.195.228 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 87bf2f533f [Firefox: 2 hits: 10-02 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:22:50:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 57ce4acac2 [Firefox:252 hits: 06-17 to 10-09] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:53:00 | WinXP | 117.99.2.99 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:36 hits: 04-05 to 10-09] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 22:56:00 | WinXP | 4.168.78.157 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BREA, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] 73f1082158 [Firefox:1486 hits: 06-18 to 10-09] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:01:00 | WinXP | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:252 hits: 06-17 to 10-09] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 23:28:00 | WinXP | 67.77.52.4 (EMBARQHSD.NET): EMBARQ CORPORATION, HOLLY SPRINGS, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.124:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:42:00 | WinXP | 24.85.77.179 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3025 hits: 06-17 to 10-09] a08f3b74a4 [Firefox:1076 hits: 06-18 to 10-09] e07c29c4ae [Firefox:597 hits: 06-19 to 10-09] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:23:49:00 | WinXP | 213.55.82.153 (TELECOM.NET.ET): ETHIOPIAN TELECOMMUNICATION CORPORATION, ET. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb NEW |
none[none] | none:none |
none|none | none | none |