|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:43:00 | WinXP | 82.66.46.220 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b072dd40a7 NEW |
none[none] | none:none |
none|none | none | none |
| 00:51:00 | WinXP | 202.39.210.91 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 01:01:00 | Win2K-f | 66.209.137.16 (BRIGHTOHIO.NET): TSC, AKRON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 |
039e3fa376 [Firefox:10 hits: 07-24 to 10-12] 76f2c59ef8 [Firefox:10 hits: 07-24 to 10-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:24:00 | WinXP | 94.50.158.196 (-): . |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | de3e454a46 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:34:00 | WinXP | 77.254.153.92 (COM.PL): NETIA, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox:13 hits: 02-14 to 10-13] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| 01:52:00 | Win2K-f | 221.143.244.51 (-): HANANET-LLINE-BOSUNGCATV, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com IL:wrsavn.kastora.com US:dl2.bundlext.com US:206.251.244.252:8080 |
135 | pcap | raw alerts ruleset |
irc http 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 34 of 36 22 of 36 18 of 36 |
168aab35a3 [Firefox:165 hits: 06-17 to 10-13] 58828b2adc NEW 59f1b164b0 [Firefox:16 hits: 10-06 to 10-13] d2e0990a9d [Firefox:19 hits: 10-06 to 10-13] |
none[4] none [none] none [none] none [none] |
none:none none:none none:none none:none |
tElock| none|none none|none none|none |
none none none none |
trace none none none |
| T:01:56:00 | WinXP | 77.198.63.211 (GAOLAND.NET): DYNAMIC POOLS, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox: 2 hits: 10-11 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 02:05:00 | Win2K-f | 210.146.136.78 (VECTANT.NE.JP): SEIKA CORPORATION, JP. |
115.126.2.121:65520 | IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com |
139 | pcap | raw alerts ruleset |
irc http 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 22 of 36 18 of 36 |
1334727ca4 NEW 59f1b164b0 [Firefox:16 hits: 10-06 to 10-13] d2e0990a9d [Firefox:19 hits: 10-06 to 10-13] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:02:47:00 | WinXP | 219.110.165.209 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:468 hits: 01-05 to 10-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:51:00 | WinXP | 87.110.106.116 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:16 hits: 10-01 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 03:20:00 | WinXP | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:03:22:00 | WinXP | 83.93.192.47 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 370490ea31 NEW |
none[none] | none:none |
none|none | none | none |
| 03:23:00 | WinXP | 83.93.192.47 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 370490ea31 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:27:00 | Win2K-f | 70.74.198.2 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
12e484a198 [Firefox: 6 hits: 10-01 to 10-12] 2e43dc0077 [Firefox: 7 hits: 10-01 to 10-12] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:32:00 | WinXP | 114.48.172.222 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0d2740acc9 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:44:00 | WinXP | 114.138.237.232 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 8c4a10d53a NEW |
none[none] | none:none |
none|none | none | none |
| 03:47:00 | WinXP | 186.9.46.172 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:59:00 | Win2K-f | 88.118.100.15 (ZEBRA.LT): LIETUVOS-TELEKOMAS, LT. |
n/a | 135 | pcap | raw alerts ruleset |
other 51 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 04:04:00 | WinXP | 69.85.103.137 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1319 hits: 12-31 to 10-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:04:04:00 | WinXP | 69.85.103.137 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1319 hits: 12-31 to 10-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 04:33:00 | WinXP | 119.154.67.249 (-): . |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:276 hits: 01-01 to 10-13] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:04:35:00 | WinXP | 85.178.117.158 (ALICEDSL.DE): HANSENET-ADSL, BERLIN, BERLIN, DE. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ef99fdb440 NEW |
none[none] | none:none |
none|none | none | none |
| 04:38:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:04:57:00 | WinXP | 216.211.244.51 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.123:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:04:00 | WinXP | 70.74.198.2 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
12e484a198 [Firefox: 6 hits: 10-01 to 10-12] 2e43dc0077 [Firefox: 7 hits: 10-01 to 10-12] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 05:09:00 | WinXP | 98.121.142.178 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:11:00 | WinXP | 75.138.119.27 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c3e3fb2336 NEW |
none[none] | none:none |
none|none | none | none |
| 05:18:00 | Win2K-f | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:206.33.45.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 57ce4acac2 [Firefox:268 hits: 06-17 to 10-13] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:23:00 | WinXP | 151.80.207.237 (38-151.NET24.IT): IUNET-BNET, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:24 hits: 09-17 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 05:36:00 | WinXP | 68.150.153.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LEDUC, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:206.33.45.125:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:38:00 | WinXP | 74.67.71.104 (RR.COM): ROAD RUNNER HOLDCO LLC, ONEONTA, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:45:00 | WinXP | 87.247.111.182 (-): MIKROVISATA, LT. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 14f00c2b4f NEW |
none[none] | none:none |
none|none | none | none |
| T:05:56:00 | WinXP | 118.12.203.161 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:605 hits: 01-01 to 10-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:00:00 | WinXP | 211.132.101.236 (QTNET.NE.JP): KYUSHU TELECOMMUNICATION NETWORK CO. INC, JP. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
18 of 29 | 0f033f7f3a [Firefox: 2 hits: 05-10 to 07-22] |
none[4] | none:none |
PolyEnE| | none | trace |
| 06:01:00 | WinXP | 78.159.39.88 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a2652dba42 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:08:00 | WinXP | 217.184.65.217 (MEDIAWAYS.NET): VARIOUS ONLINE SERVICES, DE. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad GB:new.egg.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:276 hits: 01-01 to 10-13] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:06:12:00 | Win2K-f | 98.141.160.84 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:44:00 | WinXP | 121.84.244.108 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:168 hits: 01-08 to 10-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 06:49:00 | WinXP | 65.166.185.165 (RURALTEL.NET): NEX-TECH, HAYS, KANSAS, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 34 of 36 |
04c1891b64 NEW e54e04c818 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:10:00 | WinXP | 121.84.178.17 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:168 hits: 01-08 to 10-13] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:11:00 | WinXP | 80.196.58.21 (PAISDN.TELE.DK): LOCAL ASSIGNMENTS FOR PROACCESS ISDN, ROSKILDE, ROSKILDE, DK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 7 hits: 10-03 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 07:18:00 | WinXP | 24.59.6.38 (RR.COM): ROAD RUNNER HOLDCO LLC, ROME, NEW YORK, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:276 hits: 01-01 to 10-13] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 07:30:00 | WinXP | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 29ae13a587 [Firefox: 2 hits: 10-02 to 10-11] |
none[none] | none:none |
none|none | none | none | |
| T:07:34:00 | WinXP | 66.53.80.182 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, PHOENIX, ARIZONA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:36:00 | Win2K-f | 222.237.133.203 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http irc 106 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 32 30 of 32 |
1509c8d024 [Firefox:39 hits: 06-17 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] f23b040440 [Firefox:26 hits: 06-22 to 10-11] |
none[4] b5919931fe[1] f23b040440[1] |
none:none ASM:Graph ASM:Graph |
tElock| ASProtect| Armadillo| |
none lines=90 lines=82 |
trace trace trace |
| T:07:45:00 | WinXP | 122.131.223.86 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:605 hits: 01-01 to 10-13] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:46:00 | Win2K-f | 122.53.115.32 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 203 lines |
Yeah : 1.3 profile |
none | summary tarball |
11 of 36 | 06cb56042a NEW |
none[none] | none:none |
none|none | none | none | |
| 07:52:00 | Win2K-f | 118.161.10.74 (-): . |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn **:169.254.226.2:707 |
135 | pcap | raw alerts ruleset |
irc http 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 36 13 of 36 |
ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] d3676fbbaf NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:56:00 | Win2K-f | 24.76.19.120 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WHITE ROCK SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 692 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | e428323205 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:15:00 | WinXP | 121.84.17.67 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d54144c625 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:52:00 | Win2K-f | 98.25.104.141 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 08:52:00 | WinXP | 93.81.183.51 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :wpad US:do-scan-progress.com US:do-make-progress.com US:xpas-2009.com :proxim.ircgalaxy.pl DE:kitroneza.cn DE:rushprotect.net DE:prxw.com 115.126.2.121:65520 DE:87.118.120.203:80 |
445 | pcap | raw alerts ruleset |
irc http 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 36 13 of 36 |
ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] f693f4c141 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:56:00 | WinXP | 66.190.160.46 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 [Firefox: 3 hits: 10-07 to 10-11] |
none[none] | none:none |
none|none | none | none |
| T:08:56:00 | WinXP | 66.190.160.46 (CHARTER.COM): CHARTER COMMUNICATIONS, LAGRANGE, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 [Firefox: 3 hits: 10-07 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 08:59:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:10 hits: 10-08 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 09:04:00 | Win2K-f | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.37.123:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:11:00 | WinXP | 80.201.117.122 (ISP.BELGACOM.BE): BELGACOM-ADSL, MONS, HAINAUT, BE. (DSL) |
115.126.2.121:65520 | US:do-monster-progress.com US:xpas-2009.com US:domonster-progress.com US:do-scan-progress.com US:do-make-progress.com :proxim.ircgalaxy.pl DE:kitroneza.cn US:do-progress.com DE:rushprotect.net US:do-managed-scan.com DE:prxw.com US:do-power-scan.com US:do-step-scan.com 115.126.2.121:65520 US:206.161.120.26:80 US:208.73.210.32:80 US:216.195.58.158:80 US:216.195.58.165:80 DE:87.118.120.203:80 DE:87.118.121.203:80 |
445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:24:00 | WinXP | 83.181.43.205 (TELE2.AT): TELE2 AUSTRIA, VIENNA, WIEN, AT. |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 393f45ca33 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:29:00 | WinXP | 211.176.30.153 (-): HANMAG FUTURES COPORATION, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:165 hits: 06-17 to 10-13] 667f0c59f3 [Firefox:28 hits: 07-04 to 10-06] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 09:36:00 | WinXP | 190.179.204.81 (-): . |
115.126.2.121:65520 | US:xpas-2009.com US:do-scan-progress.com US:do-make-progress.com :proxim.ircgalaxy.pl DE:kitroneza.cn US:do-progress.com DE:rushprotect.net US:do-managed-scan.com DE:prxw.com US:do-power-scan.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn 115.126.2.121:65520 US:206.161.120.26:80 US:208.73.210.32:80 US:216.195.58.158:80 DE:87.118.120.203:80 DE:87.118.121.203:80 |
445 | pcap | raw alerts ruleset |
irc http 32 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 36 8 of 36 |
6aa8ae584b NEW ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:40:00 | WinXP | 78.34.25.241 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 4 hits: 10-06 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 09:47:00 | WinXP | 114.48.137.250 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-02.mx.aol.com US:ftp.newaol.com US:yutunrz.1dumb.com US:mailin-01.mx.aol.com US:mailin-04.mx.aol.com :wpad 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
ftp irc http http 184 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 36 1 of 36 35 of 36 |
3a826ca758 NEW af32264ae0 NEW bbcf692168 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 09:55:00 | WinXP | 81.9.146.189 (CM-81-9-146-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
115.126.2.121:65520 | US:xpas-2009.com US:do-step-scan.com US:do-monster-progress.com US:domonster-progress.com US:domonster-scan.com US:dopower-scan.com US:dostep-scan.com US:do-scan-progress.com :proxim.ircgalaxy.pl US:do-make-progress.com DE:kitroneza.cn US:do-progress.com DE:rushprotect.net US:do-managed-scan.com DE:prxw.com US:do-power-scan.com 115.126.2.121:65520 US:206.161.120.26:80 US:208.73.210.32:80 US:216.195.58.158:80 DE:87.118.120.203:80 |
445 | pcap | raw alerts ruleset |
http irc 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:55:00 | WinXP | 81.9.146.189 (CM-81-9-146-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 03c06c736c [Firefox: 6 hits: 10-04 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 10:00:00 | Win2K-f | 123.236.63.77 (-): RELIANCE INFOCOMM LIMITED, CHANDIGARH, CHANDIGARH, IN. |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:01:00 | WinXP | 97.103.237.52 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:01:00 | WinXP | 81.181.83.132 (AIRBITES.RO): SC ISP TOPALL SRL, RO. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4aeb3ad750 NEW |
none[none] | none:none |
none|none | none | none |
| 10:10:00 | WinXP | 88.16.169.96 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ES. |
n/a | US:domonster-scan.com US:xpas-2009.com US:dopower-scan.com US:do-scan-progress.com :proxim.ircgalaxy.pl DE:kitroneza.cn US:do-make-progress.com US:do-progress.com DE:rushprotect.net US:do-managed-scan.com DE:prxw.com US:do-power-scan.com US:do-step-scan.com US:do-monster-progress.com US:domonster-progress.com 115.126.2.121:65520 US:206.161.120.26:80 US:208.73.210.32:80 US:216.195.58.158:80 DE:87.118.120.203:80 DE:87.118.121.203:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:44:00 | WinXP | 193.248.223.78 (ABO.WANADOO.FR): WANADOO FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:466 hits: 12-31 to 10-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 10:49:00 | WinXP | 76.174.145.55 (RR.COM): ROAD RUNNER HOLDCO LLC, MORENO VALLEY, CALIFORNIA, US. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:104 hits: 01-14 to 10-13] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace | |
| 11:00:00 | WinXP | 70.44.43.165 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:24 hits: 09-17 to 10-13] |
none[none] | none:none |
none|none | none | none | |
| 11:12:00 | WinXP | 117.99.44.64 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:45 hits: 08-09 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:11:13:00 | WinXP | 117.99.44.64 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:45 hits: 08-09 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 11:14:00 | WinXP | 64.184.20.81 (SWAYZEE.COM): SWAYZEE TELEPHONE CO, DALLAS, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 49d6cdaab4 [Firefox:10 hits: 09-13 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 11:27:00 | WinXP | 70.183.165.173 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http irc 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 0 of 33 28 of 33 |
da00a8e7a1 [Firefox:27 hits: 08-05 to 10-11] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] f685f8e027 [Firefox:31 hits: 06-18 to 10-11] |
none[none] e07c29c4ae[1] f685f8e027[1] |
none:none ASM:Graph ASM:Graph |
none|none FSG| Armadillo| |
none lines=92 lines=82 |
none trace trace |
| T:11:52:00 | WinXP | 24.234.76.228 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 11:56:00 | WinXP | 61.229.2.6 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e03e10ad4a NEW |
none[none] | none:none |
none|none | none | none |
| 12:00:00 | WinXP | 114.137.168.124 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 1a88bd5450 [Firefox: 3 hits: 10-02 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 12:03:00 | Win2K-f | 71.117.182.121 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PORTLAND, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 12:10:00 | WinXP | 170.51.70.95 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 02edd57824 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:10:00 | WinXP | 170.51.70.95 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 02edd57824 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:20:00 | WinXP | 84.73.210.191 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 152f4c79b5 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:22:00 | WinXP | 172.191.243.126 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:23:00 | WinXP | 91.65.206.80 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | UA:citi-bank.ru :makemegood24.com :32d4b.makemegood24.com :aaakemegood24.com :perfectchoice1.com :38cc0.perfectchoice1.com :bparfectchoice1.com DE:cash-ddt.net UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox: 2 hits: 10-11 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 12:28:00 | WinXP | 4.178.192.225 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HILLSBORO, OREGON, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:12:31:00 | WinXP | 91.124.143.24 (UKRTEL.NET): UKRTELECOM, BROVARY, KYYIVS'KA OBLAST', UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:58 hits: 09-13 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 12:33:00 | WinXP | 93.147.130.181 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:47:00 | WinXP | 70.66.207.90 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn DE:kitroneza.cn US:do-scan-progress.com :wpad US:do-make-progress.com US:xpas-2009.com US:208.73.210.32:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
irc http 1473 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 36 32 of 36 8 of 36 0 of 33 34 of 36 |
39a09e7f90 NEW 44066f376e NEW ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] ed72d7ec47 NEW |
none[none] none [none] none [none] e07c29c4ae[1] none [none] |
none:none none:none none:none ASM:Graph none:none |
none|none none|none none|none FSG| none|none |
none none none lines=92 none |
none none none trace none |
| T:13:01:00 | WinXP | 75.136.203.95 (CHARTER.COM): CHARTER COMMUNICATIONS, MORRISTOWN, TENNESSEE, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 9 hits: 10-03 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:13:02:00 | Win2K-f | 216.211.249.202 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:02:00 | WinXP | 75.136.203.95 (CHARTER.COM): CHARTER COMMUNICATIONS, MORRISTOWN, TENNESSEE, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 9 hits: 10-03 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:13:05:00 | WinXP | 87.247.111.3 (-): MIKROVISATA, LT. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a917b38976 NEW |
none[none] | none:none |
none|none | none | none |
| 13:05:00 | WinXP | 24.65.243.184 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | dbbc586732 [Firefox:35 hits: 07-28 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:13:28:00 | WinXP | 82.239.32.38 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:10 hits: 10-08 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:13:30:00 | WinXP | 94.191.131.34 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:162 hits: 01-03 to 10-12] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:33:00 | WinXP | 98.140.229.179 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:38:00 | Win2K-f | 68.126.243.226 (PACBELL.NET): AT&T INTERNET SERVICES, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 13:38:00 | WinXP | 83.49.120.226 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:104 hits: 01-14 to 10-13] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:13:38:00 | WinXP | 83.49.120.226 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ALICANTE, VALENCIA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:104 hits: 01-14 to 10-13] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:13:46:00 | WinXP | 98.135.23.58 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 82573923df [Firefox: 3 hits: 09-26 to 10-05] |
none[none] | none:none |
none|none | none | none |
| T:14:02:00 | WinXP | 89.1.90.226 (BARAK-ONLINE.NET): BARAK, NATANYA, HAMERKAZ (CENTRAL), IL. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | f8c222e89e NEW |
none[none] | none:none |
none|none | none | none |
| T:14:10:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:466 hits: 12-31 to 10-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:20:00 | Win2K-f | 60.248.45.145 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.43:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 57ce4acac2 [Firefox:268 hits: 06-17 to 10-13] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:34:00 | WinXP | 24.86.107.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:38:00 | Win2K-f | 204.214.131.156 (-): AAFES/BARRACKS, ELMWOOD, NEBRASKA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:38:00 | WinXP | 81.198.36.77 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1864d38f96 NEW |
none[none] | none:none |
none|none | none | none |
| 14:46:00 | WinXP | 64.139.115.69 (NCIDATA.COM): NCI DATA.COM INC, SAN JOSE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 14:49:00 | WinXP | 117.99.15.92 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org AT:graz.at.eu.undernet.org SE:vancouver.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org US:lia.zanet.net :gaspode.zanet.org.za SE:coins.dal.net :washington.dc.us.undernet.org :caen.fr.eu.undernet.org :lulea.se.eu.undernet.org SE:ced.dal.net NL:diemen.nl.eu.undernet.org SE:qis.md.us.dal.net SE:broadway.ny.us.dal.net SE:viking.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:08:00 | WinXP | 24.80.118.46 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 603 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:15:00 | WinXP | 190.245.33.99 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox: 9 hits: 10-03 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 15:20:00 | Win2K-f | 98.141.160.48 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:31:00 | Win2K-f | 98.25.104.141 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:31:00 | WinXP | 75.42.80.180 (SBCGLOBAL.NET): PPPOX POOL - BRAS5.SCRMCA 090106-1000, US. (DSL) |
n/a | :www.google.com.au US:www.altavista.com :jbeegvia.ru NL:www.viruslist.com US:www.worldbank.org :yoiayoi.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:42 hits: 04-18 to 10-08] |
none[3] | none:none |
tElock| | none | trace |
| 15:42:00 | Win2K-f | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 | fe22b8315f [Firefox:10 hits: 06-19 to 10-05] |
none[4] | none:none |
StarForce| | none | trace | |
| 15:44:00 | WinXP | 69.105.236.92 (-): DICK SGARLATO, SAN FRANCISCO, CALIFORNIA, US. (100Mbps) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
irc 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:12 hits: 08-01 to 10-12] dc92683d9a [Firefox:19 hits: 06-19 to 10-12] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| 15:48:00 | WinXP | 72.174.152.120 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:49:00 | WinXP | 72.174.152.120 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:53:00 | WinXP | 75.119.117.230 (-): . |
n/a | US:www.altavista.com US:www.yahoo.com :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 8 hits: 09-26 to 10-09] |
none[none] | none:none |
none|none | none | none |
| T:15:53:00 | WinXP | 96.15.135.38 (-): . |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:578 hits: 01-01 to 10-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:11:00 | WinXP | 204.116.78.127 (SPIRITTELECOM.COM): KLERK'S PLASTIC PRODUCTS MFGG INC, CHESTER, SOUTH CAROLINA, US. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 151 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 32 of 36 |
05688324d2 NEW db34e6277c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:26:00 | WinXP | 189.49.64.90 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:23 hits: 09-14 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:16:27:00 | WinXP | 189.49.64.90 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | cdf8cd94a9 [Firefox:23 hits: 09-14 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 16:33:00 | WinXP | 4.152.147.156 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RALEIGH, NORTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:35:00 | WinXP | 79.138.165.179 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 2 hits: 10-12 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:16:49:00 | WinXP | 172.164.126.133 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 156 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 0 of 33 |
0474b4b09f [Firefox: 5 hits: 09-24 to 10-07] 1c3210698a [Firefox: 6 hits: 07-13 to 10-07] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 17:08:00 | Win2K-f | 4.227.29.233 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TEMPLE, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
07fabc79ef [Firefox:21 hits: 06-19 to 10-10] 53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] b5919931fe [Firefox:842 hits: 06-20 to 10-13] |
07fabc79ef [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 17:10:00 | WinXP | 68.149.145.68 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 5 hits: 09-21 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:17:24:00 | WinXP | 212.27.3.171 (-): MLIFENET, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:162 hits: 01-03 to 10-12] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:33:00 | WinXP | 72.215.49.205 (COX.NET): COX COMMUNICATIONS, BRISTOL, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:36:00 | WinXP | 212.200.177.31 (ODISEJ-VRRPP.TELEKOM.YU): TELEKOM SRBIJA, CS. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:162 hits: 01-03 to 10-12] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:36:00 | WinXP | 98.121.141.7 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:56 hits: 01-02 to 10-13] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:48:00 | WinXP | 122.52.89.238 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
http irc 149 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 33 |
16874933ea [Firefox:53 hits: 06-18 to 10-12] 76ee340669 [Firefox:53 hits: 06-18 to 10-12] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
16874933ea [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| FSG| |
lines=82 none lines=92 |
trace trace trace |
| T:17:50:00 | WinXP | 208.100.240.217 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:104 hits: 01-14 to 10-13] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:18:11:00 | Win2K-f | 70.79.6.99 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
irc 169 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
6f64f9065d NEW fec2f7360e NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:11:00 | WinXP | 116.0.195.3 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:468 hits: 01-05 to 10-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:18:12:00 | WinXP | 222.85.219.71 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, GUIZHOU, GUIZHOU, CN. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad DE:ebookfinaltrash.ru US:208.73.210.32:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:578 hits: 01-01 to 10-13] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 18:16:00 | WinXP | 71.109.58.47 (VERIZON.NET): VERIZON INTERNET SERVICES INC, COVINA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:35:00 | WinXP | 222.85.219.71 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, GUIZHOU, GUIZHOU, CN. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
0e768e6eda NEW a12cab51ef [Firefox:578 hits: 01-01 to 10-13] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:18:37:00 | Win2K-f | 71.181.241.249 (VERIZON.NET): VERIZON INTERNET SERVICES INC, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:42:00 | WinXP | 69.108.113.156 (PACBELL.NET): IRVNCA INTERNAL, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:185 hits: 01-01 to 10-11] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 18:54:00 | WinXP | 79.138.165.179 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 2 hits: 10-12 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:18:58:00 | WinXP | 4.175.255.45 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PHILADELPHIA, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 19:00:00 | WinXP | 12.219.244.164 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] b7082104e4 [Firefox:201 hits: 06-18 to 10-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 19:18:00 | WinXP | 211.124.220.170 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:21:00 | WinXP | 122.146.224.225 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:23:00 | WinXP | 75.62.0.26 (SBCGLOBAL.NET): PPPOX POOL - RBACK33.SNFC, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:33:00 | WinXP | 76.90.237.41 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 33 | f0b49cdcfc [Firefox:18 hits: 07-04 to 10-07] |
none[none] | none:none |
none|none | none | none |
| T:19:42:00 | Win2K-f | 199.227.45.123 (-): ATLANTA BROADBAND, WESTON, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:49:00 | Win2K-f | 4.164.228.120 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:11:00 | Win2K-f | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:19:00 | WinXP | 24.108.68.177 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:25 hits: 01-11 to 10-06] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| T:20:19:00 | WinXP | 24.108.68.177 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:25 hits: 01-11 to 10-06] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| 20:24:00 | WinXP | 172.129.126.189 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 84 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:28:00 | WinXP | 88.122.149.58 (PPP.TISCALI.FR): TELECOM ITALIA FRANCE BROADBAND POOLS, DIJON, BOURGOGNE, FR. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 32a0d7d0e0 [Firefox:25 hits: 01-11 to 10-06] |
d791762796 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| 20:29:00 | WinXP | 65.24.122.96 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:30:00 | WinXP | 67.150.121.120 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1319 hits: 12-31 to 10-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:41:00 | Win2K-f | 68.145.55.44 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 164 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 |
02c7d786cf NEW d13517ccd4 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:55:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:10 hits: 10-08 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 20:57:00 | Win2K-f | 59.178.205.215 (BOL.NET.IN): MTNL CAT B ISP, DELHI, DELHI, IN. |
115.126.2.121:65520 | 445 | pcap | raw alerts ruleset |
irc 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:04:00 | WinXP | 87.110.66.248 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:25 hits: 01-20 to 10-13] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:07:00 | WinXP | 165.29.122.238 (AR.US): ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK, MONTICELLO, ARKANSAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:12:00 | Win2K-f | 190.25.103.228 (ETB.NET.CO): ETB - COLOMBIA, CO. |
115.126.2.121:65520 | 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:12:00 | WinXP | 201.88.90.218 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 21:23:00 | Win2K-f | 59.93.125.193 (10/24.BSNL.IN): NIB (NATIONAL INTERNET BACKBONE), DELHI, DELHI, IN. (100Mbps) |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn |
445 | pcap | raw alerts ruleset |
irc http 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 36 8 of 36 |
422a8fb939 NEW ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:23:00 | WinXP | 69.154.133.142 (SWBELL.NET): PPPOX POOL - BRAS1 STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | DE:siliconfireware.ru SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com GB:www.chechenpress.co.uk DE:212.227.111.29:80 DE:217.11.54.126:80 GB:217.194.210.198:80 US:66.242.19.44:80 US:72.29.65.216:80 EU:78.47.200.154:80 FI:80.81.183.162:80 SE:88.80.5.157:80 SE:88.80.5.15:80 |
445 | pcap | raw alerts ruleset |
http 54 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | ab5e47bf8d [Firefox:48 hits: 01-02 to 10-13] |
none[3] | none:none |
ASPack| | none | trace |
| 21:32:00 | WinXP | 220.219.249.178 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:468 hits: 01-05 to 10-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:33:00 | WinXP | 211.239.188.81 (-): GNG-LLINE-GNGYEOKSAM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
irc http 118 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 2 of 35 |
686d4ca67b [Firefox:10 hits: 07-08 to 10-13] bcf66a38c8 [Firefox:13 hits: 07-30 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:37:00 | WinXP | 24.144.19.139 (CONWAYCORP.NET): CONWAY CORPORATION, CONWAY, ARKANSAS, US. (DSL) |
n/a | US:daymohk.info :marsho.dk US:www.jamaatshariat.com GB:www.chechenpress.co.uk US:www.bankofmadura.com US:landing.domainsponsor.com US:208.73.210.32:80 US:66.242.19.44:80 US:67.15.211.9:80 US:72.29.65.216:80 FI:80.81.183.162:80 SE:88.80.5.157:80 SE:88.80.5.15:80 |
445 | pcap | raw alerts ruleset |
http http 81 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:40:00 | WinXP | 72.251.35.52 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:33 hits: 09-17 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:21:44:00 | WinXP | 4.174.182.232 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:52:00 | Win2K-f | 24.97.206.182 (RR.COM): ROAD RUNNER HOLDCO LLC, WOODSTOCK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.126.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 260 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 6 hits: 09-12 to 10-10] d8cf9fc784 [Firefox: 6 hits: 09-12 to 10-10] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:00:00 | Win2K-f | 98.140.228.220 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:09:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
irc 332 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | 119cdb01eb [Firefox: 2 hits: 10-11 to 10-12] |
none[none] | none:none |
none|none | none | none |
| T:22:13:00 | WinXP | 76.168.41.1 (RR.COM): ROAD RUNNER HOLDCO LLC, WEST HOLLYWOOD, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1319 hits: 12-31 to 10-13] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:22:00 | WinXP | 75.42.85.9 (SBCGLOBAL.NET): PPPOX POOL - BRAS5.SCRMCA 090106-1000, US. (DSL) |
n/a | :www.google.com.au US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:42 hits: 04-18 to 10-08] |
none[3] | none:none |
tElock| | none | trace |
| T:22:34:00 | Win2K-f | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:39:00 | Win2K-f | 70.183.165.173 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com DE:kitroneza.cn US:do-make-progress.com US:xpas-2009.com 115.126.2.110:80 US:208.111.148.219:80 US:208.111.148.226:80 US:208.73.210.32:80 |
135 | pcap | raw alerts ruleset |
irc http 132 lines |
Yeah : 1.8 profile |
none | summary tarball |
13 of 36 8 of 36 34 of 36 28 of 33 |
0769bef269 NEW ac9e444ce0 [Firefox: 2 hits: 10-13 to 10-13] da00a8e7a1 [Firefox:27 hits: 08-05 to 10-11] f685f8e027 [Firefox:31 hits: 06-18 to 10-11] |
none[none] none [none] none [none] f685f8e027[1] |
none:none none:none none:none ASM:Graph |
none|none none|none none|none Armadillo| |
none none none lines=82 |
none none none trace |
| 22:43:00 | WinXP | 71.100.163.168 (VERIZON.NET): VERIZON INTERNET SERVICES INC, VALRICO, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:49:00 | WinXP | 71.111.158.65 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] a08f3b74a4 [Firefox:1133 hits: 06-18 to 10-13] e07c29c4ae [Firefox:621 hits: 06-19 to 10-13] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:23:06:00 | WinXP | 61.223.250.78 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:06:00 | WinXP | 61.223.250.78 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:746 hits: 12-31 to 10-13] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:35:00 | Win2K-f | 172.163.191.206 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3172 hits: 06-17 to 10-13] 73f1082158 [Firefox:1547 hits: 06-18 to 10-13] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:43:00 | WinXP | 193.250.134.44 (ABO.WANADOO.FR): IP2000-ADSL-BAS, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:466 hits: 12-31 to 10-13] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:49:00 | Win2K-f | 24.78.166.33 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 916 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 35 | 7e4789cda6 NEW |
none[none] | none:none |
none|none | none | none |