|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:39:00 | WinXP | 220.109.17.141 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:497 hits: 01-05 to 10-26] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 00:45:00 | WinXP | 114.48.20.139 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | f24bd35aa7 [Firefox: 3 hits: 10-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 00:56:00 | Win2K-f | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 US:208.111.148.254:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:09:00 | WinXP | 91.144.96.229 (MEGATHERM.HU): ANTENNA TAVKOZLESI, BUDAPEST, BUDAPEST, HU. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5b3d36b84b [Firefox: 5 hits: 10-07 to 10-16] |
none[none] | none:none |
none|none | none | none |
| 01:17:00 | WinXP | 76.189.11.37 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTLAKE, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:01:21:00 | WinXP | 24.172.156.193 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, OHIO, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 2f981a2988 NEW |
none[none] | none:none |
none|none | none | none |
| 01:30:00 | Win2K-f | 203.91.183.110 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:32:00 | WinXP | 70.184.240.103 (COX.NET): COX COMMUNICATIONS, FALLS CHURCH, VIRGINIA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :fleshkatera.cn 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
irc http 131 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:23 hits: 07-18 to 10-26] b4fe4581c3 [Firefox:23 hits: 07-18 to 10-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:01:43:00 | WinXP | 217.249.50.58 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1387 hits: 12-31 to 10-26] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:43:00 | Win2K-f | 124.60.117.66 (-): POWERCOM, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http irc 105 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 0 of 32 32 of 36 |
58408136a4 [Firefox:21 hits: 06-28 to 10-05] b5919931fe [Firefox:955 hits: 06-20 to 10-26] d04f0daf40 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 01:57:00 | Win2K-f | 118.21.3.84 (-): . |
115.126.2.121:65520 | :proxima.ircgalaxy.pl :fleshkatera.cn 115.126.2.110:80 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:08:00 | Win2K-f | 65.27.194.90 (RR.COM): ROAD RUNNER HOLDCO LLC, CINCINNATI, OHIO, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:02:24:00 | WinXP | 79.163.161.197 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:10 hits: 10-21 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 02:35:00 | WinXP | 82.252.133.210 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 478e5ec8c0 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:47:00 | WinXP | 69.211.139.14 (AMERITECH.NET): PPPOX POOL - RBACK5 WOTNOH, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:04:00 | Win2K-f | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:25 hits: 06-18 to 10-25] 79c01ec060 [Firefox:57 hits: 06-18 to 10-26] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 03:22:00 | WinXP | 87.58.10.193 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 31b8bb70f7 [Firefox: 3 hits: 10-06 to 10-06] |
none[none] | none:none |
none|none | none | none |
| T:03:29:00 | Win2K-f | 122.146.80.28 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:29:00 | WinXP | 88.174.49.66 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d2548a0bf5 [Firefox: 5 hits: 10-03 to 10-20] |
none[none] | none:none |
none|none | none | none |
| T:03:35:00 | Win2K-f | 196.208.46.23 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
http 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 57ce4acac2 [Firefox:295 hits: 06-17 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 04:32:00 | WinXP | 119.72.46.112 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 36a475b4c7 NEW |
none[none] | none:none |
none|none | none | none |
| T:04:38:00 | WinXP | 82.208.134.229 (ASTRAL.RO): ASTRAL-CJ-DOCSIS, CLUJ-NAPOCA, CLUJ, RO. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eb4de67b7a NEW |
none[none] | none:none |
none|none | none | none |
| 04:56:00 | Win2K-f | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 57ce4acac2 [Firefox:295 hits: 06-17 to 10-26] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:04:00 | Win2K-f | 118.222.82.117 (-): . |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http irc 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 34 of 36 |
79aff12cdd NEW f789de6c3b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:06:00 | Win2K-f | 4.255.242.47 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 103 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:09:00 | WinXP | 125.101.83.144 (UCOM.NE.JP): G-KG0008N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:11:00 | WinXP | 79.163.235.57 (-): IDEA, PL. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 02ce2d42b8 NEW |
none[none] | none:none |
none|none | none | none |
| 05:21:00 | Win2K-f | 80.183.243.245 (POOL80183.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MONZA, LOMBARDIA, IT. |
115.126.2.121:65520 | 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:05:35:00 | WinXP | 117.96.148.24 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox: 4 hits: 10-10 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 05:36:00 | WinXP | 117.96.148.24 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox: 4 hits: 10-10 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:05:40:00 | Win2K-f | 24.76.172.201 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 32 |
0115338c8b [Firefox:23 hits: 09-12 to 10-25] 321f4fc27d [Firefox:23 hits: 09-12 to 10-25] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 05:44:00 | Win2K-f | 98.141.160.84 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 05:49:00 | Win2K-f | 172.129.60.250 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:35 hits: 07-03 to 10-25] c73f738c30 [Firefox:35 hits: 07-03 to 10-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:50:00 | WinXP | 83.213.134.114 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BASAURI, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:12 hits: 10-11 to 10-25] |
none[none] | none:none |
none|none | none | none |
| 05:53:00 | WinXP | 83.213.134.114 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, BASAURI, PAIS VASCO, ES. |
n/a | UA:citi-bank.ru :makemegood24.com :31176.makemegood24.com :aaakemegood24.com :perfectchoice1.com :313a8.perfectchoice1.com :bparfectchoice1.com DE:cash-ddt.net DE:36e7a.cash-ddt.net :ccaah-ddt.net :ddr-cash.net :40cae.ddr-cash.net :dddracash.net :trn-cash.net :4679f.trn-cash.net :etrn-aash.net :money-frn.net :479a1.money-frn.net :fmoneyafrn.net :clr-cash.net :4d4f0.clr-cash.net :galr-cash.net :xxxl-cash.net :52ff1.xxxl-cash.net :hxaxl-cash.net UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:12 hits: 10-11 to 10-25] |
none[none] | none:none |
none|none | none | none |
| 05:53:00 | Win2K-f | 122.146.240.37 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
23b8303ff2 NEW c2a32d549b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:17:00 | Win2K-f | 68.145.19.149 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
48b1b31d93 NEW 6bd53e0271 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:22:00 | Win2K-f | 116.127.167.226 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.53:80 US:208.111.173.54:80 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:174 hits: 06-17 to 10-26] 4c3df24b32 [Firefox:226 hits: 06-17 to 10-26] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:35:00 | WinXP | 118.231.13.53 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:12 hits: 10-11 to 10-25] |
none[none] | none:none |
none|none | none | none |
| T:06:40:00 | WinXP | 79.163.182.14 (-): IDEA, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:10 hits: 10-21 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:06:42:00 | WinXP | 92.41.205.209 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 none |
7452c8448d [Firefox:15 hits: 06-17 to 09-28] fd9b49840f [Firefox: 9 hits: 06-23 to 09-28] |
none[4] fd9b49840f[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 06:46:00 | WinXP | 118.218.21.111 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
irc http 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:35 hits: 06-21 to 10-20] 58c343a8d8 [Firefox:39 hits: 06-21 to 10-20] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 06:52:00 | WinXP | 81.9.238.253 (CM-81-9-237-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1387 hits: 12-31 to 10-26] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:53:00 | WinXP | 58.70.8.195 (EONET.NE.JP): K-OPTICOM CORPORATION, OSAKA, OSAKA, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:628 hits: 01-01 to 10-26] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:58:00 | WinXP | 122.17.82.225 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:628 hits: 01-01 to 10-26] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:09:00 | Win2K-f | 85.67.26.226 (-): FIBERNET, HU. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | b3ce57c019 [Firefox: 9 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 07:12:00 | Win2K-f | 88.108.98.137 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 36 | 13b148296b [Firefox: 8 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:07:13:00 | WinXP | 211.236.132.15 (-): CJ CABLENET PUKINCHEON BROADCASTING CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | cc8840e4b7 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:13:00 | Win2K-f | 61.230.136.116 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox:15 hits: 07-27 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:07:18:00 | WinXP | 218.237.133.89 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | :proxima.ircgalaxy.pl 115.126.2.121:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 5879bec008 NEW |
none[none] | none:none |
none|none | none | none |
| 07:19:00 | Win2K-f | 194.105.101.19 (CABLESURF.DE): KABELFERNSEHEN-MUENCHEN-NET, MUNICH, BAYERN, DE. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 36 | b724b621a2 [Firefox: 2 hits: 10-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:07:20:00 | WinXP | 218.39.105.200 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 99797e2b75 [Firefox: 8 hits: 09-26 to 10-22] |
none[none] | none:none |
none|none | none | none |
| 07:20:00 | WinXP | 82.235.155.192 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7f5b8c1070 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:21:00 | Win2K-f | 211.44.84.14 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
21 of 36 | d73bdf4a0e NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:22:00 | Win2K-f | 210.203.208.70 (HAKATA03.BBIQ.JP): KYUSHU TELECOMMUNICATION NETWORK CO. INC, FUKUOKA, FUKUOKA, JP. (DIAL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3a322fdf34 [Firefox: 7 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 07:23:00 | WinXP | 211.187.54.195 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | e5dab5f4ec [Firefox: 9 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 07:28:00 | Win2K-f | 212.186.75.184 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | 625144cee4 [Firefox: 7 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 07:35:00 | Win2K-f | 211.124.175.189 (ZAQ.NE.JP): HOKUSETSU CABLE NET CO. LTD, OSAKA, OSAKA, JP. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 36 | 9d5d0ad83c [Firefox: 3 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| T:07:37:00 | WinXP | 211.213.238.249 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | c50e298b27 NEW |
none[none] | none:none |
none|none | none | none |
| 07:38:00 | Win2K-f | 221.142.91.182 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 36 | 9d5d0ad83c [Firefox: 3 hits: 08-15 to 09-26] |
none[none] | none:none |
none|none | none | none | |
| 07:41:00 | Win2K-f | 211.117.22.153 (KRLINE.NET): KRNIC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 075fa70649 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:43:00 | WinXP | 74.211.3.49 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 07:43:00 | WinXP | 218.190.169.187 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | b5313a6f9a NEW |
none[none] | none:none |
none|none | none | none |
| 07:44:00 | WinXP | 88.31.96.235 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 918355cad9 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:47:00 | WinXP | 82.236.153.114 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | f8deb2b824 NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:50:00 | Win2K-f | 58.125.240.54 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 49c4551858 [Firefox: 3 hits: 10-22 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 08:00:00 | WinXP | 83.153.97.206 (PPP.TISCALI.FR): TELECOM ITALIA FRANCE BROADBAND POOLS, TOULON, POITOU-CHARENTES, FR. (DIAL) |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 | d142a982d2 [Firefox:12 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 08:03:00 | Win2K-f | 81.251.118.133 (ABO.WANADOO.FR): IP2000-ADSL-BAS, MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:06:00 | Win2K-f | 88.168.204.7 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | a67f84f2af NEW |
none[none] | none:none |
none|none | none | none |
| T:08:09:00 | Win2K-f | 116.45.63.7 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:09:00 | Win2K-f | 58.75.200.178 (-): DACOM CORPORATION, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 3a322fdf34 [Firefox: 7 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 08:13:00 | WinXP | 61.230.136.116 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 35 | 7377a34aeb [Firefox:15 hits: 07-27 to 08-18] |
none[none] | none:none |
none|none | none | none |
| T:08:14:00 | WinXP | 118.140.96.231 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox:19 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 08:14:00 | Win2K-f | 41.209.135.117 (DJEZZYVSAT.COM): AFRINIC, DZ. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:17:00 | Win2K-f | 84.112.111.225 (SURFER.AT): UPC TELEKABEL, VIENNA, WIEN, AT. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | 625144cee4 [Firefox: 7 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 08:36:00 | WinXP | 218.190.209.149 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 | aa268ff3a9 [Firefox:11 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:08:38:00 | WinXP | 78.97.223.254 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | e7801a316b [Firefox: 2 hits: 10-22 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:08:38:00 | WinXP | 195.116.178.94 (TPNET.PL): TPSA, PL. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1f8b36b823 NEW |
none[none] | none:none |
none|none | none | none |
| 08:39:00 | Win2K-f | 116.123.64.157 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
115.126.2.121:65520 | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http irc 94 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:174 hits: 06-17 to 10-26] 4c3df24b32 [Firefox:226 hits: 06-17 to 10-26] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:43:00 | WinXP | 118.140.96.231 (-): . |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 34 | e362f1c062 [Firefox:19 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:08:46:00 | WinXP | 217.245.100.124 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, BERLIN, BERLIN, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:181 hits: 01-08 to 10-26] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:08:55:00 | Win2K-f | 85.66.184.203 (BACS-NET.HU): FIBERNET COMMUNICATION CO, BUDAPEST, BUDAPEST, HU. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 | 0db664089d NEW |
none[none] | none:none |
none|none | none | none |
| 08:57:00 | Win2K-f | 60.248.45.145 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:01:00 | WinXP | 211.236.144.126 (-): CJ CABLENET PUKINCHEON BROADCASTING CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 28 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | c8e3f53f50 NEW |
none[none] | none:none |
none|none | none | none |
| 09:04:00 | Win2K-f | 211.236.132.15 (-): CJ CABLENET PUKINCHEON BROADCASTING CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | cc8840e4b7 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:06:00 | WinXP | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 5afa1bafe6 NEW |
none[none] | none:none |
none|none | none | none | |
| 09:09:00 | WinXP | 59.112.195.117 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2b52862acf NEW |
none[none] | none:none |
none|none | none | none |
| 09:13:00 | WinXP | 211.187.106.184 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 94156f67b0 [Firefox: 7 hits: 08-15 to 08-15] |
none[none] | none:none |
none|none | none | none |
| 09:14:00 | Win2K-f | 64.139.99.92 (NCIDATA.COM): NCI DATA.COM INC, BREWSTER, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.41.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:24:00 | WinXP | 85.152.218.177 (CM-85-152-232-10.TELECABLE.ES): TELECABLE, AVILES, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 3d727d55fa NEW |
none[none] | none:none |
none|none | none | none |
| T:09:25:00 | Win2K-f | 88.108.34.176 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 [Firefox:11 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 09:28:00 | WinXP | 80.218.99.229 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net SE:vancouver.dal.net SE:viking.dal.net :gaspode.zanet.org.za :flanders.be.eu.undernet.org SE:broadway.ny.us.dal.net NL:diemen.nl.eu.undernet.org AT:graz.at.eu.undernet.org :lulea.se.eu.undernet.org NL:london.uk.eu.undernet.org :caen.fr.eu.undernet.org SE:qis.md.us.dal.net :los-angeles.ca.us.undernet.org :brussels.be.eu.undernet.org :washington.dc.us.undernet.org SE:coins.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 217de26957 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:33:00 | WinXP | 59.39.191.211 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 5 hits: 10-11 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 09:34:00 | WinXP | 59.39.191.211 (163DATA.COM.CN): CHINANET GUANGDONG PROVINCE NETWORK, GUANGZHOU, GUANGDONG, CN. |
n/a | UA:citi-bank.ru :parex-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 5 hits: 10-11 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:09:39:00 | Win2K-f | 210.3.189.126 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 [Firefox:11 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 09:43:00 | Win2K-f | 70.182.83.78 (COX.NET): COX COMMUNICATIONS, MUSKOGEE, OKLAHOMA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:199.93.41.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
irc http 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:23 hits: 07-18 to 10-26] b4fe4581c3 [Firefox:23 hits: 07-18 to 10-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:44:00 | Win2K-f | 210.3.189.126 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 [Firefox:11 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:09:53:00 | WinXP | 218.190.209.149 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 34 | aa268ff3a9 [Firefox:11 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 10:00:00 | WinXP | 85.186.144.101 (-): ASTRAL MANGALIA CPE, RO. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 28b1bbe949 [Firefox: 9 hits: 10-20 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 10:04:00 | Win2K-f | 218.51.22.26 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d [Firefox:13 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 10:07:00 | Win2K-f | 89.137.116.46 (-): ASTRAL CLUJ-NAPOCA DOCSIS NETWORK, CLUJ-NAPOCA, CLUJ, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 918355cad9 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:10:00 | WinXP | 217.43.91.36 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:485 hits: 12-31 to 10-26] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:12:00 | Win2K-f | 116.44.48.137 (-): LG POWERCOMM, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:17:00 | WinXP | 218.49.54.94 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | ea39b7911d [Firefox:13 hits: 08-15 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 10:20:00 | WinXP | 79.163.208.54 (-): IDEA, PL. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:10 hits: 10-21 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:10:23:00 | WinXP | 71.131.139.234 (-): VALLEY FOOD INC, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:10:27:00 | WinXP | 212.10.119.190 (REV.STOFANET.DK): TELIA STOFA A/S, COPENHAGEN, COPENHAGEN, DK. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | a283ef2819 NEW |
none[none] | none:none |
none|none | none | none |
| 10:33:00 | WinXP | 77.76.180.122 (-): OPTILINK, BG. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 01-03 to 10-26] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:37:00 | Win2K-f | 70.169.50.24 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:38:00 | Win2K-f | 85.186.115.191 (-): ASTRAL MANGALIA DOCSIS, RO. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 36 | 625144cee4 [Firefox: 7 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 10:48:00 | WinXP | 170.51.203.74 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :fleshkatera.cn 115.126.2.110:80 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http irc 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f17f896658 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:50:00 | WinXP | 77.254.206.249 (COM.PL): NETIA, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 2881209768 [Firefox: 5 hits: 10-22 to 10-25] |
none[none] | none:none |
none|none | none | none |
| 10:51:00 | WinXP | 117.99.10.54 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 01-03 to 10-26] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:55:00 | Win2K-f | 211.236.144.126 (-): CJ CABLENET PUKINCHEON BROADCASTING CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | c8e3f53f50 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:05:00 | WinXP | 89.137.250.56 (-): ASTRAL FOCSANI DOCSIS NETWORK, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 3eeb212cb1 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:07:00 | WinXP | 83.97.249.84 (CM-83-97-244-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 08e06898c8 NEW |
none[none] | none:none |
none|none | none | none |
| 11:07:00 | WinXP | 61.192.32.66 (ZAQ.NE.JP): J-COM KANSAI CO. LTD, TOKYO, TOKYO, JP. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 13b148296b [Firefox: 8 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 11:07:00 | Win2K-f | 64.139.115.69 (NCIDATA.COM): NCI DATA.COM INC, SAN JOSE, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:09:00 | Win2K-f | 211.208.142.103 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ead12a6c02 [Firefox: 9 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 11:13:00 | WinXP | 89.137.250.56 (-): ASTRAL FOCSANI DOCSIS NETWORK, RO. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 3eeb212cb1 NEW |
none[none] | none:none |
none|none | none | none |
| 11:16:00 | Win2K-f | 88.108.34.176 (AS9105.COM): TISCALI UK LTD, LONDON, ENGLAND, UK. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | ea38ae2cb2 [Firefox:11 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:11:17:00 | WinXP | 78.55.211.208 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 8ee3657541 NEW |
none[none] | none:none |
none|none | none | none |
| 11:41:00 | WinXP | 24.70.51.184 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 11:41:00 | WinXP | 70.183.164.236 (COX.NET): COX COMMUNICATIONS, WARWICK, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:11:47:00 | Win2K-f | 79.175.203.20 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f9fbdd5ce8 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:50:00 | WinXP | 222.236.26.182 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 0 of 33 |
6a03998904 NEW 90f17779a7 NEW e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 11:51:00 | WinXP | 79.163.190.253 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:10 hits: 10-21 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:12:17:00 | WinXP | 75.83.195.46 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:48 hits: 01-02 to 10-22] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 12:17:00 | Win2K-f | 70.169.50.24 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:19:00 | WinXP | 190.188.137.71 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6405484e84 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | WinXP | 190.188.137.71 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6405484e84 NEW |
none[none] | none:none |
none|none | none | none |
| 12:20:00 | WinXP | 186.9.108.104 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cce8ebff69 NEW |
none[none] | none:none |
none|none | none | none |
| 12:24:00 | WinXP | 24.163.69.156 (RR.COM): ROAD RUNNER HOLDCO LLC, ALBEMARLE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:497 hits: 01-05 to 10-26] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:12:25:00 | WinXP | 24.172.156.193 (RR.COM): ROAD RUNNER HOLDCO LLC, TROY, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2f981a2988 NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:35:00 | WinXP | 81.198.232.109 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 985b9b9708 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:36:00 | WinXP | 190.157.45.86 (CABLE.NET.CO): TV CABLE S.A, CO. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 [Firefox:48 hits: 01-02 to 10-22] |
ae590430c5 [0] | ASM:Graph |
PolyEnE| | lines=63 | trace |
| 12:46:00 | WinXP | 83.213.253.206 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, BERGARA, PAIS VASCO, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox: 4 hits: 10-10 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:12:46:00 | WinXP | 80.199.42.47 (ADSL-FIXED.TELE.DK): TDC-INTERNET-STATIC-ASSIGNED-IP, COPENHAGEN, COPENHAGEN, DK. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:287 hits: 01-01 to 10-26] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 13:02:00 | WinXP | 96.10.207.159 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1387 hits: 12-31 to 10-26] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:12:00 | WinXP | 88.180.243.106 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:25 hits: 10-03 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:13:13:00 | WinXP | 88.180.243.106 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:25 hits: 10-03 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:13:23:00 | WinXP | 24.67.60.251 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1387 hits: 12-31 to 10-26] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:23:00 | Win2K-f | 118.140.160.231 (-): . |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 36 | fcb6426ef8 NEW |
none[none] | none:none |
none|none | none | none | |
| 13:27:00 | WinXP | 87.247.67.88 (-): MIKROVISATA, LT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 4c934f9489 [Firefox:10 hits: 10-07 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:13:27:00 | WinXP | 87.247.67.88 (-): MIKROVISATA, LT. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 4c934f9489 [Firefox:10 hits: 10-07 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 13:28:00 | WinXP | 79.163.27.160 (-): IDEA, PL. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8988e13dc6 [Firefox: 3 hits: 10-25 to 10-25] |
none[none] | none:none |
none|none | none | none | |
| 13:32:00 | WinXP | 203.91.186.214 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] b7082104e4 [Firefox:231 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:13:54:00 | WinXP | 78.84.153.178 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:485 hits: 12-31 to 10-26] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:59:00 | WinXP | 93.102.23.219 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | da3d5fd705 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:07:00 | WinXP | 41.214.164.34 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1387 hits: 12-31 to 10-26] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:11:00 | WinXP | 70.184.179.15 (COX.NET): COX COMMUNICATIONS, VIRGINIA BEACH, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | fcd4bae1af NEW |
none[none] | none:none |
none|none | none | none |
| T:14:13:00 | WinXP | 217.203.137.185 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 97afa4f2dc [Firefox: 3 hits: 10-11 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:14:15:00 | WinXP | 190.5.194.38 (UNICAUCA.EDU.CO): EMTEL S.A. E.S.P, POPAYAN, CAUCA, CO. |
n/a | RU:moscow-advokat.ru AT:graz.at.eu.undernet.org NL:diemen.nl.eu.undernet.org :washington.dc.us.undernet.org :gaspode.zanet.org.za SE:coins.dal.net :caen.fr.eu.undernet.org SE:ced.dal.net SE:viking.dal.net US:lia.zanet.net :los-angeles.ca.us.undernet.org :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 6405484e84 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:22:00 | WinXP | 72.174.154.149 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox: 4 hits: 10-14 to 10-22] |
none[none] | none:none |
none|none | none | none |
| 14:22:00 | WinXP | 72.174.154.149 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox: 4 hits: 10-14 to 10-22] |
none[none] | none:none |
none|none | none | none | |
| T:14:30:00 | WinXP | 86.7.170.20 (NTL.COM): NTL INFRASTRUCTURE - BROMLEY, WARRINGTON, ENGLAND, UK. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | dd02947289 [Firefox: 4 hits: 02-23 to 08-14] |
62b3e97bda [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:39:00 | WinXP | 67.11.54.55 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:788 hits: 12-31 to 10-26] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:51:00 | WinXP | 61.220.116.19 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.115:80 US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
cfcb83b235 NEW d73359368b NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:14:59:00 | WinXP | 82.225.194.97 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 75347e3aaf [Firefox:11 hits: 10-11 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 15:01:00 | Win2K-f | 203.88.178.73 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | :xx.nadnadzz.info CA:xx.ka3ek.com CA:zonetech.info CA:ns.ircstyle.net :lb.lebanonbot.com US:130.107.157.100:50003 |
135 | pcap | raw alerts ruleset |
irc http 322 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 22 of 36 21 of 36 10 of 36 28 of 32 |
0635f8d411 [Firefox: 2 hits: 10-25 to 10-25] 1868867d02 [Firefox: 5 hits: 09-29 to 10-25] 3e01fb69e1 [Firefox: 6 hits: 09-29 to 10-25] c025f08a76 [Firefox: 9 hits: 09-15 to 10-25] fabac7d8c8 NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:15:11:00 | WinXP | 151.20.68.92 (20-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, MILANO, LOMBARDIA, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 1d30b5c4c3 NEW |
none[none] | none:none |
none|none | none | none | |
| 15:13:00 | Win2K-f | 118.236.214.163 (-): . |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | f12583a6d2 [Firefox:113 hits: 07-13 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:15:28:00 | Win2K-f | 68.189.148.69 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:30:00 | Win2K-f | 211.187.54.195 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | e5dab5f4ec [Firefox: 9 hits: 09-26 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 15:54:00 | WinXP | 208.127.249.209 (DSLEXTREME.COM): DSL EXTREME, WINNETKA, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:181 hits: 01-08 to 10-26] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:16:03:00 | WinXP | 24.76.233.129 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 7e86aea473 NEW |
none[none] | none:none |
none|none | none | none |
| 16:14:00 | WinXP | 82.252.206.80 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:14:00 | WinXP | 82.252.206.80 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | eb8c4aea78 NEW |
none[none] | none:none |
none|none | none | none |
| 16:15:00 | WinXP | 24.80.99.70 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:23 hits: 09-12 to 10-25] 321f4fc27d [Firefox:23 hits: 09-12 to 10-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:42:00 | Win2K-f | 71.64.27.202 (RR.COM): ROAD RUNNER HOLDCO LLC, GROVE CITY, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:47:00 | WinXP | 67.237.53.86 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 16:51:00 | Win2K-f | 208.68.116.223 (LCOM.NET): LIBERTY COMMUNICATIONS, WEST BRANCH, IOWA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:192.221.99.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:55:00 | WinXP | 89.195.134.18 (-): ORANGE, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 491fef3335 NEW |
none[none] | none:none |
none|none | none | none |
| 17:05:00 | WinXP | 66.153.211.73 (SCCOAST.NET): HTC - CABLE MODEM POOL, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:09:00 | WinXP | 90.177.40.115 (IOL.CZ): CESKY TELECOM A.S, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 26 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 [Firefox:23 hits: 08-01 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| T:17:12:00 | WinXP | 222.184.240.58 (-): NANTONG-RG-CARVEOUTGARDEN-CORP, NANJING, JIANGSU, CN. (100Mbps) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c04c529eb5 NEW |
none[none] | none:none |
none|none | none | none |
| 17:17:00 | Win2K-f | 12.70.209.19 (PRSERV.NET): AT&T GLOBAL SERVICES, CHICAGO, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.153.231:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:20:00 | WinXP | 189.126.20.20 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | caa5203f89 NEW |
none[none] | none:none |
none|none | none | none |
| 17:24:00 | WinXP | 201.82.231.236 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 01-03 to 10-26] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:25:00 | Win2K-f | 90.177.40.115 (IOL.CZ): CESKY TELECOM A.S, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 [Firefox:23 hits: 08-01 to 10-26] |
none[none] | none:none |
none|none | none | none | |
| 17:36:00 | WinXP | 190.5.192.140 (EMTEL.NET.CO): EMTEL S.A. E.S.P, CO. |
n/a | RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 6405484e84 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:36:00 | WinXP | 190.5.192.140 (EMTEL.NET.CO): EMTEL S.A. E.S.P, CO. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6405484e84 NEW |
none[none] | none:none |
none|none | none | none |
| 17:54:00 | WinXP | 98.174.80.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:07:00 | Win2K-f | 98.140.228.220 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:15:00 | WinXP | 70.60.10.186 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:18:30:00 | WinXP | 59.103.90.233 (-): . |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4ed031d88c [Firefox: 7 hits: 10-20 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 18:32:00 | Win2K-f | 212.10.119.190 (REV.STOFANET.DK): TELIA STOFA A/S, COPENHAGEN, COPENHAGEN, DK. |
63.173.172.98:6668 | 139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | a283ef2819 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:35:00 | WinXP | 24.84.211.155 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 603 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 3 hits: 10-06 to 10-15] |
none[none] | none:none |
none|none | none | none | |
| T:18:53:00 | WinXP | 63.246.122.90 (SPEAKEASY.NET): US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:58:00 | WinXP | 92.40.15.38 (IKBCC.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:27 hits: 10-08 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 18:59:00 | WinXP | 186.9.49.103 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:08:00 | WinXP | 122.26.137.111 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:497 hits: 01-05 to 10-26] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 19:36:00 | Win2K-f | 68.147.151.75 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 564 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 09de8c3713 NEW |
none[none] | none:none |
none|none | none | none | |
| 19:41:00 | WinXP | 186.9.87.55 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:44:00 | WinXP | 75.138.113.33 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c3e3fb2336 [Firefox: 2 hits: 10-14 to 10-17] |
none[none] | none:none |
none|none | none | none |
| T:19:44:00 | WinXP | 75.138.113.33 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c3e3fb2336 [Firefox: 2 hits: 10-14 to 10-17] |
none[none] | none:none |
none|none | none | none |
| T:19:56:00 | WinXP | 220.130.83.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 0 of 33 |
57ce4acac2 [Firefox:295 hits: 06-17 to 10-26] 83f26f5044 [Firefox:32 hits: 06-20 to 10-24] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
57ce4acac2 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| 19:56:00 | WinXP | 4.178.186.77 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, VANCOUVER, WASHINGTON, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 121 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 20:04:00 | WinXP | 68.119.201.107 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:21 hits: 10-01 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 20:08:00 | Win2K-f | 98.140.249.72 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:14:00 | WinXP | 119.95.227.24 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:33 hits: 10-05 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 20:15:00 | WinXP | 173.16.128.165 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] b7082104e4 [Firefox:231 hits: 06-18 to 10-26] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| 20:24:00 | WinXP | 209.239.21.8 (EXECULINK.COM): EXECULINK INTERNET SERVICES CORPORATION, LONDON, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 112 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 31 of 35 0 of 33 |
039e3fa376 [Firefox:11 hits: 07-24 to 10-14] 76f2c59ef8 [Firefox:11 hits: 07-24 to 10-14] e07c29c4ae [Firefox:717 hits: 06-19 to 10-26] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 20:31:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.137:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:36:00 | WinXP | 80.30.144.98 (CAMPUSPARTY06.NET): TELEFONICA DE ESPANA (NCC#2007050901), ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 01-03 to 10-26] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:46:00 | Win2K-f | 196.211.13.4 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 152 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] b5919931fe [Firefox:955 hits: 06-20 to 10-26] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 20:49:00 | WinXP | 64.150.147.110 (SCCOAST.NET): HTC COMMUNICATIONS LLC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:15:00 | WinXP | 70.64.3.230 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 09b95b77d7 NEW |
none[none] | none:none |
none|none | none | none |
| 21:18:00 | WinXP | 71.131.139.132 (SBCGLOBAL.NET): DOMINO'S PIZZA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 US:208.111.148.115:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:28:00 | WinXP | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 164 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 29ae13a587 [Firefox: 3 hits: 10-02 to 10-14] |
none[none] | none:none |
none|none | none | none | |
| T:21:30:00 | Win2K-f | 96.247.59.250 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] a08f3b74a4 [Firefox:1228 hits: 06-18 to 10-26] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:50:00 | WinXP | 8.15.176.211 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox: 4 hits: 10-10 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:21:50:00 | WinXP | 8.15.176.211 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox: 4 hits: 10-10 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 21:52:00 | WinXP | 90.151.128.121 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:61 hits: 01-02 to 10-25] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:52:00 | WinXP | 90.151.128.121 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:61 hits: 01-02 to 10-25] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:18:00 | WinXP | 70.60.10.186 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.15:80 US:208.111.148.23:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:39:00 | Win2K-f | 60.249.205.93 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.23:80 US:208.111.148.50:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
7ca2287333 [Firefox: 3 hits: 10-03 to 10-24] 95ccd6eb89 [Firefox: 3 hits: 10-03 to 10-24] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:50:00 | WinXP | 76.200.157.226 (SBCGLOBAL.NET): BRAS44.PLTNCA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:181 hits: 01-08 to 10-26] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 22:50:00 | WinXP | 96.48.149.231 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:80 US:192.221.99.124:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 27 of 32 |
b4397cd867 [Firefox: 4 hits: 09-14 to 10-22] b455f223d6 [Firefox: 5 hits: 06-20 to 10-22] |
none[none] b455f223d6[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
| 23:25:00 | WinXP | 72.251.93.129 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:26 hits: 02-16 to 10-25] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:23:25:00 | WinXP | 72.251.93.129 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:26 hits: 02-16 to 10-25] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 23:26:00 | WinXP | 123.204.113.193 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b1c85cee4b NEW |
none[none] | none:none |
none|none | none | none |
| T:23:26:00 | WinXP | 123.204.113.193 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b1c85cee4b NEW |
none[none] | none:none |
none|none | none | none |
| T:23:36:00 | WinXP | 117.99.46.30 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | eec7cce07c [Firefox:12 hits: 08-15 to 10-11] |
none[none] | none:none |
none|none | none | none |
| 23:43:00 | WinXP | 92.124.61.127 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:26 hits: 02-16 to 10-25] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 23:50:00 | WinXP | 4.163.172.235 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CLEARFIELD, UTAH, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.54:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 36 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] b7082104e4 [Firefox:231 hits: 06-18 to 10-26] e69e8f5dd8 NEW |
none[4] none [4] none [none] |
none:none none:none none:none |
tElock| tElock| none|none |
none none none |
trace trace none |
| T:23:54:00 | Win2K-f | 90.14.225.165 (ABO.WANADOO.FR): IP2000-ADSL-BAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
22 of 33 | 89953ae602 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:54:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 36 |
53bfe15e91 [Firefox:3437 hits: 06-17 to 10-26] 73f1082158 [Firefox:1705 hits: 06-18 to 10-26] 956cca27e8 NEW |
none[4] 73f1082158[1] none [none] |
none:none ASM:Graph none:none |
tElock| Armadillo| none|none |
none lines=81 none |
trace trace none |