|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:05:00 | WinXP | 62.11.118.8 (DIALUP.TISCALI.IT): TISCALI ITALIA SPA, IT. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad RU:www.bbin.ru DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:06:00 | WinXP | 89.218.219.76 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:07:00 | WinXP | 78.88.79.184 (-): VECTRA TECHNOLOGIE S.A, PL. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:08:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 00:19:00 | Win2K-f | 98.175.153.98 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
irc http 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 0 of 32 |
21222adb41 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 00:35:00 | Win2K-f | 93.81.135.41 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn US:do-scan-progress.com US:xpas-2009.com DE:kitroneza.cn US:205.128.73.126:80 US:8.12.202.125:80 |
445 | pcap | raw alerts ruleset |
irc http 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:00:39:00 | Win2K-f | 71.99.135.99 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:40:00 | WinXP | 97.90.138.119 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:192.221.99.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 00:52:00 | WinXP | 82.67.140.222 (PROXAD.NET): PROXAD / FREE SAS, NANTES, PAYS DE LA LOIRE, FR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:22:00 | WinXP | 87.110.101.100 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:26:00 | WinXP | 207.191.72.121 (XSPEDIUS.NET): XSPEDIUS COMMUNICATIONS CO, LAKE CHARLES, LOUISIANA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 01:30:00 | WinXP | 122.53.51.122 (PLDT.NET): IPG, PH. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:32:00 | WinXP | 207.191.72.121 (XSPEDIUS.NET): XSPEDIUS COMMUNICATIONS CO, LAKE CHARLES, LOUISIANA, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:47:00 | WinXP | 118.231.73.32 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 882 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | cb8817a4f6 NEW |
none[none] | none:none |
none|none | none | none | |
| T:01:47:00 | WinXP | 58.188.135.19 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:52:00 | WinXP | 85.84.45.16 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BILBAO, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:56:00 | Win2K-f | 219.110.139.244 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:17:00 | WinXP | 88.160.136.62 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:02:19:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.236:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:02:20:00 | WinXP | 117.99.51.223 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:27:00 | WinXP | 87.57.182.89 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:59:00 | WinXP | 211.28.40.97 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, MELBOURNE, VICTORIA, AU. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 03:02:00 | WinXP | 87.110.173.160 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org FI:london.uk.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:23:00 | Win2K-f | 115.80.23.14 (-): . |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
irc http 260 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 0 of 32 |
8a9ee9d79a NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 03:32:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 0 of 32 |
4ca3056804 [Firefox: 6 hits: 06-18 to 10-03] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
4ca3056804 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:03:34:00 | WinXP | 125.101.54.39 (UCOM.NE.JP): G-MG0001N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:40:00 | Win2K-f | 93.80.66.33 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 US:204.160.126.126:80 |
445 | pcap | raw alerts ruleset |
http irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:47:00 | WinXP | 82.225.252.117 (PROXAD.NET): PROXAD / FREE SAS, BOULOGNE-BILLANCOURT, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:47:00 | Win2K-f | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
9f65845848 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 03:49:00 | Win2K-f | 151.118.213.99 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
irc http 133 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 0 of 32 |
1a0a66bdb6 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:04:14:00 | Win2K-f | 211.176.9.105 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
irc 109 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 04:28:00 | WinXP | 125.197.218.71 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:30:00 | WinXP | 218.211.207.22 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:33:00 | WinXP | 117.99.62.2 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:39:00 | WinXP | 88.170.218.136 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:13:00 | WinXP | 93.163.56.81 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | GB:welcome3.smile.co.uk EU:siliconfireware.ru :wpad GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:14:00 | WinXP | 92.115.12.58 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:30:00 | WinXP | 218.222.164.10 (DION.NE.JP): DION (KDDI CORPORATION), JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:40:00 | WinXP | 121.84.241.125 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:40:00 | WinXP | 93.184.224.205 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:43:00 | Win2K-f | 117.20.178.252 (KMTCSIN.COM.SG): STARHUB INTERNET PTE LTD, SG. |
n/a | 135 | pcap | raw alerts ruleset |
other 1014 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
1278a026e0 NEW 4f135578d4 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:05:51:00 | WinXP | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0a51831505 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:05:52:00 | Win2K-f | 75.49.18.130 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 06:20:00 | WinXP | 122.133.117.178 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:478 hits: 01-05 to 10-15] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:49:00 | WinXP | 118.8.149.194 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace | |
| 07:01:00 | WinXP | 79.37.145.174 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:02:00 | WinXP | 79.37.145.174 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:07:00 | WinXP | 200.175.192.27 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:08:00 | WinXP | 88.174.215.242 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:16:00 | WinXP | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 71 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace | |
| T:07:27:00 | WinXP | 62.40.54.142 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, DUBLIN, DUBLIN, IE. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:07:58:00 | WinXP | 85.139.98.52 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, OEIRAS, LISBOA, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:00:00 | WinXP | 82.244.64.50 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:08:02:00 | WinXP | 71.153.41.0 (SBCGLOBAL.NET): PPPOX POOL - RBACK4.SPFDMO, SPRINGFIELD, MISSOURI, US. (DSL) |
n/a | RU:moscow-advokat.ru EU:gaz-prom.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:06:00 | WinXP | 122.52.75.194 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn DE:kitroneza.cn US:do-scan-progress.com US:xpas-2009.com :wpad 115.126.2.121:65520 US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
irc http 151 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:54 hits: 06-18 to 10-14] 76ee340669 [Firefox:54 hits: 06-18 to 10-14] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
16874933ea [1] none [4] none [3] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| none|none |
lines=82 none lines=0 |
trace trace trace |
| 08:31:00 | WinXP | 59.190.75.89 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:41:00 | WinXP | 70.240.66.107 (SWBELL.NET): PPPOX POOL - RBACK19 HSTNTX, HOUSTON, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 08:57:00 | Win2K-f | 122.52.76.136 (PLDT.NET): IPG, PH. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:58:00 | WinXP | 92.115.6.17 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:27:00 | WinXP | 122.53.6.192 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:30:00 | WinXP | 190.174.88.236 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:31:00 | WinXP | 190.174.88.236 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 09:44:00 | WinXP | 86.21.205.156 (NTL.COM): NTL INFRASTRUCTURE - NOTTINGHAM, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:09:45:00 | WinXP | 86.21.205.156 (NTL.COM): NTL INFRASTRUCTURE - NOTTINGHAM, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:49:00 | WinXP | 75.143.216.52 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:55:00 | Win2K-f | 61.20.144.224 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 882 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 50df2cd59d NEW |
none[none] | none:none |
none|none | none | none | |
| T:10:04:00 | WinXP | 220.130.83.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
57ce4acac2 [Firefox:274 hits: 06-17 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
57ce4acac2 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:10:09:00 | WinXP | 118.7.134.177 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:19:00 | Win2K-f | 220.130.194.247 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0a51831505 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:10:21:00 | WinXP | 75.34.107.250 (SBCGLOBAL.NET): MOHSEN KHAZIRI DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:205 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| 10:22:00 | WinXP | 63.17.134.151 (UU.NET): UUNET TECHNOLOGIES INC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 10:23:00 | WinXP | 63.27.105.0 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:205 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| 10:39:00 | WinXP | 210.79.129.147 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:53:00 | WinXP | 88.174.215.242 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:09:00 | Win2K-f | 64.26.76.90 (MD.US): SAILOR, HAGERSTOWN, MARYLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 11:11:00 | WinXP | 87.110.29.72 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 11:14:00 | Win2K-f | 172.162.173.241 (AOL.COM): AMERICA ONLINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 none |
1c3210698a [Firefox: 8 hits: 07-13 to 10-15] 82ed4b3a09 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:35:00 | WinXP | 83.97.134.240 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:42:00 | WinXP | 189.48.163.183 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:43:00 | WinXP | 189.48.163.183 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:46:00 | Win2K-f | 68.126.242.240 (PACBELL.NET): AT&T INTERNET SERVICES, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:11:52:00 | WinXP | 12.73.241.74 (ATT.NET): AT&T WORLDNET SERVICES, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:06:00 | Win2K-f | 66.54.114.13 (DIGICELBROADBAND.COM): DIGICEL JAMAICA, KINGSTON, KINGSTON, JM. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
6814696aea NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 12:07:00 | WinXP | 67.150.4.177 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | RU:www.bbin.ru RU:www.binbank.ru :wpad |
445 | pcap | raw alerts ruleset |
http http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:10:00 | WinXP | 92.114.177.234 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:18:00 | WinXP | 77.37.145.176 (NCNET.RU): NCN-INFRA, RU. |
n/a | US:www.altavista.com :jbeegvia.ru US:www.worldbank.org SE:kavkaz.tv :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :wpad :ryryodokm.ru :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:21:00 | WinXP | 84.73.33.207 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 12:22:00 | Win2K-f | 209.254.117.90 (MCLEODUSA.NET): MCLEODUSA INCORPORATED, AURORA, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 12:25:00 | WinXP | 87.116.204.104 (TNP.PL): NETWORK OF INTERNET SERVICE PROVIDER, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:12:27:00 | WinXP | 82.66.70.180 (PROXAD.NET): PROXAD / FREE SAS, TOULOUSE, MIDI-PYRENEES, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:29:00 | Win2K-f | 64.130.159.103 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.201.126:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:205 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| 12:36:00 | WinXP | 83.95.126.2 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, VEDBAEK, COPENHAGEN, DK. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:44:00 | WinXP | 117.99.40.230 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:50:00 | WinXP | 92.40.87.131 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:52:00 | WinXP | 67.11.54.109 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 12:57:00 | WinXP | 87.110.71.185 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:00:00 | WinXP | 94.79.66.40 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:03:00 | WinXP | 78.55.224.155 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:04:00 | WinXP | 217.249.218.179 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MUNICH, BAYERN, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:09:00 | WinXP | 151.67.23.39 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1331 hits: 12-31 to 10-15] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:27:00 | WinXP | 68.204.137.110 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW SMYRNA BEACH, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:37:00 | Win2K-f | 76.161.74.152 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
a08f3b74a4 [Firefox:1154 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
a08f3b74a4 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 13:48:00 | Win2K-f | 72.215.54.126 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.46:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 13:57:00 | Win2K-f | 71.79.78.34 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTERVILLE, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 13:58:00 | Win2K-f | 68.150.153.26 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LEDUC, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 14:10:00 | Win2K-f | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
8f1baa2795 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 14:18:00 | Win2K-f | 98.140.228.220 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:22:00 | WinXP | 75.143.205.40 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:23:00 | WinXP | 75.143.205.40 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:14:28:00 | WinXP | 41.214.179.254 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:32:00 | Win2K-f | 98.141.160.84 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:35:00 | WinXP | 190.245.245.201 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:14:51:00 | WinXP | 72.251.74.149 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:15:07:00 | WinXP | 204.193.223.82 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:09:00 | WinXP | 66.53.211.206 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:11:00 | WinXP | 204.193.221.84 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:26:00 | WinXP | 71.99.135.99 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ST. PETERSBURG, FLORIDA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:29:00 | WinXP | 70.44.33.195 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:35:00 | WinXP | 189.48.163.107 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:40:00 | WinXP | 24.76.233.129 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 15:49:00 | WinXP | 140.239.201.214 (XO.NET): XO COMMUNICATIONS, BOSTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:15:55:00 | WinXP | 200.164.117.237 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:08:00 | WinXP | 12.189.121.23 (ATT-INC.COM): ATT INCS, NEW BRUNSWICK, NEW JERSEY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 62 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3229 hits: 06-17 to 10-15] b7082104e4 [Firefox:205 hits: 06-18 to 10-15] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:16:09:00 | Win2K-f | 68.148.85.67 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
72.10.172.218:3240 | CA:bti.jeiahsdod.net | 135 | pcap | raw alerts ruleset |
irc 520 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 16:24:00 | WinXP | 96.10.57.8 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:34:00 | WinXP | 4.131.140.147 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:49:00 | WinXP | 4.85.128.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:205 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| 16:49:00 | WinXP | 76.11.139.137 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, SIKESTON, MISSOURI, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:05:00 | WinXP | 76.198.236.194 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, DALLAS, TEXAS, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:17:06:00 | WinXP | 76.198.236.194 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, DALLAS, TEXAS, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:12:00 | Win2K-f | 76.73.239.195 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
irc 496 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] dffb683fa0 NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| 17:45:00 | WinXP | 67.246.232.204 (-): . |
n/a | DE:siliconfireware.ru GB:welcome3.smile.co.uk :wpad US:searchportal.information.com US:spi.domainsponsor.com GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 18:07:00 | WinXP | 172.130.31.200 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3229 hits: 06-17 to 10-15] 73f1082158 [Firefox:1577 hits: 06-18 to 10-15] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:55:00 | WinXP | 24.76.19.120 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WHITE ROCK SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 384 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
09b0615aa8 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
|
| 18:58:00 | Win2K-f | 71.79.185.121 (RR.COM): ROAD RUNNER HOLDCO LLC, CUYAHOGA FALLS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 19:18:00 | Win2K-f | 208.82.46.217 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:205 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| T:19:42:00 | WinXP | 97.89.49.153 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
54174cfc71 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 19:48:00 | WinXP | 4.230.60.197 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOUSTON, TEXAS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 20:05:00 | WinXP | 119.95.83.85 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b [Firefox: 4 hits: 10-07 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:20:05:00 | WinXP | 119.95.83.85 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:16:00 | WinXP | 24.80.169.100 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:16:00 | WinXP | 122.53.169.224 (PLDT.NET): IPG, PH. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:20:17:00 | WinXP | 122.53.169.224 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:26:00 | WinXP | 67.150.172.174 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:34:00 | WinXP | 221.184.60.62 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:44:00 | WinXP | 66.103.126.148 (CTSIOK.NET): CHICKASAW TELECOMMUNICATIONS SERVICES INC, STILLWATER, OKLAHOMA, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:44:00 | WinXP | 66.103.126.148 (CTSIOK.NET): CHICKASAW TELECOMMUNICATIONS SERVICES INC, STILLWATER, OKLAHOMA, US. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 20:55:00 | WinXP | 67.0.36.30 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, OMAHA, NEBRASKA, US. (DIAL) |
n/a | EU:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com GB:www.chechenpress.co.uk :www.islamicfinder.org US:www.youtube.com :www.google-analytics.com US:video.google.com GB:welcome3.smile.co.uk US:208.65.153.238:80 US:66.242.19.44:80 |
445 | pcap | raw alerts ruleset |
http http 223 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 20:56:00 | WinXP | 70.15.193.65 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:20:56:00 | WinXP | 70.15.193.65 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:07:00 | WinXP | 4.158.240.233 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, MILWAUKEE, WISCONSIN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 101 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 21:10:00 | WinXP | 75.136.136.105 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:10:00 | WinXP | 75.136.136.105 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 21:42:00 | WinXP | 218.41.122.81 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:42:00 | WinXP | 203.184.1.178 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, NZ. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:13:00 | WinXP | 59.103.90.134 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:19:00 | Win2K-f | 72.215.49.30 (COX.NET): COX COMMUNICATIONS, BRISTOL, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1577 hits: 06-18 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:22:20:00 | WinXP | 115.80.242.162 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:22:00 | WinXP | 117.99.24.215 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 8a558b4230 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:22:00 | WinXP | 117.99.24.215 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:26:00 | Win2K-f | 74.211.6.26 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 NEW d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:22:28:00 | Win2K-f | 74.211.6.26 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:22:30:00 | WinXP | 208.105.171.98 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:22:41:00 | WinXP | 117.99.53.40 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:50:00 | WinXP | 121.254.127.133 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
194.54.90.246:80 115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:03:00 | WinXP | 66.66.190.80 (RR.COM): ROAD RUNNER HOLDCO LLC, ROCHESTER, NEW YORK, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:15:00 | Win2K-f | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
57ce4acac2 [Firefox:274 hits: 06-17 to 10-15] d41d8cd98f [Firefox:27 hits: 12-31 to 12-31] |
57ce4acac2 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 23:38:00 | Win2K-f | 116.127.164.194 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 109 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 31 of 33 |
776985f561 [Firefox:19 hits: 06-24 to 10-10] 8ec6129efe [Firefox:18 hits: 06-24 to 10-10] |
776985f561 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 23:42:00 | WinXP | 118.168.203.179 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:761 hits: 12-31 to 10-15] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 23:47:00 | WinXP | 116.71.182.218 (-): PTCL TRIPLE PLAY PROJECT, ISLAMABAD, ISLAMABAD, PK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org :lulea.se.eu.undernet.org SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org SE:ced.dal.net SE:vancouver.dal.net 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 47af15bf90 [Firefox: 2 hits: 08-29 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 23:56:00 | Win2K-f | 85.93.190.119 (WSC.CZ): WINSOFT COMPANY S.R.O, OLOMOUC, OLOMOUCKY KRAJ, CZ. |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :proxima.ircgalaxy.pl US:do-scan-progress.com US:xpas-2009.com DE:kitroneza.cn |
445 | pcap | raw alerts ruleset |
irc http 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |