|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:57:00 | WinXP | 203.73.173.80 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl 115.126.2.121:65520 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 31 of 35 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] d3fb124001 NEW e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 01:09:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 0 of 33 |
3cd7958258 [Firefox:32 hits: 06-17 to 10-11] 41efedf70f [Firefox:31 hits: 06-19 to 10-11] e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[4] 41efedf70f[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 01:25:00 | Win2K-f | 211.239.4.83 (EPNETWORKS.CO.KR): ENTERPRISENET-INFRA, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 136 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 0 of 32 29 of 33 |
686d4ca67b [Firefox:11 hits: 07-08 to 10-14] b5919931fe [Firefox:853 hits: 06-20 to 10-15] b7e379b157 [Firefox:10 hits: 07-08 to 10-13] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:01:29:00 | WinXP | 86.55.83.238 (OPTINET.RO): SC OPTINET SRL, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 4c934f9489 [Firefox: 2 hits: 10-07 to 10-08] |
none[none] | none:none |
none|none | none | none |
| 01:33:00 | WinXP | 66.8.206.169 (RR.COM): ROAD RUNNER HOLDCO LLC, HONOLULU, HAWAII, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:58 hits: 01-02 to 10-15] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:40:00 | WinXP | 80.102.51.64 (DYNAMIC.ORANGE.ES): UNI2 IP DATA NETWORK, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:55:00 | Win2K-f | 115.80.167.157 (-): . |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc 238 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 32 of 36 |
cc91fb83d8 NEW d224be6e3b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:57:00 | Win2K-f | 218.238.57.60 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.47.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc 116 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 33 of 35 |
168aab35a3 [Firefox:168 hits: 06-17 to 10-15] f7738e7352 [Firefox: 8 hits: 07-25 to 10-04] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 02:00:00 | WinXP | 114.48.10.43 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 64d359864b NEW |
none[none] | none:none |
none|none | none | none | |
| 02:15:00 | Win2K-f | 67.212.60.132 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:16:00 | Win2K-f | 60.54.79.80 (TM.NET.MY): TELEKOM MALAYSIA BERHAD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
115.126.2.121:65520 | 445 | pcap | raw alerts ruleset |
irc 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:20:00 | WinXP | 76.8.206.20 (-): CENTENNIAL I, PROVO, UTAH, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:18 hits: 10-08 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:02:22:00 | WinXP | 76.8.206.20 (-): CENTENNIAL I, PROVO, UTAH, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:18 hits: 10-08 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 02:25:00 | WinXP | 123.217.54.189 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:27:00 | WinXP | 86.155.15.139 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:611 hits: 01-01 to 10-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:31:00 | Win2K-f | 93.80.95.73 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
b5919931fe [1] | ASM:Graph |
ASProtect| | lines=90 | trace |
| T:02:42:00 | WinXP | 88.111.181.121 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:50:00 | Win2K-f | 211.119.72.250 (BORA.NET): BORANET-NET, KR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 235 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 34 34 of 36 0 of 32 |
3060fff5c0 [Firefox: 2 hits: 08-22 to 10-03] a7d11d75cd [Firefox: 2 hits: 08-22 to 10-03] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 03:02:00 | WinXP | 156.17.240.10 (WROC.PL): THE NETWORK COVERS WHOLE WROCLAW AREA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4ed031d88c NEW |
none[none] | none:none |
none|none | none | none |
| 03:03:00 | Win2K-f | 173.17.79.67 (-): . |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn |
135 | pcap | raw alerts ruleset |
irc http 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 8 of 36 |
0b82addbc4 NEW ac9e444ce0 [Firefox:11 hits: 10-13 to 10-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 03:06:00 | WinXP | 115.80.239.163 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:36 hits: 09-17 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:03:06:00 | WinXP | 115.80.239.163 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:36 hits: 09-17 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 03:36:00 | WinXP | 98.141.160.48 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:36:00 | Win2K-f | 196.208.8.174 (DIAL-UP.NET): AFRINIC, JOHANNESBURG, GAUTENG, ZA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
other 102 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 57ce4acac2 [Firefox:276 hits: 06-17 to 10-16] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:52:00 | WinXP | 68.150.127.216 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LEDUC, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:58:00 | WinXP | 76.161.74.152 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:04:06:00 | WinXP | 87.57.189.180 (IP.TELE.DK): TELEDANMARK, DK. |
n/a | RU:moscow-advokat.ru EU:gaz-prom.ru AT:graz.at.eu.undernet.org NO:london.uk.eu.undernet.org US:lia.zanet.net :caen.fr.eu.undernet.org :washington.dc.us.undernet.org :brussels.be.eu.undernet.org RU:irc.tsk.ru |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1f00284aa7 NEW |
none[none] | none:none |
none|none | none | none |
| 04:06:00 | WinXP | 87.57.189.180 (IP.TELE.DK): TELEDANMARK, DK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1f00284aa7 NEW |
none[none] | none:none |
none|none | none | none |
| 04:20:00 | WinXP | 89.165.246.188 (HERTZA.RO): HERTZA COMPUTERS SRL, RO. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8d74af6d5 NEW |
none[none] | none:none |
none|none | none | none |
| 04:33:00 | WinXP | 69.27.144.46 (SHOMECOM.COM): SHOMECOM, WARSAW, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.254:80 US:208.111.153.215:80 |
135 | pcap | raw alerts ruleset |
other 117 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
3d4e713c08 NEW 57bbc69114 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:04:37:00 | WinXP | 70.44.46.196 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:14 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 04:50:00 | WinXP | 87.56.41.99 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 04:51:00 | WinXP | 83.4.245.11 (TPNET.PL): NEOSTRADA PLUS, TYCHY, SLASKIE, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:15:00 | Win2K-f | 196.208.10.224 (DIAL-UP.NET): AFRINIC, JOHANNESBURG, GAUTENG, ZA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 126 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 57ce4acac2 [Firefox:276 hits: 06-17 to 10-16] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:21:00 | WinXP | 61.218.193.226 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 57ce4acac2 [Firefox:276 hits: 06-17 to 10-16] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:49:00 | WinXP | 61.217.246.97 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:52:00 | WinXP | 69.85.108.41 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:09:00 | WinXP | 81.56.44.139 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4bec1f8ed6 NEW |
none[none] | none:none |
none|none | none | none |
| 06:18:00 | WinXP | 12.206.90.78 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, EXCELSIOR SPRINGS, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:26:00 | Win2K-f | 122.53.173.32 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 144 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:55 hits: 06-18 to 10-16] 76ee340669 [Firefox:55 hits: 06-18 to 10-16] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 07:08:00 | WinXP | 59.146.122.29 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:611 hits: 01-01 to 10-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:13:00 | WinXP | 78.84.153.178 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:474 hits: 12-31 to 10-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:24:00 | Win2K-f | 203.153.243.178 (AMNET.NET.AU): AMNET IT SERVICES PTY LTD, PERTH, WESTERN AUSTRALIA, AU. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:25:00 | WinXP | 218.175.193.60 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 [Firefox: 5 hits: 10-15 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 07:26:00 | WinXP | 98.121.142.50 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:764 hits: 12-31 to 10-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:07:33:00 | WinXP | 203.70.53.154 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:764 hits: 12-31 to 10-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:33:00 | WinXP | 203.70.53.154 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:qis.md.us.dal.net US:lia.zanet.net NL:diemen.nl.eu.undernet.org SE:ozbytes.dal.net SE:vancouver.dal.net SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org AT:graz.at.eu.undernet.org :washington.dc.us.undernet.org NL:london.uk.eu.undernet.org SE:coins.dal.net SE:ced.dal.net :flanders.be.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:764 hits: 12-31 to 10-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:41:00 | WinXP | 89.253.79.16 (OWNIT.SE): CUSTOMERS-OWNIT, SE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 22a60578a9 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:49:00 | WinXP | 190.226.143.222 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:28 hits: 09-17 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:08:01:00 | WinXP | 89.24.98.149 (4GINTERNET.CZ): RADIOMOBIL, CZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:08:00 | WinXP | 121.73.119.182 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
http 350 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
7f89b38665 [Firefox:26 hits: 08-02 to 10-13] a51a50404e [Firefox:26 hits: 08-02 to 10-13] e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 08:33:00 | WinXP | 212.76.225.161 (CODITEL.NET): CODITEL - INTERNET SERVICES, BRUSSELS, BRUSSELS, BE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:611 hits: 01-01 to 10-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:39:00 | Win2K-f | 173.17.79.67 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:08:40:00 | WinXP | 41.214.180.10 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 40f69498e7 NEW |
none[none] | none:none |
none|none | none | none |
| 08:42:00 | WinXP | 84.73.33.207 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 152f4c79b5 [Firefox: 3 hits: 10-12 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 08:51:00 | WinXP | 71.85.126.212 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:56:00 | WinXP | 98.134.14.226 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 86c16d7a9d NEW |
none[none] | none:none |
none|none | none | none |
| 09:21:00 | WinXP | 83.213.125.193 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BILBAO, PAIS VASCO, ES. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:764 hits: 12-31 to 10-17] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 09:30:00 | WinXP | 118.218.21.111 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn :kidfitnesstv.com :www.google.com :clients1.google.com |
135 | pcap | raw alerts ruleset |
irc http 138 lines |
Yeah : 1.8 profile |
none | summary tarball |
6 of 36 30 of 33 28 of 33 8 of 36 0 of 33 |
0b82addbc4 NEW 533d15b5ce [Firefox:33 hits: 06-21 to 10-12] 58c343a8d8 [Firefox:37 hits: 06-21 to 10-12] ac9e444ce0 [Firefox:11 hits: 10-13 to 10-15] e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[none] none [4] 58c343a8d8[1] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph none:none ASM:Graph |
none|none tElock| Armadillo| none|none FSG| |
none none lines=82 none lines=92 |
none trace trace none trace |
| 09:32:00 | WinXP | 77.37.164.72 (NCNET.RU): NCN-INFRA, RU. |
n/a | US:www.altavista.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox: 9 hits: 09-26 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:09:47:00 | WinXP | 213.188.77.64 (-): GTS-WAYPORTPARIS, GENEVA, GENEVA, CH. |
n/a | DE:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:208.73.210.32:80 |
445 | pcap | raw alerts ruleset |
http http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:582 hits: 01-01 to 10-15] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 09:57:00 | WinXP | 166.230.131.235 (MYVZW.COM): SERVICE PROVIDER CORPORATION, BEDMINSTER, NEW JERSEY, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:22:00 | Win2K-f | 99.128.59.193 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] b7082104e4 [Firefox:215 hits: 06-18 to 10-18] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 10:31:00 | WinXP | 87.247.122.162 (-): MIKROVISATA, LT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ee9b3e1204 NEW |
none[none] | none:none |
none|none | none | none |
| 10:47:00 | WinXP | 70.64.214.87 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d2548a0bf5 [Firefox: 4 hits: 10-03 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:10:48:00 | WinXP | 59.105.20.40 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c6059fcbd5 [Firefox: 5 hits: 09-23 to 10-06] |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | WinXP | 70.168.131.92 (COX.NET): COX COMMUNICATIONS, FALLS CHURCH, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:198.78.201.126:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:18:00 | WinXP | 88.68.24.83 (ARCOR-IP.NET): ARCOR-DSL-NET, DUSSELDORF, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:172 hits: 01-08 to 10-15] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:11:30:00 | WinXP | 117.96.143.16 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 2d6c8c447f [Firefox:21 hits: 09-16 to 10-17] |
none[none] | none:none |
none|none | none | none | |
| 11:42:00 | WinXP | 122.146.82.66 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 265 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
dd98c3c108 [Firefox: 8 hits: 06-24 to 07-22] e98746deb1 [Firefox: 7 hits: 06-24 to 07-22] |
dd98c3c108 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 12:12:00 | Win2K-f | 130.13.132.19 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http irc 129 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 32 0 of 32 |
7f66e51c85 [Firefox:14 hits: 07-11 to 10-15] 9d12fe9d3b [Firefox:15 hits: 07-11 to 10-15] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 12:14:00 | Win2K-f | 24.76.19.28 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WHITE ROCK SURREY, BRITISH COLUMBIA, CA. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:204.160.104.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
irc 135 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 32 of 36 |
57c095a73a NEW 71feff97fb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:26:00 | Win2K-f | 89.178.187.203 (CORBINA.RU): BROADBAND CUSTOMERS IN MOSCOW, MOSCOW, MOSKVA, RU. |
115.126.2.121:65520 | :fleshkatera.cn :lolika.cn :proxim.ircgalaxy.pl 115.126.2.110:80 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
8 of 36 | ac9e444ce0 [Firefox:11 hits: 10-13 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 12:31:00 | Win2K-f | 93.81.81.129 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 12:39:00 | WinXP | 78.157.15.116 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1e2a4e1a41 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:47:00 | WinXP | 82.207.8.178 (UKRTEL.NET): UKRTELNET, UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:17:00 | WinXP | 76.236.154.29 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:109 hits: 01-14 to 10-17] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 13:23:00 | WinXP | 41.214.168.14 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 9 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 13:25:00 | WinXP | 89.109.18.162 (MTS-NN.RU): NETWORK FOR VPDN SESSION TERMINATIONS ON UAC`S FOR, RU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:611 hits: 01-01 to 10-15] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 13:26:00 | Win2K-f | 68.149.14.226 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 0 of 32 33 of 36 |
1b4e787b92 NEW b5919931fe [Firefox:853 hits: 06-20 to 10-15] c9fffaa24b NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 13:35:00 | WinXP | 85.228.187.78 (BREDBANDSBOLAGET.SE): BREDBANDSBOLAGET AB, SE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 1a88bd5450 [Firefox: 4 hits: 10-02 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 13:39:00 | WinXP | 85.86.119.90 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:50:00 | WinXP | 98.26.220.51 (-): . |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:582 hits: 01-01 to 10-15] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:13:51:00 | Win2K-f | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:01:00 | WinXP | 201.94.161.152 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:14 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 14:04:00 | WinXP | 151.54.126.168 (38-151.NET24.IT): IUNET-BNET, VENICE, VENETO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 18c7040ea0 [Firefox: 5 hits: 09-15 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 14:08:00 | WinXP | 70.184.214.106 (COX.NET): COX COMMUNICATIONS, OMAHA, NEBRASKA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a0012f058f NEW |
none[none] | none:none |
none|none | none | none |
| 14:10:00 | WinXP | 92.41.15.225 (IKBCC.COM): EU-ZZ, UK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:582 hits: 01-01 to 10-15] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 14:21:00 | Win2K-f | 209.254.156.169 (MCLEODUSA.NET): MCLEODUSA INCORPORATED, SYRACUSE, NEW YORK, US. |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
06d7142ced NEW 9a841bcc27 NEW b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:14:38:00 | WinXP | 88.172.28.125 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a1b88a5ddb NEW |
none[none] | none:none |
none|none | none | none |
| 14:38:00 | WinXP | 88.172.28.125 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a1b88a5ddb NEW |
none[none] | none:none |
none|none | none | none |
| 14:47:00 | WinXP | 83.88.236.228 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, VEDBAEK, COPENHAGEN, DK. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox: 9 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 15:03:00 | Win2K-f | 78.106.178.149 (CORBINA.NET): INVESTELEKTROSVIAZ LTD, RU. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn :lolika.cn 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 36 | ac9e444ce0 [Firefox:11 hits: 10-13 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:15:04:00 | WinXP | 190.189.88.147 (NET.AR): PRIMA S.A, AR. |
n/a | :proxima.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1505c9b037 NEW |
none[none] | none:none |
none|none | none | none |
| 15:04:00 | WinXP | 190.189.88.147 (NET.AR): PRIMA S.A, AR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1505c9b037 NEW |
none[none] | none:none |
none|none | none | none |
| 15:08:00 | WinXP | 41.214.183.200 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 1c8b439ba5 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:10:00 | WinXP | 41.214.183.200 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 1c8b439ba5 NEW |
none[none] | none:none |
none|none | none | none |
| 15:24:00 | WinXP | 190.138.223.62 (NET.AR): TELECOM ARGENTINA S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:42:00 | WinXP | 41.214.175.135 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:14 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:16:00:00 | WinXP | 4.131.138.209 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 16:17:00 | WinXP | 78.84.192.83 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:46 hits: 01-02 to 10-09] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 16:18:00 | WinXP | 67.11.54.247 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:51 hits: 08-09 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:16:18:00 | WinXP | 67.11.54.247 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | eca9a5fa95 [Firefox:51 hits: 08-09 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 16:19:00 | Win2K-f | 24.178.77.67 (CHARTER.COM): CHARTER COMMUNICATIONS, HARLEM, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:16:30:00 | WinXP | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:35:00 | WinXP | 83.38.165.19 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MADRID, MADRID, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:14 hits: 10-03 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 16:36:00 | WinXP | 98.133.63.153 (-): ALLTEL MIP CUSTOMERS - LITTLE ROCK, LITTLE ROCK, ARKANSAS, US. |
115.126.2.121:65520 194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 5e4f6ad9dc NEW |
none[none] | none:none |
none|none | none | none |
| T:16:37:00 | WinXP | 98.133.63.153 (-): ALLTEL MIP CUSTOMERS - LITTLE ROCK, LITTLE ROCK, ARKANSAS, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5e4f6ad9dc NEW |
none[none] | none:none |
none|none | none | none |
| T:16:37:00 | WinXP | 208.105.99.73 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:49:00 | Win2K-f | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:52:00 | WinXP | 67.64.30.245 (WBSNET.NET): WHEATLAND ELECTRIC COOP, SCOTT CITY, KANSAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:18:00 | Win2K-f | 24.76.183.152 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 32 |
0115338c8b [Firefox:16 hits: 09-12 to 10-15] 321f4fc27d [Firefox:16 hits: 09-12 to 10-15] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 17:18:00 | Win2K-f | 74.211.3.49 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:22:00 | WinXP | 204.193.217.80 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 4 hits: 10-12 to 10-14] |
none[none] | none:none |
none|none | none | none | |
| T:17:26:00 | WinXP | 122.120.210.89 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:27:00 | WinXP | 68.151.41.62 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3b75c2ccb8 NEW |
none[none] | none:none |
none|none | none | none |
| 17:38:00 | WinXP | 219.112.22.19 (YOURNET.NE.JP): FREEBIT CO. LTD, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:55:00 | WinXP | 92.41.170.170 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:38 hits: 04-05 to 10-10] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| T:17:55:00 | WinXP | 92.41.170.170 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 22999be88c [Firefox:38 hits: 04-05 to 10-10] |
eda2056971 [0] | ASM:Graph |
PolyEnE| | lines=154 embedded dns |
trace |
| 18:00:00 | WinXP | 190.128.51.35 (-): EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P, MANIZALES, CALDAS, CO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | f30f279494 NEW |
none[none] | none:none |
none|none | none | none |
| 18:08:00 | WinXP | 67.10.111.76 (RR.COM): ROAD RUNNER HOLDCO LLC, EL PASO, TEXAS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:58 hits: 01-02 to 10-15] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:13:00 | Win2K-f | 64.130.149.215 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 283 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 32 of 36 34 of 36 |
b5919931fe [Firefox:853 hits: 06-20 to 10-15] dac70cc3b4 NEW e0ee54a7d1 NEW |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| 18:18:00 | WinXP | 118.6.30.148 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 18:20:00 | Win2K-f | 222.234.234.234 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn :lolika.cn :www.upononjob.cn :mulfika.cn 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http irc 113 lines |
Yeah : 1.8 profile |
none | summary tarball |
8 of 36 10 of 36 0 of 32 31 of 33 31 of 33 |
ac9e444ce0 [Firefox:11 hits: 10-13 to 10-15] b271fbb83d NEW b5919931fe [Firefox:853 hits: 06-20 to 10-15] b74e792974 [Firefox:13 hits: 06-18 to 10-15] f0e73c39a8 [Firefox:14 hits: 06-18 to 10-15] |
none[none] none [none] b5919931fe[1] b74e792974[1] none [4] |
none:none none:none ASM:Graph ASM:Graph none:none |
none|none none|none ASProtect| Armadillo| tElock| |
none none lines=90 lines=82 none |
none none trace trace trace |
| 18:23:00 | WinXP | 76.79.96.155 (RR.COM): ROAD RUNNER HOLDCO LLC, TAFT, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c9d2ab31c2 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:24:00 | WinXP | 76.79.96.155 (RR.COM): ROAD RUNNER HOLDCO LLC, TAFT, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c9d2ab31c2 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:30:00 | WinXP | 186.9.15.37 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 764e663a1c NEW |
none[none] | none:none |
none|none | none | none |
| T:18:37:00 | Win2K-f | 121.125.21.138 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:168 hits: 06-17 to 10-15] 4c3df24b32 [Firefox:222 hits: 06-17 to 10-18] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:48:00 | Win2K-f | 75.9.210.245 (SBCGLOBAL.NET): PPPOX POOL - RBACK6.CRCHTX, US. (DSL) |
115.126.2.121:65520 | :proxima.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:18:59:00 | WinXP | 74.62.103.126 (RR.COM): ROAD RUNNER HOLDCO LLC, APPLETON, WISCONSIN, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1c544ae06d [Firefox: 2 hits: 09-25 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 18:59:00 | WinXP | 74.62.103.126 (RR.COM): ROAD RUNNER HOLDCO LLC, APPLETON, WISCONSIN, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1c544ae06d [Firefox: 2 hits: 09-25 to 09-25] |
none[none] | none:none |
none|none | none | none |
| 19:04:00 | WinXP | 190.159.26.45 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 6 hits: 10-05 to 10-17] |
none[none] | none:none |
none|none | none | none |
| T:19:04:00 | WinXP | 204.193.216.186 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c198ee4e94 NEW |
none[none] | none:none |
none|none | none | none |
| 19:04:00 | WinXP | 204.193.216.186 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c198ee4e94 NEW |
none[none] | none:none |
none|none | none | none |
| 19:16:00 | WinXP | 122.52.21.103 (PLDT.NET): IPG, PH. |
115.126.2.121:65520 | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl |
135 | pcap | raw alerts ruleset |
http irc 144 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 33 |
16874933ea [Firefox:55 hits: 06-18 to 10-16] 76ee340669 [Firefox:55 hits: 06-18 to 10-16] e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
16874933ea [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| FSG| |
lines=82 none lines=92 |
trace trace trace |
| 19:19:00 | WinXP | 4.131.3.188 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CHICAGO, ILLINOIS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:474 hits: 12-31 to 10-17] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:19:22:00 | WinXP | 201.213.34.105 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 25d31b9561 NEW |
none[none] | none:none |
none|none | none | none |
| 19:48:00 | WinXP | 75.136.141.170 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c91dfdf79a NEW |
none[none] | none:none |
none|none | none | none |
| T:19:48:00 | WinXP | 75.136.141.170 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c91dfdf79a NEW |
none[none] | none:none |
none|none | none | none |
| T:19:54:00 | WinXP | 70.125.73.99 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:4.23.60.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:07:00 | Win2K-f | 4.174.178.17 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:13:00 | Win2K-f | 24.67.23.135 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 188 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 31 of 32 32 of 36 |
b5919931fe [Firefox:853 hits: 06-20 to 10-15] bca9e0fb5f [Firefox:36 hits: 06-18 to 10-12] be7ebc22fc NEW |
b5919931fe [1] none [4] none [none] |
ASM:Graph none:none none:none |
ASProtect| PolyEnE| none|none |
lines=90 none none |
trace trace none |
| T:20:17:00 | WinXP | 204.193.223.209 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:28 hits: 09-17 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 20:17:00 | WinXP | 204.193.223.209 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:28 hits: 09-17 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 20:33:00 | WinXP | 68.189.148.69 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 20:37:00 | Win2K-f | 70.184.240.103 (COX.NET): COX COMMUNICATIONS, FALLS CHURCH, VIRGINIA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 121 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 32 |
87e1117f2a [Firefox:15 hits: 07-18 to 10-09] b4fe4581c3 [Firefox:15 hits: 07-18 to 10-09] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 20:41:00 | WinXP | 186.9.45.78 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox: 6 hits: 10-05 to 10-17] |
none[none] | none:none |
none|none | none | none |
| T:20:41:00 | WinXP | 151.118.199.148 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 542616a8fe NEW |
none[none] | none:none |
none|none | none | none |
| 20:43:00 | WinXP | 151.118.199.148 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 542616a8fe NEW |
none[none] | none:none |
none|none | none | none |
| T:20:44:00 | WinXP | 85.84.101.104 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 3b75c2ccb8 NEW |
none[none] | none:none |
none|none | none | none |
| 20:56:00 | WinXP | 201.221.113.121 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1339 hits: 12-31 to 10-17] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:58:00 | Win2K-f | 75.16.250.116 (SBCGLOBAL.NET): PPPOX POOL - RBACK3.KNTPIN, EVANSVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] a08f3b74a4 [Firefox:1164 hits: 06-18 to 10-18] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:21:07:00 | WinXP | 122.30.173.239 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:479 hits: 01-05 to 10-16] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:21:17:00 | WinXP | 130.13.59.135 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:27:00 | Win2K-f | 24.79.249.21 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:16 hits: 09-12 to 10-15] 321f4fc27d [Firefox:16 hits: 09-12 to 10-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:37:00 | Win2K-f | 61.17.42.36 (ETH.NET): VIDESH SANCHAR NIGAM LTD - INDIA, TRIVANDRUM, KERALA, IN. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:37:00 | Win2K-f | 221.124.132.29 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | 625144cee4 NEW |
none[none] | none:none |
none|none | none | none | |
| T:21:38:00 | WinXP | 222.232.50.246 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 5daac7f4a5 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:39:00 | WinXP | 221.140.206.236 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ac749fdbd8 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:40:00 | Win2K-f | 24.85.101.134 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 21:40:00 | Win2K-f | 221.125.164.68 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox:10 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:21:42:00 | WinXP | 218.190.78.46 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 9852ec60d2 NEW |
none[none] | none:none |
none|none | none | none |
| 21:43:00 | Win2K-f | 123.18.59.139 (-): VIETNAM TELECOM NATIONAL (VTN), VN. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 36 | 895fc368ac NEW |
none[none] | none:none |
none|none | none | none |
| T:21:43:00 | Win2K-f | 218.50.227.76 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 [Firefox: 4 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 21:45:00 | WinXP | 58.229.154.93 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 40 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d [Firefox: 5 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 21:48:00 | WinXP | 123.214.135.8 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b [Firefox:11 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none |
| 21:48:00 | WinXP | 211.108.53.189 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | e5dab5f4ec NEW |
none[none] | none:none |
none|none | none | none |
| 21:51:00 | Win2K-f | 96.48.149.231 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:21:56:00 | Win2K-f | 86.218.91.11 (ABO.WANADOO.FR): IP2000-ADSL-BAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 35 | d142a982d2 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:22:00:00 | WinXP | 218.167.164.14 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1d988e57e4 [Firefox: 4 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| 22:01:00 | Win2K-f | 219.250.132.73 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 413c9ac28b [Firefox: 2 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:22:02:00 | Win2K-f | 58.236.2.9 (-): THRUNET-INFRA-INCHEON03, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 413c9ac28b [Firefox: 2 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:22:08:00 | WinXP | 59.113.167.96 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 34 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 | d142a982d2 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 22:12:00 | Win2K-f | 116.47.29.160 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:17:00 | WinXP | 119.154.27.93 (-): . |
n/a | :proxima.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4aa1077294 NEW |
none[none] | none:none |
none|none | none | none |
| 22:17:00 | WinXP | 58.226.18.79 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 9 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:22:18:00 | WinXP | 119.154.27.93 (-): . |
n/a | :proxima.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4aa1077294 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:23:00 | WinXP | 209.254.156.169 (MCLEODUSA.NET): MCLEODUSA INCORPORATED, SYRACUSE, NEW YORK, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 33 |
06d7142ced NEW 9a841bcc27 NEW e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 22:25:00 | WinXP | 24.189.30.113 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3240 hits: 06-17 to 10-17] 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] e07c29c4ae [Firefox:640 hits: 06-19 to 10-15] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:22:29:00 | WinXP | 58.233.18.182 (-): THRUNET-INFRA-SEOUL14, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 44ea4d3c7c [Firefox: 3 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:22:30:00 | Win2K-f | 4.168.78.66 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BREA, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 174 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1601 hits: 06-18 to 10-18] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 22:34:00 | WinXP | 211.25.135.159 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 1be9d03a2b [Firefox:10 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:22:34:00 | WinXP | 219.250.132.73 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 413c9ac28b [Firefox: 2 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:22:41:00 | Win2K-f | 218.235.133.148 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ead12a6c02 [Firefox: 2 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| 22:42:00 | Win2K-f | 121.52.130.35 (-): . |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | cf1247e1a1 NEW |
none[none] | none:none |
none|none | none | none |
| 22:43:00 | Win2K-f | 90.63.171.11 (STATIC-IP.OLEANE.FR): TELECOM, PARIS, ILE-DE-FRANCE, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 35 | d142a982d2 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 22:50:00 | Win2K-f | 88.173.232.224 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 9d31d168bd NEW |
none[none] | none:none |
none|none | none | none |
| T:22:50:00 | Win2K-f | 144.138.215.105 (TMNS.NET.AU): TELSTRAINTERNET31, CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 22:51:00 | WinXP | 221.124.96.195 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 625144cee4 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:58:00 | WinXP | 221.187.94.52 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox: 9 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:23:02:00 | WinXP | 82.242.21.8 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 28b1bbe949 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:03:00 | WinXP | 90.3.76.166 (ABO.WANADOO.FR): IP2000-ADSL-BAS, FR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 23:10:00 | Win2K-f | 203.67.240.166 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 32 |
29da5b359b [Firefox: 3 hits: 09-24 to 09-25] 677277c61d [Firefox: 3 hits: 09-24 to 09-25] b5919931fe [Firefox:853 hits: 06-20 to 10-15] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 23:13:00 | Win2K-f | 58.230.129.53 (-): THRUNET-INFRA-SEOUL02, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 | aa268ff3a9 [Firefox: 4 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:23:16:00 | Win2K-f | 78.96.224.139 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | f1a2a263ef NEW |
none[none] | none:none |
none|none | none | none | |
| 23:18:00 | WinXP | 211.176.210.193 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 89d021262b [Firefox:11 hits: 07-29 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:23:20:00 | WinXP | 68.151.226.127 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:166 hits: 01-03 to 10-17] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:21:00 | WinXP | 68.151.226.127 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:166 hits: 01-03 to 10-17] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:23:24:00 | WinXP | 211.211.197.126 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4e95e2659e NEW |
none[none] | none:none |
none|none | none | none |
| T:23:26:00 | WinXP | 211.236.132.72 (-): CJ CABLENET PUKINCHEON BROADCASTING CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | cc8840e4b7 NEW |
none[none] | none:none |
none|none | none | none |
| 23:27:00 | Win2K-f | 58.121.103.50 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | a537edc44b NEW |
none[none] | none:none |
none|none | none | none |
| 23:31:00 | Win2K-f | 211.207.90.182 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 99797e2b75 [Firefox: 3 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| 23:31:00 | WinXP | 78.96.224.139 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | f1a2a263ef NEW |
none[none] | none:none |
none|none | none | none |
| 23:41:00 | WinXP | 64.38.64.195 (SPEAKEASY.NET): US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad US:spi.domainsponsor.com GB:new.egg.com US:208.73.210.32:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:282 hits: 01-01 to 10-15] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:23:46:00 | Win2K-f | 96.48.149.231 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox: 2 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:23:47:00 | WinXP | 61.101.202.29 (KRLINE.NET): KRNIC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | a0866eeee3 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:54:00 | WinXP | 218.167.191.57 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ead12a6c02 [Firefox: 2 hits: 09-26 to 09-26] |
none[none] | none:none |
none|none | none | none |
| T:23:56:00 | Win2K-f | 118.218.21.111 (-): . |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:33 hits: 06-21 to 10-12] 58c343a8d8 [Firefox:37 hits: 06-21 to 10-12] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:23:57:00 | WinXP | 203.227.218.146 (-): LOTTE SHOPPING CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 3a322fdf34 NEW |
none[none] | none:none |
none|none | none | none |