|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:05:00 | Win2K-f | 4.225.203.40 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DENVER, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:07:00 | Win2K-f | 76.213.145.216 (SBCGLOBAL.NET): PPPOX POOL - BRAS2.OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:34:00 | WinXP | 70.60.205.20 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.124:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:51:00 | Win2K-f | 118.220.93.102 (-): . |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
6ec2a8994b [Firefox:26 hits: 06-18 to 10-08] 857b781ca9 [Firefox:12 hits: 06-18 to 08-21] |
none[4] 857b781ca9[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 01:12:00 | WinXP | 92.84.182.58 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c3bc53e727 [Firefox: 6 hits: 09-14 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 01:25:00 | WinXP | 78.34.26.223 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 2 hits: 10-06 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 01:37:00 | Win2K-f | 208.126.145.194 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:40:00 | WinXP | 87.203.72.211 (OTENET.GR): MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS, GR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:598 hits: 01-01 to 10-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:01:41:00 | WinXP | 70.166.118.73 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 28 of 33 |
da00a8e7a1 [Firefox:26 hits: 08-05 to 10-08] f685f8e027 [Firefox:30 hits: 06-18 to 10-08] |
none[none] f685f8e027[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 01:52:00 | WinXP | 118.219.236.46 (-): . |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 33 0 of 36 |
0f7b6b4c31 [Firefox: 7 hits: 08-09 to 10-02] 168aab35a3 [Firefox:160 hits: 06-17 to 10-09] af0ab107a9 NEW |
none[none] none [4] none [none] |
none:none none:none none:none |
none|none tElock| none|none |
none none none |
none trace none |
| T:01:52:00 | WinXP | 92.114.242.171 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6007d28092 [Firefox: 2 hits: 10-05 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 02:08:00 | WinXP | 62.11.252.130 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | EU:ebookfinaltrash.ru US:searchportal.information.com US:spi.domainsponsor.com EU:siliconfireware.ru :wpad GB:welcome3.smile.co.uk |
445 | pcap | raw alerts ruleset |
http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:270 hits: 01-01 to 10-08] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 02:19:00 | WinXP | 82.236.201.170 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d2548a0bf5 [Firefox: 2 hits: 10-03 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 02:27:00 | WinXP | 122.54.33.25 (PLDT.NET): IPG, PH. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 3 hits: 10-03 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 02:32:00 | WinXP | 76.213.145.216 (SBCGLOBAL.NET): PPPOX POOL - BRAS2.OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 02:34:00 | WinXP | 41.202.75.100 (-): . |
n/a | :proxim.ircgalaxy.pl DE:siliconfireware.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 308fe7e750 NEW |
none[none] | none:none |
none|none | none | none |
| 02:35:00 | WinXP | 77.198.63.121 (GAOLAND.NET): DYNAMIC POOLS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e NEW |
none[none] | none:none |
none|none | none | none |
| T:02:46:00 | Win2K-f | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.104.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 57ce4acac2 [Firefox:257 hits: 06-17 to 10-10] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:42:00 | WinXP | 173.16.103.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:46:00 | WinXP | 71.121.119.250 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ERIE, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:51:00 | WinXP | 119.228.8.75 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:598 hits: 01-01 to 10-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:03:55:00 | WinXP | 24.195.234.117 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:26:00 | Win2K-f | 123.215.132.238 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 0 of 32 |
168aab35a3 [Firefox:160 hits: 06-17 to 10-09] 61426996c3 [Firefox:12 hits: 06-20 to 09-26] b5919931fe [Firefox:819 hits: 06-20 to 10-10] |
none[4] 61426996c3[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| T:04:41:00 | WinXP | 65.25.89.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CUYAHOGA FALLS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:58:00 | WinXP | 89.152.209.8 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 5a6eafb317 NEW |
none[none] | none:none |
none|none | none | none |
| 05:09:00 | Win2K-f | 144.134.27.122 (TMNS.NET.AU): TELSTRAINTERNET27, GOLD COAST, QUEENSLAND, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:15:00 | WinXP | 203.235.106.2 (-): ENTERPRISE-CATV-KUMGANG, KR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d8a437c6bc NEW |
none[none] | none:none |
none|none | none | none |
| 05:35:00 | Win2K-f | 75.16.225.99 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:36:00 | WinXP | 79.130.236.132 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:598 hits: 01-01 to 10-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:55:00 | Win2K-f | 98.141.162.197 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:26:00 | WinXP | 79.121.52.22 (-): PORION-DIGITAL KFT, HU. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:06:35:00 | WinXP | 123.224.235.245 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:598 hits: 01-01 to 10-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:55:00 | WinXP | 87.110.174.128 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ed3b7c84c6 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:15:00 | WinXP | 41.214.183.171 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7dc7a28625 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:30:00 | WinXP | 93.84.77.29 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad RU:www.bbin.ru US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 35 29 of 29 |
3908fc49e2 NEW df17a625ee [Firefox:270 hits: 01-01 to 10-08] |
none[none] 9bbdd086c5[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=186 embedded dns |
none trace |
| T:07:33:00 | Win2K-f | 4.224.45.176 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DELAWARE, OHIO, US. (DIAL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 0 of 32 32 of 36 |
70ec75ed62 NEW b5919931fe [Firefox:819 hits: 06-20 to 10-10] fa32be2706 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 07:36:00 | Win2K-f | 4.224.45.176 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DELAWARE, OHIO, US. (DIAL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 138 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
70ec75ed62 NEW fa32be2706 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:43:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 164 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 119cdb01eb NEW |
none[none] | none:none |
none|none | none | none | |
| 07:48:00 | WinXP | 88.204.193.153 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, QARAGHANDY, KZ. |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net SE:viking.dal.net US:lia.zanet.net :lulea.se.eu.undernet.org SE:qis.md.us.dal.net NL:london.uk.eu.undernet.org SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 2 hits: 10-08 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 07:59:00 | WinXP | 116.127.207.77 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:13:00 | WinXP | 75.137.191.97 (CHARTER.COM): CHARTER COMMUNICATIONS, ATHENS, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 NEW |
none[none] | none:none |
none|none | none | none |
| 08:17:00 | WinXP | 222.239.195.208 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 33 |
023977790d NEW 53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| 08:23:00 | Win2K-f | 60.249.198.98 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 57ce4acac2 [Firefox:257 hits: 06-17 to 10-10] b5919931fe [Firefox:819 hits: 06-20 to 10-10] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:08:31:00 | Win2K-f | 203.91.179.103 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] b5919931fe [Firefox:819 hits: 06-20 to 10-10] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:31:00 | Win2K-f | 172.163.196.110 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:32:00 | WinXP | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.104.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:42:00 | WinXP | 85.84.251.132 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BILBAO, PAIS VASCO, ES. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 2dab138760 NEW |
none[none] | none:none |
none|none | none | none |
| 08:47:00 | Win2K-f | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:00:00 | WinXP | 41.214.187.142 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:157 hits: 01-03 to 10-10] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:09:00 | WinXP | 122.18.25.51 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:457 hits: 01-05 to 10-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:09:13:00 | WinXP | 61.228.183.140 (PRESTONAUTO.COM): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:21 hits: 09-14 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:09:23:00 | WinXP | 87.59.118.46 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e4baeefcc1 NEW |
none[none] | none:none |
none|none | none | none |
| 09:27:00 | Win2K-f | 70.247.103.175 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.104.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:34:00 | Win2K-f | 24.76.172.201 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:11 hits: 09-12 to 10-10] 321f4fc27d [Firefox:11 hits: 09-12 to 10-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:42:00 | WinXP | 70.60.10.186 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 09:46:00 | WinXP | 65.65.56.183 (SWBELL.NET): PPPOX POOL - RBACK2 WACOTX 081004-1919, NEWARK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:192.221.99.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:46:00 | WinXP | 70.253.224.199 (SWBELL.NET): PPPOX POOL - RBACK3 WACOTX, WACO, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 36 | 3cab74a67c NEW |
none[none] | none:none |
none|none | none | none | |
| 09:56:00 | WinXP | 192.160.7.142 (ALCATEL.COM): ALCATEL NETWORK SERVICES, PLANO, TEXAS, US. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none 0 of 33 |
168aab35a3 [Firefox:160 hits: 06-17 to 10-09] bba5ec5f4d [Firefox: 5 hits: 09-22 to 10-07] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| T:10:00:00 | WinXP | 87.110.162.1 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 75347e3aaf NEW |
none[none] | none:none |
none|none | none | none |
| T:10:01:00 | WinXP | 70.44.32.196 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:20 hits: 09-17 to 10-09] |
none[none] | none:none |
none|none | none | none |
| T:10:04:00 | WinXP | 70.117.158.227 (RR.COM): ROAD RUNNER HOLDCO LLC, BEAUMONT, TEXAS, US. |
n/a | :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:571 hits: 01-01 to 10-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 10:10:00 | WinXP | 78.34.26.223 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 2 hits: 10-06 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:10:16:00 | WinXP | 217.201.205.212 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 97afa4f2dc NEW |
none[none] | none:none |
none|none | none | none |
| 10:42:00 | WinXP | 59.120.114.50 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 901f291f72 NEW |
none[none] | none:none |
none|none | none | none |
| 10:59:00 | WinXP | 88.172.38.87 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | f9d832dfd2 [Firefox: 4 hits: 09-22 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 11:04:00 | WinXP | 119.154.19.150 (-): . |
194.54.90.246:80 | :proxima.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | ebacac9b67 NEW |
none[none] | none:none |
none|none | none | none |
| 11:06:00 | WinXP | 119.77.231.29 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 6f191934bb NEW |
none[none] | none:none |
none|none | none | none |
| T:11:12:00 | WinXP | 200.108.255.28 (DEDICADO.COM.UY): TECNOWIND S.A, MONTEVIDEO, MONTEVIDEO, UY. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:11:19:00 | Win2K-f | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 29ae13a587 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:22:00 | WinXP | 204.186.218.207 (PTD.NET): PENTELEDATA INC, MONTICELLO, NEW YORK, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:157 hits: 01-03 to 10-10] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:35:00 | WinXP | 64.61.202.58 (CPTELECOM.NET): CP INTERNET, BIRD ISLAND, MINNESOTA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1306 hits: 12-31 to 10-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:11:37:00 | WinXP | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:43:00 | WinXP | 216.77.192.139 (BELLSOUTH.NET): BELLSOUTH.NET INC, PICAYUNE, MISSISSIPPI, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:46:00 | WinXP | 70.117.158.227 (RR.COM): ROAD RUNNER HOLDCO LLC, BEAUMONT, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 37 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 0 of 36 |
6c8c9e1079 NEW a12cab51ef [Firefox:571 hits: 01-01 to 10-10] af3c70331c NEW |
none[none] 40f7f463c4[0] none [none] |
none:none ASM:Graph none:none |
none|none ASPack| none|none |
none lines=281 embedded dns none |
none trace none |
| T:11:49:00 | Win2K-f | 4.252.158.249 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KENOSHA, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:52:00 | WinXP | 65.23.189.208 (DRTEL.NET): DICKEY RURAL NETWORKS, ELLENDALE, NORTH DAKOTA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] b7082104e4 [Firefox:190 hits: 06-18 to 10-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 12:03:00 | Win2K-f | 70.71.7.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.46.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
684ce96814 NEW d8fa4e1826 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:12:14:00 | WinXP | 82.227.238.73 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b2ecec60ba NEW |
none[none] | none:none |
none|none | none | none |
| T:12:15:00 | WinXP | 71.72.163.74 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENVILLE, OHIO, US. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net SE:ozbytes.dal.net SE:coins.dal.net SE:vancouver.dal.net SE:viking.dal.net NO:london.uk.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:17 hits: 02-16 to 10-10] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:12:15:00 | WinXP | 71.68.86.183 (RR.COM): ROAD RUNNER HOLDCO LLC, MONROE, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru :www.proxy-socks.net :wpad RU:www.bbin.ru |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:571 hits: 01-01 to 10-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:12:16:00 | Win2K-f | 71.121.119.250 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ERIE, PENNSYLVANIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] b5919931fe [Firefox:819 hits: 06-20 to 10-10] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 12:43:00 | WinXP | 172.129.25.79 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 180 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 12:47:00 | WinXP | 41.233.85.203 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 73d46aecd2 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:58:00 | WinXP | 70.250.175.2 (SWBELL.NET): PPPOX POOL - RBACK24.HSTNTX 062705 1909, HOUSTON, TEXAS, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:571 hits: 01-01 to 10-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:04:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.124:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:04:00 | WinXP | 72.187.130.71 (RR.COM): ROAD RUNNER HOLDCO LLC, LAND O LAKES, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:10:00 | WinXP | 78.139.185.106 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 6 hits: 09-15 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:13:10:00 | WinXP | 78.139.185.106 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 6 hits: 09-15 to 09-20] |
none[none] | none:none |
none|none | none | none |
| 13:19:00 | WinXP | 70.251.210.50 (SWBELL.NET): PPPOX POOL - RBACK24.HSTNTX 062705 1909, HOUSTON, TEXAS, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 39 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
0008f45bb2 NEW a12cab51ef [Firefox:571 hits: 01-01 to 10-10] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:13:20:00 | Win2K-f | 207.5.231.101 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:21:00 | Win2K-f | 65.27.194.90 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] b5919931fe [Firefox:819 hits: 06-20 to 10-10] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 13:22:00 | WinXP | 68.178.18.115 (INTEGRAONLINE.COM): INTEGRA TELECOM INC, PORTLAND, OREGON, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 55f1288a7a [Firefox: 3 hits: 07-25 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 13:39:00 | WinXP | 213.0.109.191 (RIMA-TDE.NET): TELEFONICA DE ESPANA, VIGO, GALICIA, ES. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | cef69319c0 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:58:00 | WinXP | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 57ce4acac2 [Firefox:257 hits: 06-17 to 10-10] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 14:07:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:20:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 57ce4acac2 [Firefox:257 hits: 06-17 to 10-10] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:24:00 | WinXP | 79.132.196.201 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl DE:siliconfireware.ru US:searchportal.information.com UA:vit.ln.ua :baner.vit DE:ebookfinaltrash.ru :wpad UA:195.189.16.10:80 |
445 | pcap | raw alerts ruleset |
http http 187 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 7dc092bcbd NEW |
none[none] | none:none |
none|none | none | none |
| T:14:35:00 | WinXP | 190.208.122.6 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2d815d2be3 [Firefox: 2 hits: 09-25 to 10-07] |
none[none] | none:none |
none|none | none | none |
| 14:44:00 | WinXP | 98.141.161.136 (-): . |
n/a | :proxim.ircgalaxy.pl US:atmacasoft.com :js.kolmic.com :images.kolmic.com :pics.kolmic.com :www.google-analytics.com :baner.vit UA:195.189.16.10:80 |
135 | pcap | raw alerts ruleset |
http 141 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:51:00 | WinXP | 186.9.26.204 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2da45485fe NEW |
none[none] | none:none |
none|none | none | none |
| T:14:52:00 | Win2K-f | 222.233.182.167 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:37 hits: 06-17 to 10-07] b5919931fe [Firefox:819 hits: 06-20 to 10-10] f23b040440 [Firefox:25 hits: 06-22 to 10-07] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| 15:02:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:461 hits: 12-31 to 10-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:04:00 | Win2K-f | 70.65.153.242 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 32 of 36 |
5cde984178 NEW bdfb6cedff NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:15:12:00 | WinXP | 151.67.19.115 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1306 hits: 12-31 to 10-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:17:00 | WinXP | 208.189.118.93 (SWBELL.NET): WACOTX RBACK1 PPPOX, TEMPLE, TEXAS, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | 064eab6049 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:25:00 | WinXP | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:51:00 | WinXP | 75.177.169.33 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:461 hits: 12-31 to 10-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:56:00 | WinXP | 67.11.53.51 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:05:00 | WinXP | 217.151.135.212 (GAZSVYAZ.RU): GAZSVYAZ-MSK, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:571 hits: 01-01 to 10-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:13:00 | WinXP | 189.97.193.222 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox:11 hits: 08-15 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 16:19:00 | WinXP | 148.221.103.127 (PRODIGY.NET.MX): UNINET S.A. DE C.V, CANANEA, SONORA, MX. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:16:19:00 | WinXP | 69.216.141.176 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 042774a2b7 [Firefox:35 hits: 01-14 to 08-19] |
1c9a472cd7 [0] | ASM:Graph |
PolyEnE| | lines=71 embedded dns |
trace |
| 16:23:00 | WinXP | 68.200.27.126 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1306 hits: 12-31 to 10-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:28:00 | WinXP | 74.62.168.160 (RR.COM): ROAD RUNNER HOLDCO LLC, BAKERSFIELD, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:35:00 | WinXP | 165.29.122.238 (AR.US): ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK, MONTICELLO, ARKANSAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 3 hits: 10-03 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 16:48:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.46:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:58:00 | WinXP | 24.79.128.112 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 33 |
0115338c8b [Firefox:11 hits: 09-12 to 10-10] 321f4fc27d [Firefox:11 hits: 09-12 to 10-10] e07c29c4ae [Firefox:608 hits: 06-19 to 10-10] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:17:12:00 | WinXP | 186.9.55.96 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 36 | 4e9b8386a8 NEW |
none[none] | none:none |
none|none | none | none |
| 17:16:00 | WinXP | 24.67.176.91 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3a0b35b15c NEW |
none[none] | none:none |
none|none | none | none |
| 17:20:00 | WinXP | 65.190.167.117 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:100 hits: 01-14 to 10-10] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 17:30:00 | Win2K-f | 24.76.172.201 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:206.33.45.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:11 hits: 09-12 to 10-10] 321f4fc27d [Firefox:11 hits: 09-12 to 10-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:34:00 | WinXP | 186.9.56.233 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:40:00 | WinXP | 216.198.169.85 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:31 hits: 06-17 to 10-08] 41efedf70f [Firefox:30 hits: 06-19 to 10-08] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 17:59:00 | WinXP | 172.162.100.40 (AOL.COM): AMERICA ONLINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:59:00 | Win2K-f | 173.88.155.253 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:35:00 | WinXP | 200.108.255.72 (DEDICADO.COM.UY): TECNOWIND S.A, MONTEVIDEO, MONTEVIDEO, UY. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 NEW |
none[none] | none:none |
none|none | none | none |
| 19:09:00 | Win2K-f | 70.62.226.28 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 636 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 36 | c5dee159d0 NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:09:00 | WinXP | 98.133.33.124 (-): ALLTEL MIP CUSTOMERS - LITTLE ROCK, LITTLE ROCK, ARKANSAS, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | 36a87a6379 NEW |
none[none] | none:none |
none|none | none | none |
| 19:14:00 | WinXP | 58.51.29.216 (163DATA.COM.CN): CHINANET HUBEI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ae18a31dca NEW |
none[none] | none:none |
none|none | none | none |
| T:19:15:00 | WinXP | 120.28.146.27 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:157 hits: 01-03 to 10-10] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:44:00 | Win2K-f | 69.59.105.183 (NCTV.COM): NORTHLAND CABLE TELEVISION, GREENWOOD, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
a69c44e9c1 NEW ed8c5b58eb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:45:00 | Win2K-f | 24.78.173.52 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:11 hits: 09-12 to 10-10] 321f4fc27d [Firefox:11 hits: 09-12 to 10-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:54:00 | WinXP | 208.84.205.144 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 64 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] b7082104e4 [Firefox:190 hits: 06-18 to 10-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:19:54:00 | WinXP | 69.227.188.11 (PACBELL.NET): PPPOX POOL - RBACK8.IRVNCA 092004-0956, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:184 hits: 01-01 to 10-09] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace | |
| T:20:11:00 | WinXP | 88.170.176.41 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c NEW |
none[none] | none:none |
none|none | none | none |
| 20:16:00 | WinXP | 208.77.182.79 (MYCOMSPAN.COM): COMSPAN BANDON NETWORK LLC, BANDON, OREGON, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.96.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 32 of 35 |
2d76ff4e53 [Firefox: 9 hits: 07-23 to 09-15] 7df1377ee3 [Firefox: 9 hits: 07-23 to 09-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:21:00 | WinXP | 96.15.227.190 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:20:23:00 | WinXP | 64.32.122.149 (CODETEL.NET.DO): VERIZON DOMINICANA, SANTIAGO, SANTIAGO, DO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:157 hits: 01-03 to 10-10] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:00:00 | WinXP | 72.130.237.215 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:53 hits: 01-02 to 10-06] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:06:00 | WinXP | 202.39.210.91 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:25:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] 73f1082158 [Firefox:1507 hits: 06-18 to 10-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:32:00 | WinXP | 70.67.69.199 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | d8504764fb NEW |
none[none] | none:none |
none|none | none | none |
| 21:35:00 | WinXP | 204.193.217.96 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cce8ebff69 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:51:00 | WinXP | 123.204.117.71 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4d4dfbf5fe NEW |
none[none] | none:none |
none|none | none | none |
| T:22:06:00 | WinXP | 85.86.49.9 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, PAMPLONA, NAVARRA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 3 hits: 10-03 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 22:09:00 | Win2K-f | 4.130.192.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CORPUS CHRISTI, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] b5919931fe [Firefox:819 hits: 06-20 to 10-10] b7082104e4 [Firefox:190 hits: 06-18 to 10-10] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| T:22:22:00 | WinXP | 68.178.18.115 (INTEGRAONLINE.COM): INTEGRA TELECOM INC, PORTLAND, OREGON, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 55f1288a7a [Firefox: 3 hits: 07-25 to 07-30] |
none[none] | none:none |
none|none | none | none |
| 22:23:00 | WinXP | 216.51.225.84 (NETINS.NET): WIRELESS TESTING, FAIRFIELD, IOWA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:22:36:00 | Win2K-f | 75.60.243.40 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:37:00 | WinXP | 96.15.206.235 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d48af65152 NEW |
none[none] | none:none |
none|none | none | none |
| 22:42:00 | Win2K-f | 71.112.104.133 (VERIZON.NET): VERIZON INTERNET SERVICES INC, REDMOND, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] a08f3b74a4 [Firefox:1084 hits: 06-18 to 10-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:46:00 | Win2K-f | 60.249.205.93 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
7ca2287333 NEW 95ccd6eb89 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:48:00 | WinXP | 62.202.188.163 (BLUEWIN.CH): BLUEWINDOW, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 459aaba321 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:58:00 | WinXP | 121.228.179.243 (163DATA.COM.CN): CHINANET JIANGSU PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | RU:moscow-advokat.ru SE:viking.dal.net SE:broadway.ny.us.dal.net SE:qis.md.us.dal.net :brussels.be.eu.undernet.org SE:ozbytes.dal.net SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | c2a03dfdd5 [Firefox: 2 hits: 10-08 to 10-08] |
none[none] | none:none |
none|none | none | none |
| T:23:11:00 | WinXP | 117.99.14.248 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:725 hits: 12-31 to 10-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:15:00 | WinXP | 118.87.1.222 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:204.160.104.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 [Firefox: 4 hits: 08-19 to 10-09] e4ed4df0f0 [Firefox: 4 hits: 08-19 to 10-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:22:00 | Win2K-f | 208.84.205.144 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3061 hits: 06-17 to 10-10] b7082104e4 [Firefox:190 hits: 06-18 to 10-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 23:25:00 | WinXP | 78.139.185.106 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 6 hits: 09-15 to 09-20] |
none[none] | none:none |
none|none | none | none |
| T:23:41:00 | WinXP | 122.53.11.80 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6672dcb81a [Firefox: 4 hits: 10-04 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 23:46:00 | WinXP | 124.87.60.13 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:457 hits: 01-05 to 10-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:48:00 | WinXP | 218.175.193.186 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 3 hits: 10-03 to 10-05] |
none[none] | none:none |
none|none | none | none |
| 23:53:00 | WinXP | 70.44.147.12 (PTD.NET): PENTELEDATA INC. - CABLE, PALMERTON, PENNSYLVANIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:53 hits: 01-02 to 10-06] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |