|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:30:00 | Win2K-f | 116.126.246.224 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.110.126:80 US:207.123.37.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc 100 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:164 hits: 06-17 to 10-12] 4c3df24b32 [Firefox:219 hits: 06-17 to 10-12] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:41:00 | WinXP | 117.195.4.61 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:53:00 | WinXP | 79.138.179.113 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 01:10:00 | Win2K-f | 24.83.66.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.47.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
342d138afd NEW 41387a24b0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:12:00 | WinXP | 124.241.144.196 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.47.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:25:00 | WinXP | 69.85.106.130 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:41:00 | Win2K-f | 70.65.17.97 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:204.160.126.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:43:00 | WinXP | 88.110.129.191 (AS9105.COM): TISCALI UK LTD, STOKE ON TRENT, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:465 hits: 01-05 to 10-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:15:00 | WinXP | 79.132.202.148 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 0256a5a5ce NEW |
none[none] | none:none |
none|none | none | none |
| 02:18:00 | WinXP | 74.211.1.231 (BEYONDBB.COM): ORANGE BROADBAND, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:41:00 | WinXP | 203.54.9.126 (TMNS.NET.AU): TELSTRAINTERNET5, WAGGA WAGGA, NEW SOUTH WALES, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:204.160.104.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:55:00 | Win2K-f | 124.241.144.196 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 02:59:00 | WinXP | 211.22.210.69 (EAI.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 574 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 0 of 33 |
55d816f3e9 [Firefox: 4 hits: 09-20 to 09-25] 84a24d85f7 [Firefox: 4 hits: 09-20 to 09-25] e07c29c4ae [Firefox:619 hits: 06-19 to 10-12] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:03:35:00 | WinXP | 92.40.43.231 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 743e23a8fe [Firefox: 5 hits: 10-07 to 10-07] |
none[none] | none:none |
none|none | none | none |
| 03:36:00 | WinXP | 195.174.137.217 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ANKARA, ANKARA, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 54b9f640cd NEW |
none[none] | none:none |
none|none | none | none |
| T:03:40:00 | WinXP | 79.138.132.6 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:42:00 | WinXP | 24.227.249.115 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:43:00 | Win2K-f | 122.146.82.145 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:01:00 | WinXP | 122.53.12.141 (PLDT.NET): IPG, PH. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 6672dcb81a [Firefox: 5 hits: 10-04 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 04:29:00 | WinXP | 41.214.162.86 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 226df4e471 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:34:00 | WinXP | 88.204.194.166 (METRO.ONLINE.KZ): JSC KAZAKHTELECOM KARAGANDA AFFILIATE, KARAGANDA, QARAGHANDY, KZ. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 5 hits: 10-08 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 04:34:00 | WinXP | 70.71.250.130 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:38:00 | Win2K-f | 76.161.74.152 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:58:00 | WinXP | 24.66.58.174 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d2548a0bf5 [Firefox: 3 hits: 10-03 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 05:14:00 | WinXP | 80.199.42.28 (ADSL-FIXED.TELE.DK): TDC-INTERNET-STATIC-ASSIGNED-IP, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:24 hits: 01-20 to 10-12] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 05:23:00 | Win2K-f | 24.85.107.57 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:30:00 | WinXP | 85.139.96.249 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 773d39f53b NEW |
none[none] | none:none |
none|none | none | none | |
| T:05:45:00 | WinXP | 94.137.181.43 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | f665a37b6c NEW |
none[none] | none:none |
none|none | none | none |
| 05:57:00 | WinXP | 115.125.36.182 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:273 hits: 01-01 to 10-12] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 06:16:00 | WinXP | 115.165.79.197 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:465 hits: 01-05 to 10-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:06:28:00 | WinXP | 119.154.18.116 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 188e34fe5a NEW |
none[none] | none:none |
none|none | none | none |
| 06:36:00 | WinXP | 216.76.236.91 (BELLSOUTH.NET): BELLSOUTH.NET INC, FLORENCE, ALABAMA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
none 27 of 36 |
15becf5d1b NEW ade75b3df3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:45:00 | WinXP | 195.215.230.150 (RAS.TELE.DK): TELEDANMARK-DIAL-UP-USERS, KOLDING, VEJLE, DK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:164 hits: 01-08 to 10-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:01:00 | WinXP | 88.239.21.181 (-): TT ADSL-METEKSAN DINAMIK_GAY, ISTANBUL, ISTANBUL, TR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:15 hits: 10-01 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 07:23:00 | WinXP | 218.138.220.112 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] e07c29c4ae [Firefox:619 hits: 06-19 to 10-12] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:07:30:00 | WinXP | 71.72.163.74 (RR.COM): ROAD RUNNER HOLDCO LLC, GREENVILLE, OHIO, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:20 hits: 02-16 to 10-12] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 07:41:00 | WinXP | 117.99.49.95 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 7 hits: 10-03 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 07:44:00 | Win2K-f | 4.130.197.207 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CORPUS CHRISTI, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 72 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] b7082104e4 [Firefox:196 hits: 06-18 to 10-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:07:48:00 | WinXP | 219.105.110.118 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1a8dccb1b8 [Firefox: 2 hits: 10-06 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 07:50:00 | WinXP | 116.206.16.184 (-): MOBIF WIRELESS BROADBAND SDN. BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:57:00 | WinXP | 119.154.35.49 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d8f69db80b NEW |
none[none] | none:none |
none|none | none | none |
| 08:03:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 57ce4acac2 [Firefox:266 hits: 06-17 to 10-12] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:07:00 | WinXP | 68.207.250.183 (RR.COM): ROAD RUNNER HOLDCO LLC, ST. PETERSBURG, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:08:00 | Win2K-f | 219.255.6.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
irc 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 32 of 33 |
0a2b1894da [Firefox: 9 hits: 06-26 to 09-26] 414b95a784 [Firefox: 9 hits: 06-26 to 09-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:24:00 | Win2K-f | 93.81.27.4 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:08:38:00 | WinXP | 81.84.201.197 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 13754a62da NEW |
none[none] | none:none |
none|none | none | none |
| 08:48:00 | WinXP | 76.252.200.240 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:465 hits: 12-31 to 10-12] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:50:00 | WinXP | 93.184.226.141 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1540ff87bb [Firefox: 2 hits: 10-04 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 08:54:00 | WinXP | 124.241.148.4 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:198.78.201.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] b7082104e4 [Firefox:196 hits: 06-18 to 10-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:09:00 | WinXP | 83.94.168.173 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 370490ea31 NEW |
none[none] | none:none |
none|none | none | none |
| 09:11:00 | WinXP | 79.45.229.245 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:164 hits: 01-08 to 10-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 09:27:00 | WinXP | 93.120.176.163 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:41:00 | Win2K-f | 71.104.35.129 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ONTARIO, CALIFORNIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:09:43:00 | WinXP | 87.57.14.96 (BROADBAND.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:22 hits: 09-14 to 10-11] |
none[none] | none:none |
none|none | none | none |
| T:09:54:00 | Win2K-f | 98.175.27.122 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:11:00 | WinXP | 90.150.227.125 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | de3e454a46 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:15:00 | WinXP | 83.125.98.152 (SIGN2.DE): LAMBDANET COMMUNICATIONS, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 95cb430c7f NEW |
none[none] | none:none |
none|none | none | none |
| 10:19:00 | WinXP | 122.233.73.181 (HZ.ZJ.CN): CHINANET ZHEJIANG PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 0c803048e4 [Firefox: 3 hits: 07-26 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:10:23:00 | WinXP | 70.45.79.136 (ONELINKPR.NET): SAN JUAN CABLE LLC, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c8b86ec020 NEW |
none[none] | none:none |
none|none | none | none |
| 10:41:00 | WinXP | 78.84.212.116 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 75347e3aaf NEW |
none[none] | none:none |
none|none | none | none |
| 10:55:00 | WinXP | 89.50.108.84 (PPPOOL.DE): FREENET CITYLINE GMBH, DE. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:273 hits: 01-01 to 10-12] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:11:03:00 | WinXP | 217.249.167.30 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:164 hits: 01-08 to 10-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 11:08:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 5 hits: 10-08 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:11:22:00 | WinXP | 217.201.132.218 (-): TELECOM ITALIA MOBILE, FIRENZE, TOSCANA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 97afa4f2dc NEW |
none[none] | none:none |
none|none | none | none |
| 11:22:00 | WinXP | 217.201.132.218 (-): TELECOM ITALIA MOBILE, FIRENZE, TOSCANA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 97afa4f2dc NEW |
none[none] | none:none |
none|none | none | none |
| 11:25:00 | Win2K-f | 99.224.119.109 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:35:00 | WinXP | 83.29.108.236 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:42:00 | WinXP | 189.49.111.48 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:11:50:00 | Win2K-f | 75.16.249.17 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:08:00 | WinXP | 217.203.201.206 (-): TELECOM ITALIA MOBILE, IT. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | dced8ac2bf NEW |
none[none] | none:none |
none|none | none | none |
| T:12:14:00 | WinXP | 24.82.80.190 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
342d138afd NEW 41387a24b0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:25:00 | WinXP | 85.86.117.155 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:25:00 | WinXP | 85.86.117.155 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:32:00 | WinXP | 92.114.177.111 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 2e59221683 NEW |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | WinXP | 124.81.145.113 (CARSURIN.COM): PT INDOSAT MEGA MEDIA, ID. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:22 hits: 09-17 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 12:44:00 | WinXP | 41.214.161.176 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox:12 hits: 02-14 to 10-12] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| 12:51:00 | WinXP | 212.96.102.176 (STV.RU): TRUNK LINE EXCHANGE OF STAVROPOL, RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:57:00 | Win2K-f | 121.73.22.193 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:25 hits: 08-02 to 10-12] a51a50404e [Firefox:25 hits: 08-02 to 10-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 13:14:00 | WinXP | 24.188.235.252 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), NEWARK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:15:00 | Win2K-f | 74.211.1.231 (BEYONDBB.COM): ORANGE BROADBAND, CHARLOTTE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:31:00 | WinXP | 72.131.81.202 (RR.COM): ROAD RUNNER HOLDCO LLC, BROOKFIELD, WISCONSIN, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:36:00 | WinXP | 87.57.144.43 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | RU:moscow-advokat.ru EU:gaz-prom.ru |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1f00284aa7 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:37:00 | WinXP | 92.41.97.81 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 51b7b46a6b NEW |
none[none] | none:none |
none|none | none | none |
| T:13:38:00 | WinXP | 190.138.29.163 (NET.AR): TELECOM ARGENTINA S.A, AR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru :ntkrnlpa.cn UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 516f7aaac5 [Firefox: 9 hits: 09-19 to 09-28] |
none[none] | none:none |
none|none | none | none |
| T:13:48:00 | WinXP | 78.97.61.239 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 5 hits: 10-03 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:13:52:00 | WinXP | 41.214.164.18 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:59:00 | WinXP | 83.93.185.188 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, ROSKILDE, ROSKILDE, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e NEW |
none[none] | none:none |
none|none | none | none |
| 14:42:00 | WinXP | 41.214.185.239 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 5 hits: 10-08 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:14:43:00 | WinXP | 41.214.185.239 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 5 hits: 10-08 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:14:44:00 | WinXP | 83.93.192.213 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:viking.dal.net SE:ced.dal.net SE:qis.md.us.dal.net FI:london.uk.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 5 hits: 10-03 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:15:14:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:30:00 | WinXP | 76.172.175.132 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:604 hits: 01-01 to 10-12] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:31:00 | Win2K-f | 24.84.232.228 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:33:00 | WinXP | 71.111.233.230 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DURHAM, NORTH CAROLINA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1312 hits: 12-31 to 10-12] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 15:41:00 | WinXP | 79.138.130.143 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net :gaspode.zanet.org.za SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:46:00 | WinXP | 203.184.0.190 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, HAMILTON, WAIKATO, NZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:103 hits: 01-14 to 10-12] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 16:02:00 | WinXP | 24.67.90.168 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com US:do-make-progress.com US:xpas-2009.com :wpad :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com DE:kitroneza.cn IL:wr.kastora.com IL:194.90.224.86:80 |
135 | pcap | raw alerts ruleset |
irc http 856 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 15 of 36 none 18 of 36 34 of 36 |
40d8554b40 [Firefox: 2 hits: 10-07 to 10-07] 9018b01028 NEW ac9e444ce0 NEW d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] d3be2c7a88 [Firefox: 2 hits: 09-30 to 10-12] |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:16:06:00 | WinXP | 78.84.212.116 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 75347e3aaf NEW |
none[none] | none:none |
none|none | none | none |
| 16:07:00 | WinXP | 24.56.253.140 (CABLESPEED.COM): MILLENNIUM DIGITAL MEDIA L.L.C, SOUTH LYON, MICHIGAN, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eb9524b2fc NEW |
none[none] | none:none |
none|none | none | none |
| 16:08:00 | WinXP | 70.71.11.164 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:18:00 | Win2K-f | 63.18.226.105 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:28:00 | WinXP | 24.59.6.38 (RR.COM): ROAD RUNNER HOLDCO LLC, ROME, NEW YORK, US. |
n/a | DE:siliconfireware.ru DE:ebookfinaltrash.ru :wpad GB:welcome3.smile.co.uk GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:273 hits: 01-01 to 10-12] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:16:45:00 | Win2K-f | 4.85.128.156 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 104 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] b7082104e4 [Firefox:196 hits: 06-18 to 10-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:16:49:00 | WinXP | 66.66.208.210 (RR.COM): ROAD RUNNER HOLDCO LLC, ALBANY, NEW YORK, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:00:00 | WinXP | 67.11.54.216 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:44 hits: 08-09 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 17:13:00 | WinXP | 118.168.207.164 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 17:13:00 | Win2K-f | 204.116.78.127 (SPIRITTELECOM.COM): KLERK'S PLASTIC PRODUCTS MFGG INC, CHESTER, SOUTH CAROLINA, US. (DSL) |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b156.bundlext.com |
135 | pcap | raw alerts ruleset |
http irc 143 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 22 of 36 0 of 32 18 of 36 32 of 36 |
05688324d2 NEW 59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] b5919931fe [Firefox:833 hits: 06-20 to 10-12] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] db34e6277c NEW |
none[none] none [none] b5919931fe[1] none [none] none [none] |
none:none none:none ASM:Graph none:none none:none |
none|none none|none ASProtect| none|none none|none |
none none lines=90 none none |
none none trace none none |
| T:17:15:00 | WinXP | 67.10.111.167 (RR.COM): ROAD RUNNER HOLDCO LLC, EL PASO, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:55 hits: 01-02 to 10-11] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:30:00 | WinXP | 125.101.54.39 (UCOM.NE.JP): G-MG0001N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 33 | 3e209ce796 [Firefox: 3 hits: 06-19 to 08-30] |
none[4] | none:none |
none|none | none | trace | |
| 17:30:00 | Win2K-f | 118.169.43.81 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl IL:wrsavn.kastora.com :fleshkatera.cn :lolika.cn US:do-scan-progress.com US:do-make-progress.com 115.126.2.110:80 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
8af04626fa NEW ac9e444ce0 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:36:00 | WinXP | 190.189.231.89 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 9ccd361742 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:47:00 | WinXP | 200.117.105.54 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1cd89685c0 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:53:00 | WinXP | 76.78.22.176 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:17 hits: 09-16 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 17:59:00 | WinXP | 63.25.250.58 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:465 hits: 01-05 to 10-12] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:01:00 | WinXP | 190.226.147.40 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:22 hits: 09-17 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:18:10:00 | WinXP | 69.154.133.142 (SWBELL.NET): PPPOX POOL - BRAS1 STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com GB:www.chechenpress.co.uk :www.islamicfinder.org US:www.youtube.com US:208.73.210.32:80 GB:217.194.210.198:80 US:66.242.19.44:80 |
445 | pcap | raw alerts ruleset |
http http 464 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:47 hits: 01-02 to 10-10] |
none[3] | none:none |
ASPack| | none | trace |
| 18:22:00 | WinXP | 208.34.236.168 (ESINC.NET): ELECTRONIC SOLUTION INC, ROXBORO, NORTH CAROLINA, US. |
n/a | EU:siliconfireware.ru EU:ebookfinaltrash.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none 23 of 32 |
a61344590a NEW ba063349f2 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:22:00 | WinXP | 72.47.53.193 (CEBRIDGE.NET): CEBRIDGE CONNECTIONS, CABOT, ARKANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:41:00 | WinXP | 75.138.116.104 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:02:00 | WinXP | 66.53.81.178 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 19:03:00 | WinXP | 66.53.81.178 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 19:05:00 | WinXP | 216.77.195.194 (BELLSOUTH.NET): BELLSOUTH.NET INC, NEW ORLEANS, LOUISIANA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f9e03b93bc [Firefox: 4 hits: 10-09 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 19:24:00 | WinXP | 204.193.215.146 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f9e03b93bc [Firefox: 4 hits: 10-09 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:19:27:00 | WinXP | 190.208.68.12 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 4e9a076b3a NEW |
none[none] | none:none |
none|none | none | none |
| 19:39:00 | Win2K-f | 67.212.60.132 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 19:48:00 | WinXP | 99.180.48.162 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 83 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:50:00 | WinXP | 204.193.220.44 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee NEW |
none[none] | none:none |
none|none | none | none |
| T:19:51:00 | Win2K-f | 61.187.136.202 (CS.HN.CN): CHINANET-HN CHANGSHA NODE NETWORK, CHANGSHA, HUNAN, CN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 19:54:00 | Win2K-f | 4.168.21.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CARSON, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] b7082104e4 [Firefox:196 hits: 06-18 to 10-12] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:19:56:00 | Win2K-f | 211.215.171.8 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com IL:weba.freeprod.com US:b161.bundlext.com CA:prime.webhancer.com US:b157.bundlext.com US:www.speed-runner.com US:206.251.244.224:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
irc http http http http 437 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 31 of 33 22 of 36 22 of 36 18 of 36 |
14d64882da [Firefox: 3 hits: 09-21 to 10-06] 1509c8d024 [Firefox:38 hits: 06-17 to 10-11] 46671c0870 [Firefox: 2 hits: 09-27 to 10-07] 59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] |
none[none] none [4] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none tElock| none|none none|none none|none |
none none none none none |
none trace none none none |
| T:19:56:00 | WinXP | 59.51.230.146 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | DE:siliconfireware.ru US:searchportal.information.com DE:ebookfinaltrash.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:577 hits: 01-01 to 10-11] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 19:58:00 | WinXP | 76.200.154.171 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:164 hits: 01-08 to 10-12] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:20:17:00 | Win2K-f | 75.49.187.236 (-): SECURITY & SPY, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:34:00 | Win2K-f | 211.239.4.83 (EPNETWORKS.CO.KR): ENTERPRISENET-INFRA, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b158.bundlext.com :randomnewnames.com US:207.123.42.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc http 154 lines |
Yeah : 1.8 profile |
none | summary tarball |
22 of 36 32 of 33 0 of 32 29 of 33 18 of 36 |
59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] 686d4ca67b [Firefox: 9 hits: 07-08 to 10-01] b5919931fe [Firefox:833 hits: 06-20 to 10-12] b7e379b157 [Firefox: 9 hits: 07-08 to 10-01] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] |
none[none] none [none] b5919931fe[1] none [none] none [none] |
none:none none:none ASM:Graph none:none none:none |
none|none none|none ASProtect| none|none none|none |
none none lines=90 none none |
none none trace none none |
| 21:03:00 | Win2K-f | 219.137.169.55 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
115.126.2.121:65520 | IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com :randomnewnames.com 76.9.9.190:80 |
445 | pcap | raw alerts ruleset |
irc http 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 36 18 of 36 |
59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:16:00 | Win2K-f | 218.117.136.125 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:21:00 | Win2K-f | 61.144.97.52 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
115.126.2.121:65520 | IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com :proxim.ircgalaxy.pl IL:wrsavn.kastora.com 115.126.2.121:65520 IL:194.90.224.86:80 |
445 | pcap | raw alerts ruleset |
irc http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 36 18 of 36 |
59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:40:00 | Win2K-f | 70.248.127.149 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:46:00 | WinXP | 65.27.194.90 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:57:00 | WinXP | 81.202.215.238 (ONO.COM): CABLEUROPA - ONO, VALENCIA, VALENCIA, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 32bb42820b NEW |
none[none] | none:none |
none|none | none | none |
| T:22:00:00 | WinXP | 117.99.61.35 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru :washington.dc.us.undernet.org :caen.fr.eu.undernet.org AT:graz.at.eu.undernet.org SE:broadway.ny.us.dal.net SE:ozbytes.dal.net SE:viking.dal.net :lulea.se.eu.undernet.org SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:736 hits: 12-31 to 10-12] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:02:00 | Win2K-f | 69.111.195.68 (SBCGLOBAL.NET): PPPOX POOL RBACK1.SNFC21, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:06:00 | Win2K-f | 69.111.195.68 (SBCGLOBAL.NET): PPPOX POOL RBACK1.SNFC21, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:207.123.42.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:21:00 | Win2K-f | 60.251.235.190 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 57ce4acac2 [Firefox:266 hits: 06-17 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:54:00 | Win2K-f | 76.231.8.217 (SBCGLOBAL.NET): PPPOX POOL - BRAS16.LSAN, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.53.125:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] 73f1082158 [Firefox:1531 hits: 06-18 to 10-12] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:06:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox: 5 hits: 10-08 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 23:07:00 | WinXP | 89.37.199.189 (SMANET.RO): JUMP NETWORK SERVICES S.R.L, RO. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru :ntkrnlpa.cn |
445 | pcap | raw alerts ruleset |
http irc 6 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | a2480be3f3 NEW |
none[none] | none:none |
none|none | none | none |
| 23:13:00 | Win2K-f | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] a08f3b74a4 [Firefox:1119 hits: 06-18 to 10-12] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:18:00 | Win2K-f | 4.182.72.200 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 402 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | b2aa60cb38 [Firefox: 2 hits: 07-11 to 07-19] |
none[none] | none:none |
none|none | none | none | |
| 23:25:00 | WinXP | 70.66.82.134 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:b152.bundlext.com IL:194.90.224.86:80 |
135 | pcap | raw alerts ruleset |
irc http 613 lines |
Yeah : 1.3 profile |
none | summary tarball |
22 of 36 34 of 36 18 of 36 33 of 36 |
59f1b164b0 [Firefox:10 hits: 10-06 to 10-07] 6ea2758c07 [Firefox: 2 hits: 10-07 to 10-12] d2e0990a9d [Firefox:12 hits: 10-06 to 10-07] d4406c307b [Firefox: 2 hits: 10-07 to 10-12] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| T:23:29:00 | WinXP | 82.236.227.25 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru :ntkrnlpa.cn UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 43846e1a17 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:29:00 | WinXP | 77.37.134.56 (NCNET.RU): NCN-INFRA, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 7 hits: 10-03 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 23:50:00 | Win2K-f | 75.34.107.250 (SBCGLOBAL.NET): MOHSEN KHAZIRI DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3135 hits: 06-17 to 10-12] b5919931fe [Firefox:833 hits: 06-20 to 10-12] b7082104e4 [Firefox:196 hits: 06-18 to 10-12] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |