|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:08:00 | WinXP | 60.248.127.22 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 14407d927b NEW |
none[none] | none:none |
none|none | none | none |
| T:00:17:00 | WinXP | 114.48.150.223 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ec0ea881ab NEW |
none[none] | none:none |
none|none | none | none |
| 00:24:00 | Win2K-f | 24.234.132.171 (COX.NET): COX COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1149 hits: 06-18 to 10-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:26:00 | Win2K-f | 116.127.144.38 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
irc 140 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 34 of 35 |
2ef9098242 [Firefox: 3 hits: 07-05 to 09-29] ac8612c1dc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:46:00 | WinXP | 4.236.117.16 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROOKLYN, NEW YORK, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:00:56:00 | Win2K-f | 70.71.244.4 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:15:00 | WinXP | 87.57.60.28 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 269752b9b6 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:16:00 | WinXP | 87.57.60.28 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 269752b9b6 NEW |
none[none] | none:none |
none|none | none | none |
| 01:16:00 | Win2K-f | 66.54.114.13 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] b5919931fe [Firefox:848 hits: 06-20 to 10-14] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:01:43:00 | WinXP | 79.138.177.104 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 01:52:00 | Win2K-f | 64.183.248.121 (RR.COM): ROAD RUNNER HOLDCO LLC, DESOTO, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 633 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 36 | c5dee159d0 [Firefox: 2 hits: 10-07 to 10-11] |
none[none] | none:none |
none|none | none | none | |
| T:02:05:00 | WinXP | 69.121.161.229 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), STRATFORD, CONNECTICUT, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:27:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:469 hits: 12-31 to 10-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:35:00 | WinXP | 212.106.27.212 (POLBOX.PL): POLBOX, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox: 7 hits: 09-29 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:02:35:00 | Win2K-f | 172.190.128.25 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:43:00 | WinXP | 62.11.116.100 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:279 hits: 01-01 to 10-14] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:02:52:00 | WinXP | 88.178.131.153 (PROXAD.NET): PROXAD / FREE SAS, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d0d92d58c3 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:55:00 | WinXP | 84.73.35.70 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 152f4c79b5 [Firefox: 2 hits: 10-12 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 03:13:00 | WinXP | 88.170.70.155 (PROXAD.NET): PROXAD / FREE SAS, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | fee215afd0 [Firefox: 3 hits: 09-26 to 10-01] |
none[none] | none:none |
none|none | none | none |
| T:03:14:00 | WinXP | 220.110.193.42 (E-AIDMA.CO.JP): AIDMA CO. LTD, JP. (100Mbps) |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| 03:33:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:33:00 | WinXP | 87.60.4.44 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:279 hits: 01-01 to 10-14] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 03:36:00 | WinXP | 220.239.3.241 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 335 lines |
Yeah : 1.3 profile |
none | summary tarball |
5 of 36 | c5dee159d0 [Firefox: 2 hits: 10-07 to 10-11] |
none[none] | none:none |
none|none | none | none | |
| T:03:37:00 | WinXP | 62.40.48.202 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7e6e770f9e NEW |
none[none] | none:none |
none|none | none | none |
| 03:44:00 | Win2K-f | 123.237.114.206 (-): RELIANCE INFOCOMM LIMITED, MUMBAI, MAHARASHTRA, IN. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.215:80 US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] b5919931fe [Firefox:848 hits: 06-20 to 10-14] b7082104e4 [Firefox:202 hits: 06-18 to 10-14] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 03:56:00 | WinXP | 83.94.168.64 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org SE:ced.dal.net SE:ozbytes.dal.net :los-angeles.ca.us.undernet.org :caen.fr.eu.undernet.org SE:vancouver.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 8 hits: 10-03 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 04:00:00 | WinXP | 202.134.243.245 (AINS.NET.AU): AINS INTERNET SERVICE PROVIDER, MELBOURNE, VICTORIA, AU. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a3d4d26e6e NEW |
none[none] | none:none |
none|none | none | none |
| 04:05:00 | WinXP | 92.41.149.109 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 53 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 31 | 85597d85c0 [Firefox: 4 hits: 04-29 to 09-26] |
f00f427b94 [0] | ASM:Graph |
PolyEnE| | lines=265 embedded dns |
trace |
| 04:30:00 | WinXP | 203.91.185.220 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.47.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1149 hits: 06-18 to 10-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:30:00 | WinXP | 117.99.11.159 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 NEW |
none[none] | none:none |
none|none | none | none |
| 04:37:00 | WinXP | 81.84.92.147 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, BRAGA, BRAGA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | dd7ee16b8d NEW |
none[none] | none:none |
none|none | none | none |
| T:04:48:00 | WinXP | 116.123.42.88 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 |
135 | pcap | raw alerts ruleset |
irc http 102 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:167 hits: 06-17 to 10-14] 4c3df24b32 [Firefox:220 hits: 06-17 to 10-13] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:04:48:00 | WinXP | 4.154.52.108 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WEAVERVILLE, NORTH CAROLINA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:06:00 | WinXP | 122.131.212.234 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:607 hits: 01-01 to 10-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:11:00 | WinXP | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:26:00 | WinXP | 210.5.92.186 (PLDT.NET): IPG, MANILA, MANILA, PH. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:05:27:00 | Win2K-f | 172.162.173.241 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 130 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
0474b4b09f [Firefox: 6 hits: 09-24 to 10-14] 1c3210698a [Firefox: 7 hits: 07-13 to 10-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:38:00 | WinXP | 119.92.223.129 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru :fleshkatera.cn UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 8ab97fa54d NEW |
none[none] | none:none |
none|none | none | none |
| T:05:39:00 | WinXP | 88.8.180.134 (RIMA-TDE.NET): TELEFONICA DE ESPANA, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 8 hits: 09-12 to 10-01] |
none[none] | none:none |
none|none | none | none |
| 05:41:00 | WinXP | 124.81.152.113 (CARSURIN.COM): PT INDOSAT MEGA MEDIA, ID. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:26 hits: 09-17 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 05:49:00 | WinXP | 83.29.111.254 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:52:00 | WinXP | 83.29.111.254 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:11:00 | WinXP | 89.41.47.63 (-): SC WINDMOB SERV SRL, PLOIESTI, PRAHOVA, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 91dfbd2049 NEW |
none[none] | none:none |
none|none | none | none |
| 06:11:00 | WinXP | 117.99.41.148 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:12:00 | WinXP | 117.99.41.148 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:19:00 | WinXP | 116.127.124.41 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http irc 156 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 31 of 33 0 of 33 |
87bd0a062f [Firefox: 9 hits: 06-29 to 09-21] c7d6018f97 [Firefox: 9 hits: 06-29 to 09-21] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 06:20:00 | WinXP | 41.214.166.153 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:34 hits: 09-17 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:07:11:00 | WinXP | 62.11.118.7 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:208.73.210.32:80 DE:212.227.111.29:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:279 hits: 01-01 to 10-14] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:07:25:00 | WinXP | 89.41.89.8 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | caf7b0fa3d NEW |
none[none] | none:none |
none|none | none | none |
| 07:26:00 | WinXP | 91.65.241.74 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox: 4 hits: 10-11 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:07:26:00 | WinXP | 91.65.241.74 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox: 4 hits: 10-11 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:07:27:00 | Win2K-f | 71.189.119.92 (-): LINDA LIU, ONTARIO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1149 hits: 06-18 to 10-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:43:00 | Win2K-f | 24.78.173.52 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.41:80 US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:15 hits: 09-12 to 10-11] 321f4fc27d [Firefox:15 hits: 09-12 to 10-11] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:03:00 | WinXP | 24.88.101.110 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:469 hits: 12-31 to 10-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:20:00 | WinXP | 77.37.157.142 (NCNET.RU): NCN-INFRA, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:12 hits: 10-03 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 08:51:00 | Win2K-f | 70.182.91.221 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
irc 309 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | 119cdb01eb [Firefox: 3 hits: 10-11 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 09:04:00 | Win2K-f | 170.51.147.96 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
115.126.2.121:65520 | 445 | pcap | raw alerts ruleset |
irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:05:00 | WinXP | 151.54.127.204 (38-151.NET24.IT): IUNET-BNET, PERUGIA, UMBRIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 18c7040ea0 [Firefox: 4 hits: 09-15 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 09:29:00 | WinXP | 124.241.147.249 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.37.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] b7082104e4 [Firefox:202 hits: 06-18 to 10-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:36:00 | Win2K-f | 203.73.84.160 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.126.124:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 57ce4acac2 [Firefox:270 hits: 06-17 to 10-14] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:38:00 | WinXP | 85.122.43.11 (RNC.RO): RNC, RO. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | dd7ee16b8d NEW |
none[none] | none:none |
none|none | none | none |
| T:09:57:00 | WinXP | 79.53.142.218 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 566fdd98dd NEW |
none[none] | none:none |
none|none | none | none |
| 09:58:00 | WinXP | 79.53.142.218 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 566fdd98dd NEW |
none[none] | none:none |
none|none | none | none |
| 10:00:00 | Win2K-f | 24.69.97.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 36 |
090753e602 NEW 79595a71bb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:03:00 | WinXP | 64.139.99.92 (NCIDATA.COM): NCI DATA.COM INC, BREWSTER, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 36 33 of 33 0 of 32 |
44d6655e08 NEW 53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[none] none [4] 73f1082158[1] |
none:none none:none ASM:Graph |
none|none tElock| Armadillo| |
none none lines=81 |
none trace trace |
| 10:11:00 | WinXP | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 57ce4acac2 [Firefox:270 hits: 06-17 to 10-14] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:23:00 | Win2K-f | 204.116.78.245 (SPIRITTELECOM.COM): KLERK'S PLASTIC PRODUCTS MFGG INC, CHESTER, SOUTH CAROLINA, US. (DSL) |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 115.126.2.121:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
irc 116 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 32 of 36 |
05688324d2 [Firefox: 2 hits: 10-13 to 10-14] db34e6277c [Firefox: 2 hits: 10-13 to 10-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:32:00 | WinXP | 69.85.106.130 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:36:00 | WinXP | 89.152.217.82 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 33 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 5a6eafb317 [Firefox: 2 hits: 10-09 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 10:39:00 | WinXP | 4.159.77.191 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | US:www.yahoo.com :www.google.com.au :jbeegvia.ru EU:crutop.nu US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :uvjiis.ru :wpad :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru US:crime-research.ru :kfwfceki.ru :nhuwxyuw.ru RU:alfabank.ru :udluzuq.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| T:10:40:00 | WinXP | 4.159.77.191 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| 10:45:00 | WinXP | 85.139.105.227 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 773d39f53b NEW |
none[none] | none:none |
none|none | none | none |
| T:10:53:00 | WinXP | 87.113.16.249 (PLUS.NET): FORCE, LONDON, ENGLAND, UK. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:58:00 | Win2K-f | 83.56.170.29 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2005070725), MADRID, MADRID, ES. |
115.126.2.121:65520 | 445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:00:00 | WinXP | 4.159.77.235 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | US:www.altavista.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| T:11:04:00 | WinXP | 4.159.77.235 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEVELAND, OHIO, US. (DIAL) |
n/a | :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| T:11:05:00 | WinXP | 71.181.175.239 (VERIZON.NET): VERIZON INTERNET SERVICES INC, KINGSTON, PENNSYLVANIA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:05:00 | WinXP | 24.164.52.187 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:09:00 | WinXP | 92.49.195.139 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:469 hits: 12-31 to 10-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:11:25:00 | WinXP | 89.179.68.221 (CORBINA.RU): INVESTELEKTROSVIAZ LTD, RU. |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com :wpad :proxim.ircgalaxy.pl US:do-make-progress.com US:xpas-2009.com DE:kitroneza.cn **:169.254.25.129:7920 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
irc http 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 36 17 of 36 |
ac9e444ce0 [Firefox: 8 hits: 10-13 to 10-14] cdf9452017 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:33:00 | WinXP | 117.99.22.209 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 2f746ab765 NEW |
none[none] | none:none |
none|none | none | none |
| 11:45:00 | WinXP | 24.84.212.85 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:607 hits: 01-01 to 10-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:52:00 | WinXP | 81.181.83.132 (AIRBITES.RO): SC ISP TOPALL SRL, RO. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4aeb3ad750 NEW |
none[none] | none:none |
none|none | none | none |
| 12:00:00 | Win2K-f | 67.151.175.130 (-): LOGIMEDIX, HOLLYWOOD, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1149 hits: 06-18 to 10-14] b5919931fe [Firefox:848 hits: 06-20 to 10-14] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:12:07:00 | WinXP | 218.170.26.252 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:34:00 | Win2K-f | 63.28.40.188 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:37:00 | WinXP | 77.78.190.93 (-): LULIN-NET, BG. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:59 hits: 09-13 to 10-14] |
none[none] | none:none |
none|none | none | none | |
| 12:40:00 | WinXP | 97.66.80.246 (DELTACOM.NET): ITC^DELTACOM, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:49:00 | WinXP | 68.145.226.217 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:51:00 | WinXP | 190.138.216.45 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:26 hits: 09-17 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 13:02:00 | WinXP | 219.99.113.208 (YOURNET.NE.JP): FREEBIT CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 13:07:00 | WinXP | 117.99.28.242 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 0450aec44f NEW |
none[none] | none:none |
none|none | none | none |
| T:13:16:00 | WinXP | 87.18.202.219 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, PISA, TOSCANA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3e085673e6 NEW |
none[none] | none:none |
none|none | none | none |
| 13:35:00 | WinXP | 212.205.247.72 (OTENET.GR): MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS, ATHENS, ATTIKI, GR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:170 hits: 01-08 to 10-14] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:13:46:00 | WinXP | 200.165.240.224 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:141 hits: 01-01 to 10-03] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:14:07:00 | WinXP | 186.9.118.209 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:59 hits: 09-13 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 14:08:00 | WinXP | 87.247.111.3 (-): MIKROVISATA, LT. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a917b38976 NEW |
none[none] | none:none |
none|none | none | none |
| 14:09:00 | WinXP | 79.163.195.250 (-): IDEA, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox: 4 hits: 10-11 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:14:27:00 | WinXP | 84.73.210.32 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | d28bf8aa1a [Firefox: 8 hits: 09-12 to 10-01] |
none[none] | none:none |
none|none | none | none |
| T:14:32:00 | WinXP | 87.205.187.9 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b [Firefox: 2 hits: 10-07 to 10-07] |
none[none] | none:none |
none|none | none | none |
| 14:34:00 | WinXP | 87.205.187.9 (INETIA.PL): INTERNETIA, PL. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b [Firefox: 2 hits: 10-07 to 10-07] |
none[none] | none:none |
none|none | none | none |
| 14:36:00 | WinXP | 72.251.35.170 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 9 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:34 hits: 09-17 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:14:41:00 | Win2K-f | 63.17.192.77 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:46:00 | Win2K-f | 4.90.11.109 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RUSK, TEXAS, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:51:00 | WinXP | 24.189.30.113 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:206.33.45.125:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:05:00 | WinXP | 24.81.176.51 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:18:00 | Win2K-f | 63.28.60.173 (UU.NET): UUNET TECHNOLOGIES INC, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.220.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:21:00 | WinXP | 4.249.210.4 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:15:35:00 | WinXP | 209.29.94.81 (TELUS.COM): TELUS COMMUNICATIONS INC, TORONTO, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:40:00 | WinXP | 64.38.67.153 (SPEAKEASY.NET): US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 45d3b6bd28 NEW |
none[none] | none:none |
none|none | none | none |
| 15:41:00 | Win2K-f | 72.51.202.220 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 708 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 80de3bee9a NEW |
none[none] | none:none |
none|none | none | none | |
| 15:44:00 | WinXP | 208.83.218.116 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:47 hits: 08-09 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:15:44:00 | WinXP | 208.83.218.116 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:47 hits: 08-09 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 15:50:00 | WinXP | 63.25.63.237 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:15:53:00 | Win2K-f | 67.212.60.132 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:55:00 | WinXP | 75.42.69.113 (-): PPPOX POOL - BRAS5.SCRMCA, PLANO, TEXAS, US. |
n/a | US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:44 hits: 04-18 to 10-14] |
none[3] | none:none |
tElock| | none | trace |
| 16:07:00 | WinXP | 68.149.229.221 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ad2059afe4 NEW |
none[none] | none:none |
none|none | none | none |
| 16:10:00 | WinXP | 189.122.92.174 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 NEW |
none[none] | none:none |
none|none | none | none |
| 16:20:00 | WinXP | 208.83.218.3 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:47 hits: 08-09 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:16:25:00 | WinXP | 41.214.166.249 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:40:00 | WinXP | 173.89.16.98 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f592d52f3c [Firefox: 6 hits: 01-06 to 10-08] |
85a7174aed [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| T:16:47:00 | WinXP | 4.155.18.87 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BALTIMORE, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:57:00 | WinXP | 4.155.18.87 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BALTIMORE, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:58:00 | WinXP | 66.52.225.59 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, SEATTLE, WASHINGTON, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 36 | 1c29f5598e NEW |
none[none] | none:none |
none|none | none | none | |
| 17:06:00 | Win2K-f | 4.182.3.128 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN JOSE, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 359 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 | b2aa60cb38 [Firefox: 3 hits: 07-11 to 10-13] |
none[none] | none:none |
none|none | none | none | |
| 17:16:00 | Win2K-f | 69.216.120.145 (AMERITECH.NET): PPPOX POOL - RBACK5 SFLDMI, DETROIT, MICHIGAN, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 62 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] b7082104e4 [Firefox:202 hits: 06-18 to 10-14] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 17:17:00 | WinXP | 77.37.157.142 (NCNET.RU): NCN-INFRA, RU. |
n/a | UA:citi-bank.ru :adult-empire.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:12 hits: 10-03 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:17:32:00 | WinXP | 70.75.95.114 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d526bf5a3f [Firefox: 2 hits: 10-12 to 10-12] |
none[none] | none:none |
none|none | none | none |
| 17:33:00 | WinXP | 206.188.64.78 (CIA.COM): CYBERSURF INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:17:41:00 | Win2K-f | 68.144.24.135 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 22 of 36 |
1eacab1cc9 [Firefox: 2 hits: 09-28 to 09-30] d43f7bdb88 [Firefox: 2 hits: 09-28 to 09-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:48:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 106 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 31 of 33 31 of 33 |
b5919931fe [Firefox:848 hits: 06-20 to 10-14] b74e792974 [Firefox:12 hits: 06-18 to 10-09] f0e73c39a8 [Firefox:13 hits: 06-18 to 10-09] |
b5919931fe [1] b74e792974[1] none [4] |
ASM:Graph ASM:Graph none:none |
ASProtect| Armadillo| tElock| |
lines=90 lines=82 none |
trace trace trace |
| T:18:05:00 | Win2K-f | 190.64.197.50 (ANTELDATA.NET.UY): ADMINISTRACION NACIONAL DE TELECOMUNICACIONES, MONTEVIDEO, MONTEVIDEO, UY. (DIAL) |
115.126.2.121:65520 | :fleshkatera.cn :proxima.ircgalaxy.pl |
445 | pcap | raw alerts ruleset |
irc http 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:09:00 | Win2K-f | 24.78.166.33 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 676 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 2d5d209026 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:28:00 | WinXP | 4.233.194.138 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 32 | 8ad3105462 [Firefox: 4 hits: 01-10 to 08-09] |
none[4] | none:none |
none|none | none | trace | |
| T:18:45:00 | WinXP | 41.214.174.92 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:13 hits: 10-08 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 19:00:00 | WinXP | 190.139.6.92 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f9e03b93bc [Firefox: 6 hits: 10-09 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 19:05:00 | WinXP | 59.51.224.130 (AGENT1.GZ.CN): CHINANET GUIZHOU PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com EU:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 18 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
37e444055e NEW a12cab51ef [Firefox:581 hits: 01-01 to 10-14] |
none[none] 40f7f463c4[0] |
none:none ASM:Graph |
none|none ASPack| |
none lines=281 embedded dns |
none trace |
| T:19:07:00 | WinXP | 4.233.194.138 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:469 hits: 12-31 to 10-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:08:00 | Win2K-f | 4.174.180.174 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1149 hits: 06-18 to 10-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:10:00 | WinXP | 117.99.11.149 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:10:00 | WinXP | 117.99.11.149 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:11:00 | Win2K-f | 74.211.3.80 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] b5919931fe [Firefox:848 hits: 06-20 to 10-14] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 19:14:00 | Win2K-f | 220.130.83.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:270 hits: 06-17 to 10-14] 83f26f5044 [Firefox:27 hits: 06-20 to 10-09] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:19:17:00 | WinXP | 116.59.179.96 (-): MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 NEW |
none[none] | none:none |
none|none | none | none |
| 19:44:00 | Win2K-f | 4.137.14.102 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WEDOWEE, ALABAMA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:52:00 | WinXP | 72.51.217.142 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.53.125:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 253 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 7 hits: 09-12 to 10-14] d8cf9fc784 [Firefox: 7 hits: 09-12 to 10-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:53:00 | WinXP | 76.247.105.136 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:170 hits: 01-08 to 10-14] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 20:01:00 | WinXP | 4.137.67.99 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn DE:kitroneza.cn US:do-scan-progress.com US:xpas-2009.com :wpad DE:rushprotect.net DE:prxw.com US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http irc 279 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 17 of 36 32 of 36 8 of 36 0 of 33 |
0b365762ee NEW 24984f7b74 NEW 732b917369 NEW ac9e444ce0 [Firefox: 8 hits: 10-13 to 10-14] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[none] none [none] none [none] none [none] e07c29c4ae[1] |
none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none FSG| |
none none none none lines=92 |
none none none none trace |
| T:20:08:00 | WinXP | 76.8.206.20 (-): CENTENNIAL I, PROVO, UTAH, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:13 hits: 10-08 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 20:09:00 | WinXP | 76.8.206.20 (-): CENTENNIAL I, PROVO, UTAH, US. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net :flanders.be.eu.undernet.org SE:qis.md.us.dal.net SE:coins.dal.net SE:vancouver.dal.net NO:london.uk.eu.undernet.org :washington.dc.us.undernet.org :brussels.be.eu.undernet.org SE:broadway.ny.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:13 hits: 10-08 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 20:13:00 | Win2K-f | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:20:27:00 | WinXP | 67.11.54.220 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:47 hits: 08-09 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:20:43:00 | WinXP | 63.25.254.156 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:471 hits: 01-05 to 10-14] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:20:46:00 | WinXP | 130.13.61.106 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
irc 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 32 |
7f66e51c85 [Firefox:12 hits: 07-11 to 10-09] 9d12fe9d3b [Firefox:13 hits: 07-11 to 10-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:52:00 | Win2K-f | 220.128.125.227 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:270 hits: 06-17 to 10-14] 83f26f5044 [Firefox:27 hits: 06-20 to 10-09] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 21:03:00 | WinXP | 66.50.2.29 (PRTC.NET): PRTC RAS, SAN JUAN, PUERTO RICO, PR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f987501929 NEW |
none[none] | none:none |
none|none | none | none |
| 21:07:00 | Win2K-f | 130.13.61.106 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com US:xpas-2009.com DE:kitroneza.cn 115.126.2.121:65520 US:208.111.173.41:80 |
135 | pcap | raw alerts ruleset |
irc http 152 lines |
Yeah : 1.8 profile |
none | summary tarball |
17 of 36 32 of 33 29 of 32 17 of 36 8 of 36 |
4a135d579d NEW 7f66e51c85 [Firefox:12 hits: 07-11 to 10-09] 9d12fe9d3b [Firefox:13 hits: 07-11 to 10-09] aa0be4fd00 NEW ac9e444ce0 [Firefox: 8 hits: 10-13 to 10-14] |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:21:33:00 | WinXP | 210.213.85.2 (PLDTVIBE.COM): VIBE, MANILA, MANILA, PH. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:15:00 | WinXP | 117.99.30.87 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:15:00 | WinXP | 117.99.30.87 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1323 hits: 12-31 to 10-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:19:00 | WinXP | 92.114.177.40 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 69cd2fb036 NEW |
none[none] | none:none |
none|none | none | none |
| 22:19:00 | WinXP | 92.114.177.40 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 69cd2fb036 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:34:00 | WinXP | 97.90.138.119 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3206 hits: 06-17 to 10-14] 73f1082158 [Firefox:1563 hits: 06-18 to 10-14] e07c29c4ae [Firefox:634 hits: 06-19 to 10-14] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:22:35:00 | WinXP | 117.99.41.226 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:43:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:13 hits: 10-08 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:22:43:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:ced.dal.net AT:graz.at.eu.undernet.org US:lia.zanet.net :caen.fr.eu.undernet.org :lulea.se.eu.undernet.org :brussels.be.eu.undernet.org SE:viking.dal.net SE:broadway.ny.us.dal.net SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:13 hits: 10-08 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 23:24:00 | Win2K-f | 24.84.211.155 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 610 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 2 hits: 10-06 to 10-14] |
none[none] | none:none |
none|none | none | none | |
| 23:34:00 | WinXP | 66.8.200.167 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:57 hits: 01-02 to 10-14] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:37:00 | WinXP | 221.171.41.120 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:607 hits: 01-01 to 10-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:48:00 | WinXP | 117.99.59.194 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:755 hits: 12-31 to 10-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:23:52:00 | WinXP | 96.48.158.18 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 726638fb22 [Firefox: 3 hits: 09-19 to 09-30] |
none[none] | none:none |
none|none | none | none |
| T:23:52:00 | WinXP | 218.216.93.138 (NIIGATA-U.AC.JP): JAPAN NETWORK INFORMATION CENTER, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:607 hits: 01-01 to 10-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace |