|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:10:00 | WinXP | 64.139.99.92 (NCIDATA.COM): NCI DATA.COM INC, BREWSTER, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 [Firefox: 4 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:00:22:00 | WinXP | 70.66.82.134 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
6ea2758c07 [Firefox: 3 hits: 10-07 to 10-13] d4406c307b [Firefox: 3 hits: 10-07 to 10-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:26:00 | WinXP | 130.13.64.69 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:00:27:00 | WinXP | 130.13.64.69 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:48:00 | WinXP | 87.247.88.171 (INTURBO.LT): OPTICAL RESIDENT CLIENT POOL, LT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 00:55:00 | WinXP | 117.99.50.16 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:10:00 | WinXP | 89.50.85.16 (PPPOOL.DE): FREENET CITYLINE GMBH, FRANKFURT, HESSEN, DE. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:20:00 | WinXP | 79.163.164.189 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:37:00 | WinXP | 213.77.194.163 (TPNET.PL): TELEKOMUNIKACJA POLSKA S.A. CST, RZESZOW, PODKARPACKIE, PL. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 01:42:00 | Win2K-f | 69.211.138.112 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
a08f3b74a4 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 01:47:00 | WinXP | 66.203.182.71 (EXECULINK.COM): EXECULINK, KITCHENER, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.41.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] e626a3f4bf NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| T:01:52:00 | WinXP | 92.40.65.90 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| 01:55:00 | WinXP | 82.67.140.222 (PROXAD.NET): PROXAD / FREE SAS, NANTES, PAYS DE LA LOIRE, FR. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 01:56:00 | WinXP | 212.106.16.155 (POLBOX.PL): POLBOX, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:01:59:00 | WinXP | 118.221.41.44 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:03:00 | Win2K-f | 98.140.59.201 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:28:00 | Win2K-f | 76.213.145.216 (SBCGLOBAL.NET): PPPOX POOL - BRAS2.OKCYOK, EDMOND, OKLAHOMA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.69:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:16:00 | Win2K-f | 24.76.172.201 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] ea271eef76 NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| T:03:16:00 | WinXP | 93.177.152.198 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | a26010fcca NEW |
none[none] | none:none |
none|none | none | none |
| 03:19:00 | WinXP | 70.119.116.138 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
a08f3b74a4 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:03:23:00 | WinXP | 24.87.121.250 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:25:00 | WinXP | 24.87.121.250 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:25:00 | WinXP | 65.173.138.42 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:33:00 | WinXP | 117.99.6.199 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:39:00 | WinXP | 65.173.138.42 (MAYSVILLEKY.NET): LIME STONE CABLE, MAYSVILLE, KENTUCKY, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:47:00 | WinXP | 81.131.5.78 (BTOPENWORLD.COM): BT-WEBPORT, LONDON, ENGLAND, UK. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:03:54:00 | WinXP | 78.139.175.126 (-): CAUCASUS NETWORK LTD, GE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:56:00 | Win2K-f | 218.211.217.215 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.219:80 US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 04:02:00 | Win2K-f | 66.153.211.73 (SCCOAST.NET): HTC - CABLE MODEM POOL, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 04:05:00 | WinXP | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 [Firefox: 5 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 04:16:00 | WinXP | 68.149.46.236 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:22:00 | Win2K-f | 71.107.77.176 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LONG BEACH, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:206.33.45.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 [Firefox: 5 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 04:26:00 | Win2K-f | 159.134.157.8 (EIRCOM.NET): EIRCOM GROUP PLC, TRALEE, KERRY, IE. |
n/a | 135 | pcap | raw alerts ruleset |
other 1078 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | c249fdedbc NEW |
none[none] | none:none |
none|none | none | none | |
| 04:30:00 | WinXP | 84.3.183.192 (T-ONLINE.HU): HUNGARIAN TELECOM, BUDAPEST, BUDAPEST, HU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:04:31:00 | WinXP | 84.3.183.192 (T-ONLINE.HU): HUNGARIAN TELECOM, BUDAPEST, BUDAPEST, HU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:18 hits: 09-16 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 04:37:00 | WinXP | 125.231.8.54 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net :lulea.se.eu.undernet.org SE:ozbytes.dal.net NO:london.uk.eu.undernet.org SE:viking.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org SE:ced.dal.net SE:broadway.ny.us.dal.net :caen.fr.eu.undernet.org :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org :washington.dc.us.undernet.org SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:04:39:00 | WinXP | 125.231.8.54 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 04:51:00 | Win2K-f | 63.246.124.179 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:19:00 | WinXP | 94.50.129.75 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:20:00 | WinXP | 94.50.129.75 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:38:00 | WinXP | 70.78.115.227 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.110:80 |
135 | pcap | raw alerts ruleset |
irc http 179 lines |
Yeah : 1.8 profile |
none | summary tarball |
none 0 of 32 |
752bf8c95d NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:05:39:00 | WinXP | 124.241.176.98 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
a08f3b74a4 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:05:39:00 | Win2K-f | 196.208.84.11 (TELKOM-IPNET.CO.ZA): AFRINIC, DURBAN, KWAZULU-NATAL, ZA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 152 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1584 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 05:47:00 | WinXP | 24.80.178.213 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] ddbbe52489 NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| 05:57:00 | WinXP | 83.93.185.53 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, ROSKILDE, ROSKILDE, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 05:58:00 | WinXP | 41.214.171.48 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:06:10:00 | WinXP | 114.48.38.108 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 06:12:00 | WinXP | 114.48.38.108 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:06:36:00 | WinXP | 70.15.86.40 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 2 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| 07:16:00 | WinXP | 58.4.10.211 (UCOM.NE.JP): N-TK0031U, JP. (100Mbps) |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :kidfitnesstv.com :www.google.com :mulfika.cn :clients1.google.com DE:kitroneza.cn 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:21:00 | WinXP | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 [Firefox: 5 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 07:22:00 | WinXP | 59.104.17.185 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org SE:ced.dal.net SE:viking.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org SE:vancouver.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:32:00 | WinXP | 89.43.150.248 (TVSATRM.RO): SC TV SAT 2002 SRL, BUZAU, BUZAU, RO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 07:48:00 | Win2K-f | 68.187.194.89 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:08:00:00 | Win2K-f | 12.198.30.48 (-): JOYCE MEDIA INC, ACTON, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
6814696aea NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:08:02:00 | WinXP | 70.15.70.173 (PTD.NET): PENTELEDATA INC. - CABLE, SELINSGROVE, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 2 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:08:06:00 | WinXP | 87.110.26.20 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:17 hits: 10-01 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:08:31:00 | WinXP | 125.58.90.19 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
6814696aea NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 08:36:00 | WinXP | 88.28.103.147 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:47:00 | WinXP | 86.129.241.106 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:48:00 | Win2K-f | 122.53.171.80 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 134 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
27832b6d04 NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 09:19:00 | WinXP | 70.70.8.200 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :kidfitnesstv.com :www.google.com :clients1.google.com DE:kitroneza.cn DE:rushprotect.net 74.125.19.101:80 EU:78.157.142.58:80 DE:87.118.120.203:80 |
135 | pcap | raw alerts ruleset |
http irc 1097 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
123aaad7da NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:09:22:00 | WinXP | 77.198.63.97 (GAOLAND.NET): DYNAMIC POOLS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 09:49:00 | WinXP | 84.73.239.26 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:51:00 | WinXP | 78.159.89.104 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:53:00 | WinXP | 88.157.74.148 (REV-82-102-32-10.TVTEL.PT): TVTEL - GRANDE PORTO COMUNICACOES SA, PORTO, PORTO, PT. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:09:53:00 | WinXP | 88.157.74.148 (REV-82-102-32-10.TVTEL.PT): TVTEL - GRANDE PORTO COMUNICACOES SA, PORTO, PORTO, PT. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:18 hits: 09-16 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 09:54:00 | Win2K-f | 122.146.81.89 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:00:00 | WinXP | 88.178.131.153 (PROXAD.NET): PROXAD / FREE SAS, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :kidfitnesstv.com :www.google.com :clients1.google.com DE:kitroneza.cn 115.126.2.121:65520 EU:78.157.142.58:80 |
445 | pcap | raw alerts ruleset |
http irc 31 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:03:00 | WinXP | 88.161.53.127 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:04:00 | WinXP | 41.214.179.154 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :lulea.se.eu.undernet.org US:lia.zanet.net SE:coins.dal.net SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org :caen.fr.eu.undernet.org SE:qis.md.us.dal.net :gaspode.zanet.org.za SE:ozbytes.dal.net :washington.dc.us.undernet.org SE:vancouver.dal.net AT:graz.at.eu.undernet.org FI:london.uk.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:viking.dal.net SE:ced.dal.net :flanders.be.eu.undernet.org 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 10:21:00 | WinXP | 76.198.238.13 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:10:47:00 | WinXP | 87.228.31.171 (-): INFOLINE ZAO, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:18 hits: 09-16 to 10-13] |
none[none] | none:none |
none|none | none | none |
| 10:55:00 | WinXP | 79.163.188.96 (-): IDEA, PL. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:02:00 | WinXP | 218.166.78.28 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:13:00 | WinXP | 92.47.238.66 (IKBCC.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 35802898ef NEW |
none[none] | none:none |
none|none | none | none |
| 11:17:00 | WinXP | 87.78.194.96 (NETCOLOGNE.DE): NETCOLOGNE GMBH, COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:26:00 | Win2K-f | 203.91.163.219 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
6814696aea NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 11:28:00 | WinXP | 88.164.227.144 (PROXAD.NET): PROXAD / FREE SAS, FR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:11:29:00 | WinXP | 85.138.195.49 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:762 hits: 12-31 to 10-16] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:52:00 | WinXP | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] f00b7699c2 NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
| T:11:54:00 | WinXP | 217.201.70.183 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 11:54:00 | WinXP | 217.201.70.183 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:05:00 | WinXP | 87.205.221.201 (INETIA.PL): INTERNETIA, KATOWICE, SLASKIE, PL. (DSL) |
n/a | RU:moscow-advokat.ru :gaspode.zanet.org.za :brussels.be.eu.undernet.org SE:vancouver.dal.net :los-angeles.ca.us.undernet.org SE:broadway.ny.us.dal.net SE:viking.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:08:00 | WinXP | 82.207.36.250 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN SIMPHEROPOL, UA. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f1d556bf4b [Firefox: 6 hits: 10-05 to 10-12] |
none[none] | none:none |
none|none | none | none | |
| 12:09:00 | Win2K-f | 98.141.160.17 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:11:00 | WinXP | 87.247.111.3 (-): MIKROVISATA, LT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a917b38976 [Firefox: 2 hits: 10-14 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:12:12:00 | WinXP | 72.129.236.129 (RR.COM): ROAD RUNNER HOLDCO LLC, KANSAS CITY, MISSOURI, US. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org SE:vancouver.dal.net :washington.dc.us.undernet.org SE:viking.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:762 hits: 12-31 to 10-16] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:13:00 | WinXP | 72.129.236.129 (RR.COM): ROAD RUNNER HOLDCO LLC, KANSAS CITY, MISSOURI, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:15:00 | WinXP | 82.119.153.173 (STV.RU): OAO ELECTROSVIAZ STAVROPOL REGION, RU. |
n/a | UA:citi-bank.ru EU:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:18:00 | WinXP | 82.119.153.173 (STV.RU): OAO ELECTROSVIAZ STAVROPOL REGION, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:108 hits: 01-14 to 10-14] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 12:22:00 | WinXP | 78.34.30.1 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru SE:coins.dal.net :caen.fr.eu.undernet.org SE:ozbytes.dal.net :flanders.be.eu.undernet.org SE:broadway.ny.us.dal.net SE:vancouver.dal.net NL:diemen.nl.eu.undernet.org US:lia.zanet.net AT:graz.at.eu.undernet.org :los-angeles.ca.us.undernet.org SE:qis.md.us.dal.net 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:29:00 | Win2K-f | 122.146.227.27 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
6814696aea NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 12:31:00 | WinXP | 194.105.99.160 (CABLESURF.DE): KABELFERNSEHEN-MUENCHEN-NET, MUNICH, BAYERN, DE. (DSL) |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:vancouver.dal.net SE:coins.dal.net US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:31:00 | WinXP | 194.105.99.160 (CABLESURF.DE): KABELFERNSEHEN-MUENCHEN-NET, MUNICH, BAYERN, DE. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:12:42:00 | WinXP | 124.8.152.128 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:49:00 | Win2K-f | 69.211.138.112 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:06:00 | WinXP | 69.85.120.116 (SPEAKEASY.NET): US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:06:00 | Win2K-f | 211.74.112.179 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 379 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none |
d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] f8ae8bcf3e NEW |
none[3] none [none] |
ASM:Graph none:none |
none|none none|none |
lines=0 none |
trace none |
|
| T:13:07:00 | WinXP | 190.208.111.237 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:08:00 | WinXP | 190.208.111.237 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:12:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:27:00 | WinXP | 89.152.209.7 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell ftp irc 22 lines |
Yeah : 1.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:13:42:00 | WinXP | 79.138.205.120 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:165 hits: 01-03 to 10-14] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:45:00 | WinXP | 70.241.193.126 (SWBELL.NET): PPPOX POOL - BRAS1 STLSMO, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com FI:static.kavkazchat.com :www.google.com GB:www.chechenpress.co.uk US:www.youtube.com :www.google-analytics.com US:video.google.com US:208.73.210.32:80 US:66.242.19.44:80 US:72.29.65.216:80 FI:80.81.183.162:80 |
445 | pcap | raw alerts ruleset |
http http 118 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 13:51:00 | WinXP | 84.183.223.190 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, DE. (DIAL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:00:00 | WinXP | 201.221.115.146 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 14:25:00 | WinXP | 59.190.46.42 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 14:33:00 | WinXP | 4.245.164.234 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DANBURY, CONNECTICUT, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 149 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 [Firefox: 4 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
|
| T:14:35:00 | WinXP | 96.10.88.43 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:45:00 | WinXP | 69.85.119.80 (SPEAKEASY.NET): US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:48:00 | WinXP | 24.81.176.51 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:20:00 | WinXP | 82.15.41.177 (NTL.COM): NTL INFRASTRUCTURE - BAGULEY, HARTLEPOOL, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:473 hits: 12-31 to 10-15] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:25:00 | WinXP | 218.41.8.65 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:32:00 | WinXP | 4.161.92.84 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 168 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 15:34:00 | WinXP | 65.190.167.117 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:40:00 | WinXP | 201.88.89.85 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:16:02:00 | WinXP | 217.201.14.178 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:05:00 | WinXP | 12.203.116.218 (MCHSI.COM): AT&T WORLDNET SERVICES, SPRINGFIELD, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:09:00 | WinXP | 190.191.31.4 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:09:00 | WinXP | 190.191.31.4 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:16:12:00 | WinXP | 41.214.163.232 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:24:00 | WinXP | 70.15.88.7 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 2 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:16:26:00 | WinXP | 87.103.98.31 (REV.VODAFONE.PT): GPRS POOLS, PT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :gaspode.zanet.org.za :los-angeles.ca.us.undernet.org US:lia.zanet.net :lulea.se.eu.undernet.org SE:vancouver.dal.net SE:ced.dal.net SE:viking.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org SE:broadway.ny.us.dal.net AT:graz.at.eu.undernet.org SE:qis.md.us.dal.net :washington.dc.us.undernet.org BE:london.uk.eu.undernet.org 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 30d307f403 NEW |
none[none] | none:none |
none|none | none | none |
| 16:31:00 | Win2K-f | 71.111.190.117 (VERIZON.NET): VERIZON INTERNET SERVICES INC, ALOHA, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:16:33:00 | WinXP | 4.164.183.76 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OMAHA, NEBRASKA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1584 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:16:38:00 | WinXP | 75.138.116.74 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c3e3fb2336 NEW |
none[none] | none:none |
none|none | none | none |
| 16:39:00 | WinXP | 86.7.170.20 (NTL.COM): NTL INFRASTRUCTURE - BROMLEY, WARRINGTON, ENGLAND, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 16:59:00 | WinXP | 41.214.191.170 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:17:01:00 | WinXP | 208.61.168.51 (BELLSOUTH.NET): BELLSOUTH.NET INC, NASHVILLE, TENNESSEE, US. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:05:00 | WinXP | 4.237.239.248 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW YORK, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.226:80 US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
other 170 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 17:13:00 | Win2K-f | 24.78.166.33 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
caaec0d8aa NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 17:13:00 | WinXP | 193.140.232.121 (HACETTEPE.EDU.TR): HACETTEPE UNIVERSITY, ANKARA, ANKARA, TR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:15:00 | Win2K-f | 71.113.77.184 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LYNNWOOD, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0ba27c9268 [Firefox: 5 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 17:17:00 | WinXP | 122.146.227.27 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
018b7b7e27 [Firefox: 4 hits: 10-16 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:17:25:00 | WinXP | 121.254.122.104 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:30:00 | WinXP | 123.224.88.171 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:31:00 | Win2K-f | 4.152.147.204 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RALEIGH, NORTH CAROLINA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 142 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace | |
| T:17:47:00 | WinXP | 125.0.9.23 (INFOWEB.NE.JP): FUJITSU LIMITED, OTA, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:50:00 | WinXP | 205.214.53.240 (EPOCH.NET): EPOCH NETWORKS, FAIRFAX, VIRGINIA, US. |
n/a | :www.google.com.au US:www.yahoo.com :jbeegvia.ru US:www.worldbank.org GB:www.viruslist.com :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :wpad :ryryodokm.ru :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru US:crime-research.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru RU:alfabank.ru :kargai.ru :kfwfceki.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:55:00 | WinXP | 203.184.8.27 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, AUCKLAND, AUCKLAND, NZ. |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com US:208.73.210.32:80 DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:11:00 | Win2K-f | 66.217.140.213 (USLEC.NET): USLEC CORP, BEL AIR, MARYLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:13:00 | WinXP | 4.155.33.33 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OWINGS MILLS, MARYLAND, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:16:00 | WinXP | 98.25.121.246 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:23:00 | WinXP | 86.102.11.94 (PRIMORYE.RU): DYNAMIC BROADBAND CLIENTS, VLADIVOSTOK, PRIMORSKIY KRAY, RU. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:35:00 | Win2K-f | 68.151.41.62 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
09492e119a NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:18:37:00 | WinXP | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:39:00 | Win2K-f | 24.82.82.68 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:18:41:00 | WinXP | 67.14.206.21 (ARTELCO.COM): WORLD LYNX INC, LITTLE ROCK, ARKANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 US:208.111.148.219:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:16:00 | WinXP | 70.64.251.97 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | a09f1456cb NEW |
none[none] | none:none |
none|none | none | none | |
| 19:20:00 | WinXP | 219.105.96.144 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:42:00 | WinXP | 123.48.68.68 (R-123-48-0-10.COMMUFA.JP): CHUBU TELECOMMUNICATIONS CO. INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:45:00 | WinXP | 123.145.179.175 (-): CNCGROUP CHONGQING PROVINCE NETWORK, BEIJING, BEIJING, CN. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:47:00 | WinXP | 200.165.170.184 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:19:52:00 | Win2K-f | 64.139.99.92 (NCIDATA.COM): NCI DATA.COM INC, BREWSTER, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 0 of 32 |
73f1082158 [Firefox:1584 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
73f1082158 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| T:20:04:00 | WinXP | 204.193.218.236 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:11:00 | WinXP | 70.15.70.164 (PTD.NET): PENTELEDATA INC. - CABLE, SELINSGROVE, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 2 hits: 10-05 to 10-10] |
none[none] | none:none |
none|none | none | none |
| T:20:29:00 | WinXP | 66.48.160.243 (UU.NET): MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS, TORONTO, ONTARIO, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:35:00 | WinXP | 203.70.240.98 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:20:41:00 | Win2K-f | 72.51.202.220 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 253 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 34 of 36 |
bacc212454 NEW d8cf9fc784 [Firefox: 8 hits: 09-12 to 10-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:20:49:00 | WinXP | 12.203.116.218 (MCHSI.COM): AT&T WORLDNET SERVICES, SPRINGFIELD, ILLINOIS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:04:00 | WinXP | 4.152.180.88 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:04:00 | Win2K-f | 24.178.77.67 (CHARTER.COM): CHARTER COMMUNICATIONS, HARLEM, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace | |
| T:21:04:00 | WinXP | 4.152.180.88 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NASHVILLE, TENNESSEE, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 21:08:00 | WinXP | 87.110.73.67 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 21:15:00 | WinXP | 172.129.253.31 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:22:00 | WinXP | 70.166.118.73 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
61667e8cb9 NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 21:22:00 | Win2K-f | 70.182.251.209 (MAXONCORP.COM): COX COMMUNICATIONS, WICHITA, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| T:21:24:00 | Win2K-f | 70.60.105.245 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN FRANCISCO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.152:80 US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:28:00 | Win2K-f | 71.36.11.218 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.174:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:32:00 | WinXP | 79.22.64.139 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:21:32:00 | WinXP | 79.22.64.139 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 989392c361 NEW |
none[none] | none:none |
none|none | none | none |
| 21:33:00 | WinXP | 130.13.246.8 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 21:36:00 | WinXP | 24.108.33.174 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:80 |
135 | pcap | raw alerts ruleset |
other 708 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 21:55:00 | WinXP | 90.151.212.37 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 22:27:00 | WinXP | 118.231.5.151 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 22:42:00 | Win2K-f | 97.89.49.153 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
54174cfc71 NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| T:22:49:00 | Win2K-f | 68.146.243.230 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3231 hits: 06-17 to 10-16] 73f1082158 [Firefox:1584 hits: 06-18 to 10-16] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:00:00 | WinXP | 202.163.65.205 (GULAHMED.COM): CYBER INTERNET SERVICES (PVT.) LTD, KARACHI, SINDH, PK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:02:00 | Win2K-f | 202.153.231.14 (-): EX-METRONET-MWEB, ID. |
n/a | 135 | pcap | raw alerts ruleset |
other 360 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace | |
| 23:07:00 | WinXP | 190.245.44.206 (-): . |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
0 of 32 | d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[3] | ASM:Graph |
none|none | lines=0 | trace |
| 23:16:00 | WinXP | 70.184.3.57 (COX.NET): COX COMMUNICATIONS, WARNER ROBINS, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.53:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
8c4fa0bed0 NEW d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[none] none [3] |
none:none ASM:Graph |
none|none none|none |
none lines=0 |
none trace |
| 23:18:00 | WinXP | 75.143.200.255 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:21:00 | WinXP | 59.114.215.195 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:23:00 | WinXP | 68.204.165.114 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:23:24:00 | WinXP | 68.204.165.114 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1332 hits: 12-31 to 10-16] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:37:00 | Win2K-f | 12.219.244.164 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, RIDGECREST, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 0 of 32 |
b7082104e4 [Firefox:211 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
none[4] none [3] |
none:none ASM:Graph |
tElock| none|none |
none lines=0 |
trace trace |
| T:23:56:00 | WinXP | 89.41.82.70 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | ee906f39d6 NEW |
none[none] | none:none |
none|none | none | none |
| 23:57:00 | Win2K-f | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 0 of 32 |
a08f3b74a4 [Firefox:1155 hits: 06-18 to 10-16] d41d8cd98f [Firefox:85 hits: 12-31 to 10-16] |
a08f3b74a4 [1] none [3] |
ASM:Graph ASM:Graph |
Armadillo| none|none |
lines=81 lines=0 |
trace trace |
| 23:57:00 | WinXP | 144.138.215.49 (TMNS.NET.AU): TELSTRAINTERNET31, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |