|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:15:00 | Win2K-f | 24.84.212.231 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
28ce5fc467 [Firefox: 5 hits: 09-12 to 09-28] e7335cb667 [Firefox: 5 hits: 09-12 to 09-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:24:00 | WinXP | 67.10.221.39 (RR.COM): ROAD RUNNER HOLDCO LLC, SUGAR LAND, TEXAS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:731 hits: 12-31 to 10-11] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:00:47:00 | Win2K-f | 70.66.231.182 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
6ea2758c07 NEW d4406c307b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:49:00 | WinXP | 114.138.246.183 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:731 hits: 12-31 to 10-11] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 00:56:00 | Win2K-f | 24.234.84.231 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.124:80 US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:06:00 | Win2K-f | 24.195.234.117 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:08:00 | Win2K-f | 71.102.180.113 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CAMARILLO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:16:00 | Win2K-f | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:33:00 | Win2K-f | 116.127.167.226 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.123:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:163 hits: 06-17 to 10-11] 4c3df24b32 [Firefox:218 hits: 06-17 to 10-10] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:43:00 | WinXP | 64.38.64.149 (SPEAKEASY.NET): US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f88ae7c70a NEW |
none[none] | none:none |
none|none | none | none |
| 01:46:00 | Win2K-f | 66.207.71.116 (NTELOS.NET): NTELOS - TRINITY REMOTE ADSL DHCP RANGE, WAYNESBORO, VIRGINIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 [Firefox: 9 hits: 07-24 to 10-10] 76f2c59ef8 [Firefox: 9 hits: 07-24 to 10-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:57:00 | Win2K-f | 74.67.48.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:18:00 | Win2K-f | 196.208.89.192 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:42:00 | WinXP | 61.6.167.252 (BTP50.JARING.MY): MIMOS BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:46:00 | Win2K-f | 221.139.18.215 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.37.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
2e04b06527 [Firefox:12 hits: 06-18 to 10-04] 5c054291de [Firefox: 9 hits: 06-18 to 09-29] |
none[4] 5c054291de[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:02:47:00 | Win2K-f | 203.91.163.35 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.37.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 57ce4acac2 [Firefox:261 hits: 06-17 to 10-11] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:57:00 | WinXP | 207.5.188.162 (GWI.NET): GREAT WORKS INTERNET, SHAPLEIGH, MAINE, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] e07c29c4ae [Firefox:614 hits: 06-19 to 10-11] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:02:00 | Win2K-f | 207.5.188.162 (GWI.NET): GREAT WORKS INTERNET, SHAPLEIGH, MAINE, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:05:00 | WinXP | 81.9.145.78 (CM-81-9-145-10.TELECABLE.ES): TELECABLE, OVIEDO, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c [Firefox: 5 hits: 10-04 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 03:07:00 | Win2K-f | 122.147.96.116 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] b5919931fe [Firefox:827 hits: 06-20 to 10-11] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 03:30:00 | WinXP | 85.85.126.250 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 745a3728fa NEW |
none[none] | none:none |
none|none | none | none |
| 03:56:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:18:00 | WinXP | 220.140.196.55 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:731 hits: 12-31 to 10-11] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:19:00 | WinXP | 220.140.196.55 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:731 hits: 12-31 to 10-11] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:23:00 | WinXP | 118.86.72.36 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 [Firefox: 5 hits: 08-19 to 10-11] e4ed4df0f0 [Firefox: 5 hits: 08-19 to 10-11] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:27:00 | WinXP | 83.132.18.113 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | fd8676780d NEW |
none[none] | none:none |
none|none | none | none |
| T:04:36:00 | WinXP | 87.110.6.114 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:23 hits: 01-20 to 10-10] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:04:44:00 | Win2K-f | 211.74.112.179 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
214bc429e1 [Firefox: 4 hits: 09-25 to 10-04] 9ad48d782a [Firefox: 4 hits: 09-25 to 10-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:46:00 | Win2K-f | 219.174.36.53 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:11:00 | WinXP | 117.65.47.101 (AH163.NET): CHINANET ANHUI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a43ad8c21e [Firefox: 2 hits: 10-06 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 05:11:00 | WinXP | 117.65.47.101 (AH163.NET): CHINANET ANHUI PROVINCE NETWORK, BEIJING, BEIJING, CN. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | a43ad8c21e [Firefox: 2 hits: 10-06 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 05:26:00 | Win2K-f | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:198.78.201.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:27:00 | WinXP | 41.214.185.233 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 8fa4d465cc NEW |
none[none] | none:none |
none|none | none | none |
| T:05:42:00 | WinXP | 117.97.80.3 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:vancouver.dal.net :lulea.se.eu.undernet.org SE:ced.dal.net :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net US:lia.zanet.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4515dee6bc NEW |
none[none] | none:none |
none|none | none | none |
| T:05:42:00 | WinXP | 41.214.191.118 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7dc7a28625 [Firefox: 2 hits: 10-05 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 05:45:00 | Win2K-f | 65.25.89.111 (RR.COM): ROAD RUNNER HOLDCO LLC, CUYAHOGA FALLS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.110.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:12:00 | WinXP | 208.105.186.90 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:24:00 | WinXP | 220.140.196.55 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:731 hits: 12-31 to 10-11] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:06:25:00 | WinXP | 68.149.145.68 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 3 hits: 09-21 to 09-23] |
none[none] | none:none |
none|none | none | none |
| T:06:33:00 | WinXP | 98.134.46.157 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 75ee1e48c8 NEW |
none[none] | none:none |
none|none | none | none |
| 06:34:00 | WinXP | 98.134.46.157 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 75ee1e48c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:01:00 | Win2K-f | 203.73.84.69 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 57ce4acac2 [Firefox:261 hits: 06-17 to 10-11] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:02:00 | WinXP | 151.54.127.62 (38-151.NET24.IT): IUNET-BNET, PERUGIA, UMBRIA, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 18c7040ea0 [Firefox: 3 hits: 09-15 to 10-09] |
none[none] | none:none |
none|none | none | none |
| T:07:02:00 | WinXP | 84.73.210.60 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 152f4c79b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:11:00 | WinXP | 41.214.160.248 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:161 hits: 01-03 to 10-11] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:15:00 | Win2K-f | 61.105.251.114 (KRLINE.NET): KRNIC, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 144 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:16 hits: 07-10 to 10-07] 740e3bffe0 [Firefox:17 hits: 06-25 to 10-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:26:00 | WinXP | 122.53.61.215 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 821f57b5c5 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:31:00 | WinXP | 83.125.96.249 (SIGN2.DE): LAMBDANET COMMUNICATIONS, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 95cb430c7f NEW |
none[none] | none:none |
none|none | none | none |
| 07:32:00 | WinXP | 68.151.161.222 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 |
e8243a9ee6 NEW f057d47965 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:37:00 | WinXP | 123.218.231.54 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:37:00 | WinXP | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:39:00 | WinXP | 123.225.91.230 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:41:00 | Win2K-f | 76.161.74.152 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:47:00 | WinXP | 79.46.21.87 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b [Firefox: 4 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 08:40:00 | Win2K-f | 172.164.1.39 (AOL.COM): AMERICA ONLINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:45:00 | WinXP | 116.59.189.75 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 [Firefox: 9 hits: 09-13 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 08:56:00 | WinXP | 82.207.57.41 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN KHARKIV, UA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b [Firefox: 4 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 09:03:00 | WinXP | 89.46.114.19 (JUMP.RO): SC AZURE SOFTWARE SRL, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c794fb9f91 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:04:00 | WinXP | 89.46.114.19 (JUMP.RO): SC AZURE SOFTWARE SRL, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c794fb9f91 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:08:00 | WinXP | 87.252.154.199 (-): T-MOBILE HRVATSKA D.O.O, HR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eda98e1cd6 [Firefox: 2 hits: 10-03 to 10-03] |
none[none] | none:none |
none|none | none | none |
| 09:19:00 | WinXP | 189.48.59.233 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 55da8b037d NEW |
none[none] | none:none |
none|none | none | none |
| 09:19:00 | WinXP | 98.141.161.158 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:24:00 | WinXP | 4.136.204.137 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GREENVILLE, SOUTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 63fac3c3d2 NEW |
none[none] | none:none |
none|none | none | none | |
| 09:37:00 | WinXP | 91.139.196.197 (-): CABLETEL_CMTS, BG. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 5ee0ac41ba NEW |
none[none] | none:none |
none|none | none | none |
| T:09:43:00 | WinXP | 65.26.200.252 (RR.COM): ROAD RUNNER HOLDCO LLC, OAK CREEK, WISCONSIN, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1309 hits: 12-31 to 10-11] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:47:00 | WinXP | 88.239.0.168 (-): TT ADSL-METEKSAN_GAY, ISTANBUL, ISTANBUL, TR. |
n/a | UA:citi-bank.ru :adult-empire.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 76fd267924 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:55:00 | Win2K-f | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 57ce4acac2 [Firefox:261 hits: 06-17 to 10-11] b5919931fe [Firefox:827 hits: 06-20 to 10-11] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:00:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] e07c29c4ae [Firefox:614 hits: 06-19 to 10-11] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:00:00 | Win2K-f | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 57ce4acac2 [Firefox:261 hits: 06-17 to 10-11] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:03:00 | WinXP | 68.204.136.245 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW SMYRNA BEACH, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:463 hits: 12-31 to 10-11] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:20:00 | WinXP | 87.110.148.202 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d526bf5a3f NEW |
none[none] | none:none |
none|none | none | none |
| 10:20:00 | WinXP | 87.110.148.202 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d526bf5a3f NEW |
none[none] | none:none |
none|none | none | none |
| 10:24:00 | WinXP | 88.204.195.4 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, QARAGHANDY, KZ. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 3 hits: 10-08 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 10:25:00 | WinXP | 72.67.79.60 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
irc http 134 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 35 of 36 8 of 35 |
1fdecc3416 NEW 68c7a1f625 [Firefox: 4 hits: 09-14 to 10-04] 8db2b2d9ab NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 10:35:00 | Win2K-f | 4.247.140.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. PETERSBURG, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:37:00 | WinXP | 213.22.73.55 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6c8056d10c NEW |
none[none] | none:none |
none|none | none | none |
| 10:40:00 | WinXP | 89.194.195.229 (-): ORANGE, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f737d0aa63 NEW |
none[none] | none:none |
none|none | none | none |
| 10:47:00 | WinXP | 87.59.118.115 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru :ntkrnlpa.cn |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | e4baeefcc1 [Firefox: 2 hits: 10-09 to 10-11] |
none[none] | none:none |
none|none | none | none |
| T:10:47:00 | WinXP | 87.59.118.115 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru :ntkrnlpa.cn UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e4baeefcc1 [Firefox: 2 hits: 10-09 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 10:56:00 | WinXP | 212.27.3.75 (-): MLIFENET, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee NEW |
none[none] | none:none |
none|none | none | none |
| T:11:18:00 | WinXP | 92.114.216.226 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 3 hits: 09-21 to 09-23] |
none[none] | none:none |
none|none | none | none |
| 11:23:00 | Win2K-f | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:01:00 | WinXP | 125.175.141.139 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:602 hits: 01-01 to 10-11] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:13:00 | WinXP | 77.56.68.46 (HISPEED.CH): CABLECOM, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:56 hits: 09-13 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | WinXP | 79.138.181.191 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ba6f48b79a [Firefox: 9 hits: 09-15 to 10-11] |
none[none] | none:none |
none|none | none | none |
| T:12:47:00 | WinXP | 4.89.250.133 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 151 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] e07c29c4ae [Firefox:614 hits: 06-19 to 10-11] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 12:47:00 | WinXP | 216.79.244.74 (BELLSOUTH.NET): BELLSOUTH.NET INC, NEW ORLEANS, LOUISIANA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 12:58:00 | WinXP | 121.84.236.11 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:162 hits: 01-08 to 10-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:13:00:00 | Win2K-f | 70.72.145.240 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
12e484a198 [Firefox: 5 hits: 10-01 to 10-05] 2e43dc0077 [Firefox: 6 hits: 10-01 to 10-08] b5919931fe [Firefox:827 hits: 06-20 to 10-11] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 13:16:00 | WinXP | 92.40.215.171 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http irc 88 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7a393628ea [Firefox: 7 hits: 05-12 to 07-15] |
none[4] | none:none |
ASProtect| | none | trace |
| T:13:22:00 | Win2K-f | 71.136.22.207 (PACBELL.NET): PPPOX POOL - RBACK17.IRVNCA.062105-2044, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] b7082104e4 [Firefox:194 hits: 06-18 to 10-11] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:13:23:00 | WinXP | 58.78.38.59 (-): POW-HFC-GOYANG, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn US:208.111.148.108:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
irc http 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 8 of 35 34 of 36 |
09c3d90250 [Firefox:14 hits: 08-04 to 10-09] 8db2b2d9ab NEW 8f34a39070 [Firefox:14 hits: 08-04 to 10-09] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 13:23:00 | WinXP | 77.78.190.93 (-): LULIN-NET, BG. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:56 hits: 09-13 to 10-09] |
none[none] | none:none |
none|none | none | none | |
| 13:23:00 | WinXP | 208.100.231.212 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:101 hits: 01-14 to 10-11] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 13:43:00 | WinXP | 41.214.164.94 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a5321e6292 NEW |
none[none] | none:none |
none|none | none | none |
| 13:53:00 | WinXP | 78.34.52.82 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 67b04ef0c9 NEW |
none[none] | none:none |
none|none | none | none |
| 13:59:00 | WinXP | 80.31.31.252 (CAMPUSPARTY06.NET): TELEFONICA DE ESPANA (NCC#2007050901), ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:101 hits: 01-14 to 10-11] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace | |
| T:14:08:00 | WinXP | 156.17.240.10 (WROC.PL): THE NETWORK COVERS WHOLE WROCLAW AREA, PL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 4 hits: 10-03 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 14:24:00 | WinXP | 81.215.81.9 (TTNET.NET.TR): ADSL-MET-GTEPE-DYNAMIC POOL, ISTANBUL, ISTANBUL, TR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:13 hits: 10-01 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 14:39:00 | WinXP | 78.34.33.125 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | a219ed3aeb [Firefox:27 hits: 08-02 to 10-07] |
none[none] | none:none |
none|none | none | none |
| 14:46:00 | Win2K-f | 24.89.19.246 (MYACTV.NET): ANTIETAM CABLE TELEVISION INC, HAGERSTOWN, MARYLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.126:80 US:205.128.66.124:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:47:00 | WinXP | 89.41.89.223 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | caf7b0fa3d NEW |
none[none] | none:none |
none|none | none | none |
| 14:57:00 | WinXP | 122.16.163.208 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:602 hits: 01-01 to 10-11] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:04:00 | WinXP | 82.226.234.125 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox:10 hits: 02-14 to 10-06] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| 15:04:00 | WinXP | 75.191.130.177 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru DE:212.227.111.29:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:272 hits: 01-01 to 10-11] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:15:20:00 | WinXP | 41.214.175.31 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 3 hits: 10-08 to 10-11] |
none[none] | none:none |
none|none | none | none |
| T:15:29:00 | WinXP | 76.252.200.240 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:463 hits: 12-31 to 10-11] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:40:00 | WinXP | 172.129.100.6 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:41:00 | WinXP | 148.240.130.113 (DIAL.NET.MX): AVANTEL, MX. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f4bec53b23 NEW |
3d33fb63a4 [0] | ASM:Graph |
PolyEnE| | lines=69 | trace |
| T:15:47:00 | WinXP | 122.52.87.140 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
irc 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:52 hits: 06-18 to 10-09] 76ee340669 [Firefox:52 hits: 06-18 to 10-09] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| T:16:19:00 | WinXP | 190.190.38.132 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7756bb9dce NEW |
none[none] | none:none |
none|none | none | none |
| T:16:20:00 | WinXP | 24.76.174.78 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 25 of 34 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] b6cf789b7d [Firefox: 5 hits: 07-22 to 10-03] e07c29c4ae [Firefox:614 hits: 06-19 to 10-11] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 16:21:00 | WinXP | 151.20.68.214 (20-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, MILANO, LOMBARDIA, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:25:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 57ce4acac2 [Firefox:261 hits: 06-17 to 10-11] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:26:00 | Win2K-f | 4.183.176.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HUDSON, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] b5919931fe [Firefox:827 hits: 06-20 to 10-11] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:16:37:00 | WinXP | 70.125.73.99 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.126.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:44:00 | WinXP | 75.60.243.40 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] e07c29c4ae [Firefox:614 hits: 06-19 to 10-11] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:16:55:00 | WinXP | 208.234.50.69 (ARIN.NET): CENTENNIAL DE PUERTO RICO, PR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ae67cf2b10 NEW |
none[none] | none:none |
none|none | none | none |
| T:16:59:00 | WinXP | 41.214.183.70 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox:10 hits: 02-14 to 10-06] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| T:17:01:00 | WinXP | 70.65.170.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:14 hits: 09-16 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 17:08:00 | WinXP | 125.231.1.187 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:18 hits: 02-16 to 10-11] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 17:15:00 | Win2K-f | 63.17.197.49 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:36:00 | WinXP | 205.244.107.140 (-): SIMPLE PC.NET, ELIZABETH CITY, NORTH CAROLINA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:18 hits: 02-16 to 10-11] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 17:57:00 | WinXP | 70.44.32.196 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:21 hits: 09-17 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 18:00:00 | WinXP | 99.129.198.153 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:162 hits: 01-08 to 10-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:18:20:00 | WinXP | 63.160.235.244 (SPRINTLINK.NET): SPRINT, PULLMAN, WASHINGTON, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:32 hits: 09-17 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 18:29:00 | Win2K-f | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 31 of 32 23 of 33 |
b5919931fe [Firefox:827 hits: 06-20 to 10-11] bca9e0fb5f [Firefox:35 hits: 06-18 to 10-05] e53a9ea82e [Firefox:35 hits: 06-18 to 10-05] |
b5919931fe [1] none [4] e53a9ea82e[1] |
ASM:Graph none:none ASM:Graph |
ASProtect| PolyEnE| Armadillo| |
lines=90 none lines=81 |
trace trace trace |
| 18:33:00 | WinXP | 122.214.74.5 (-): G-KG0035N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 18:33:00 | WinXP | 67.150.127.143 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 92c8e458d8 [Firefox: 6 hits: 02-24 to 10-02] |
4ba645ac3a [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:45:00 | Win2K-f | 69.110.85.225 (-): JAY KWON, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:207.123.37.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
irc 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:11 hits: 08-01 to 10-09] dc92683d9a [Firefox:18 hits: 06-19 to 10-09] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:18:53:00 | WinXP | 189.48.160.164 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org :caen.fr.eu.undernet.org SE:qis.md.us.dal.net SE:ozbytes.dal.net US:lia.zanet.net :los-angeles.ca.us.undernet.org AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 69d773e78a [Firefox: 3 hits: 09-28 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 18:54:00 | Win2K-f | 70.75.69.55 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] b5919931fe [Firefox:827 hits: 06-20 to 10-11] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:19:04:00 | Win2K-f | 92.8.64.241 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
115.126.2.121:65520 | 445 | pcap | raw alerts ruleset |
irc 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:05:00 | WinXP | 200.65.102.33 (PRODIGY.NET.MX): UNINET S.A. DE C.V, MEXICO, DISTRITO FEDERAL, MX. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:13 hits: 10-01 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:19:17:00 | WinXP | 122.146.81.89 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:19:00 | Win2K-f | 190.177.64.217 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:23:00 | WinXP | 122.53.49.68 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 821f57b5c5 NEW |
none[none] | none:none |
none|none | none | none |
| 19:45:00 | WinXP | 70.66.214.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COMOX, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 808b913443 NEW |
none[none] | none:none |
none|none | none | none |
| 19:45:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 164 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 119cdb01eb NEW |
none[none] | none:none |
none|none | none | none | |
| T:19:45:00 | WinXP | 70.66.214.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COMOX, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 808b913443 NEW |
none[none] | none:none |
none|none | none | none |
| 19:47:00 | WinXP | 92.40.172.9 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 57 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 32 | 9c037c69f6 [Firefox: 5 hits: 04-21 to 09-25] |
none[3] | none:none |
ASPack| | none | trace |
| T:19:51:00 | WinXP | 208.105.186.90 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:25:00 | WinXP | 24.33.140.129 (RR.COM): ROAD RUNNER HOLDCO LLC, MIAMISBURG, OHIO, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 0c803048e4 [Firefox: 2 hits: 07-26 to 07-29] |
none[none] | none:none |
none|none | none | none |
| 20:30:00 | WinXP | 202.132.163.47 (TTN.NET): TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | dca47dd84c NEW |
none[none] | none:none |
none|none | none | none |
| 20:33:00 | Win2K-f | 70.68.9.39 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.123:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:38:00 | WinXP | 124.100.116.105 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:54:00 | WinXP | 204.193.219.201 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f9e03b93bc [Firefox: 3 hits: 10-09 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:21:06:00 | WinXP | 71.106.175.28 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MONICA, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:459 hits: 01-05 to 10-11] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 21:21:00 | Win2K-f | 24.67.90.168 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
115.126.2.121:65520 72.10.172.218:7382 | :proxim.ircgalaxy.pl CA:italian.swiifatecihno.com |
135 | pcap | raw alerts ruleset |
irc http 851 lines |
Yeah : 1.8 profile |
none | summary tarball |
19 of 36 34 of 36 |
03d5bf43b7 [Firefox: 2 hits: 09-18 to 10-10] d3be2c7a88 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:24:00 | WinXP | 99.148.255.128 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] b7082104e4 [Firefox:194 hits: 06-18 to 10-11] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:21:47:00 | WinXP | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:59:00 | WinXP | 76.78.22.17 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:14 hits: 09-16 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 21:59:00 | WinXP | 76.78.22.17 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:14 hits: 09-16 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 22:05:00 | WinXP | 125.224.107.103 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1309 hits: 12-31 to 10-11] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:16:00 | Win2K-f | 4.235.194.15 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GAINESVILLE, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 523 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 75e371ac2c NEW |
none[none] | none:none |
none|none | none | none | |
| 22:20:00 | WinXP | 58.227.160.61 (HANANET.NET): HANARO TELECOM INC, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:205.128.73.126:80 US:206.33.45.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
irc 125 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:32 hits: 06-21 to 10-10] 58c343a8d8 [Firefox:36 hits: 06-21 to 10-10] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:22:41:00 | WinXP | 24.86.243.14 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] a08f3b74a4 [Firefox:1104 hits: 06-18 to 10-11] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:55:00 | WinXP | 116.59.251.90 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1309 hits: 12-31 to 10-11] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:22:00 | Win2K-f | 121.73.80.140 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 349 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:24 hits: 08-02 to 10-09] a51a50404e [Firefox:24 hits: 08-02 to 10-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:26:00 | WinXP | 91.156.99.15 (ELISA-LAAJAKAISTA.FI): ELISA, FI. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f359170eec NEW |
none[none] | none:none |
none|none | none | none |
| T:23:29:00 | WinXP | 91.156.99.15 (ELISA-LAAJAKAISTA.FI): ELISA, FI. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f359170eec NEW |
none[none] | none:none |
none|none | none | none |
| T:23:35:00 | WinXP | 99.224.119.109 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3102 hits: 06-17 to 10-11] 73f1082158 [Firefox:1520 hits: 06-18 to 10-11] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |