|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:17:00 | WinXP | 204.193.216.213 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:40 hits: 09-17 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 00:34:00 | Win2K-f | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com |
135 | pcap | raw alerts ruleset |
irc http 322 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 36 25 of 36 33 of 36 |
188a76e028 NEW 2738d752a2 NEW 29ae13a587 [Firefox: 4 hits: 10-02 to 10-27] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 00:37:00 | Win2K-f | 70.168.15.160 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:38:00 | Win2K-f | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:43:00 | WinXP | 213.55.68.160 (TELECOM.NET.ET): ETHIOPIAN TELECOMMUNICATION CORPORATION, ADDIS ABABA, ADDIS ABABA, ET. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:38 hits: 10-05 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 01:02:00 | Win2K-f | 70.60.10.186 (RR.COM): ROAD RUNNER HOLDCO LLC, NASHPORT, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:205.128.70.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:04:00 | WinXP | 124.100.74.185 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:504 hits: 01-05 to 10-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 01:38:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.47:80 US:208.111.173.49:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:39:00 | Win2K-f | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 57ce4acac2 [Firefox:310 hits: 06-17 to 10-29] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:39:00 | WinXP | 24.66.232.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 02:03:00 | WinXP | 62.183.97.243 (-): JOINT STOCK COMPANY ELECTROSVYAZ OF ADYGHEIA REPUBLIC, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:597 hits: 01-01 to 10-29] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:02:04:00 | Win2K-f | 211.26.48.97 (IPRIMUS.NET.AU): PRIMUS TELECOMMUNICATIONS, ADELAIDE, SOUTH AUSTRALIA, AU. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com US:dl2.bundlext.com US:b152.bundlext.com US:b155.bundlext.com US:206.251.244.252:8080 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
irc http 145 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 23 of 36 25 of 36 10 of 36 33 of 36 18 of 36 0 of 32 |
00044c5c27 NEW 188a76e028 NEW 2738d752a2 NEW 66f6cc6757 NEW 6ebc9b27e1 NEW a34161aabf NEW b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[none] none [none] none [none] none [none] none [none] none [none] b5919931fe[1] |
none:none none:none none:none none:none none:none none:none ASM:Graph |
none|none none|none none|none none|none none|none none|none ASProtect| |
none none none none none none lines=90 |
none none none none none none trace |
| 02:17:00 | Win2K-f | 24.78.183.119 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:26:00 | Win2K-f | 91.144.141.154 (KAZANDOM.RU): ZAO CENTER-TELECOM KAZAN ADDRESS SPACE, KAZAN, TATARSTAN, RU. |
n/a | US:b157.bundlext.com US:www.speed-runner.com US:b158.bundlext.com :randomnewnames.com |
445 | pcap | raw alerts ruleset |
http http http http 200 lines |
Argh : 0.3 profile |
none | summary tarball |
21 of 36 20 of 35 21 of 33 4 of 35 |
1616ef5e30 NEW 359786c558 NEW 7b1de9d82d [Firefox: 5 hits: 06-28 to 09-29] e2d129f055 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 02:29:00 | Win2K-f | 24.166.51.15 (RR.COM): ROAD RUNNER HOLDCO LLC, CUYAHOGA FALLS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:30:00 | WinXP | 84.72.152.60 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:34 hits: 10-08 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:02:51:00 | WinXP | 212.152.96.244 (-): TIM HELLAS TELECOMMUNICATIONS S.A, GR. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 703ad78900 [Firefox: 4 hits: 10-22 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:02:57:00 | Win2K-f | 90.150.211.9 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
n/a | US:csx.adservs.com :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.153.236:80 |
445 | pcap | raw alerts ruleset |
http 5 lines |
Argh : 0.3 profile |
none | summary tarball |
25 of 36 | 4505c91fc2 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:08:00 | WinXP | 87.58.10.193 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | 445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:10:00 | Win2K-f | 218.53.157.76 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.16:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:40 hits: 06-20 to 10-08] 9276c8b36b [Firefox:40 hits: 06-20 to 10-08] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:16:00 | WinXP | 92.47.136.225 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:38 hits: 10-05 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:03:20:00 | WinXP | 83.248.55.232 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, GöTEBORG, VASTRA GOTALAND, SE. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | e50d19ea22 [Firefox: 2 hits: 10-21 to 10-22] |
none[none] | none:none |
none|none | none | none |
| T:03:35:00 | WinXP | 190.226.92.26 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 30b1c8ae06 NEW |
none[none] | none:none |
none|none | none | none |
| 03:48:00 | Win2K-f | 218.220.174.202 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, TOYONAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 | fbacdd87c0 [Firefox: 3 hits: 06-06 to 07-07] |
none[4] | none:none |
none|none | none | trace | |
| 04:02:00 | WinXP | 193.248.21.248 (ABO.WANADOO.FR): WANADOO FRANCE, CAEN, BASSE-NORMANDIE, FR. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad US:208.73.210.121:80 |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:290 hits: 01-01 to 10-29] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:04:20:00 | WinXP | 4.154.222.123 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WORCESTER, MASSACHUSETTS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:504 hits: 01-05 to 10-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:04:42:00 | WinXP | 151.20.71.86 (20-151.LIBERO.IT): FREE INTERNET DIAL-UP SERVICES, MILANO, LOMBARDIA, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:504 hits: 01-05 to 10-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 04:45:00 | WinXP | 59.133.219.180 (DION.NE.JP): DION (KDDI CORPORATION), NAGASAKI, NAGASAKI, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:490 hits: 12-31 to 10-29] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:48:00 | WinXP | 80.218.96.178 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 217de26957 NEW |
none[none] | none:none |
none|none | none | none |
| 04:48:00 | WinXP | 80.218.96.178 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 217de26957 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:03:00 | WinXP | 93.120.129.4 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:19:00 | WinXP | 89.195.64.132 (-): ORANGE, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7f95550815 NEW |
none[none] | none:none |
none|none | none | none |
| 05:20:00 | WinXP | 85.85.93.223 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d5d8fb9d19 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:21:00 | WinXP | 85.85.93.223 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d5d8fb9d19 NEW |
none[none] | none:none |
none|none | none | none |
| 05:21:00 | WinXP | 78.227.136.213 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :lulea.se.eu.undernet.org :washington.dc.us.undernet.org SE:qis.md.us.dal.net SE:viking.dal.net US:lia.zanet.net 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 348149f9f6 NEW |
none[none] | none:none |
none|none | none | none |
| 05:25:00 | WinXP | 65.24.209.12 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. (DSL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:597 hits: 01-01 to 10-29] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:05:40:00 | WinXP | 114.48.1.68 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 64d359864b [Firefox: 2 hits: 10-20 to 10-21] |
none[none] | none:none |
none|none | none | none | |
| 05:46:00 | Win2K-f | 218.225.205.96 (WAKWAK.NE.JP): NTT-ME CORPORATION, TOKYO, TOKYO, JP. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.45:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
4a455e4dc6 NEW 878e9ae116 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:53:00 | WinXP | 122.16.163.85 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:636 hits: 01-01 to 10-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:03:00 | WinXP | 24.164.52.233 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:03:00 | Win2K-f | 130.234.201.155 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
17 of 36 | f36f19b885 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:03:00 | WinXP | 24.164.52.233 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:04:00 | WinXP | 130.234.201.155 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
17 of 36 | f36f19b885 NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:28:00 | WinXP | 98.175.24.80 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:29:00 | WinXP | 98.173.193.183 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.50:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:58:00 | WinXP | 77.49.37.75 (FORTHNET.GR): ADSL-CUSTOMERS-KLN, THESSALONIKI, THESSALONIKI, GR. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:10:00 | Win2K-f | 116.127.167.226 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
168aab35a3 [Firefox:178 hits: 06-17 to 10-29] 4c3df24b32 [Firefox:231 hits: 06-17 to 10-28] |
none[4] 4c3df24b32[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:24:00 | Win2K-f | 124.195.156.223 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:07:29:00 | WinXP | 69.85.116.52 (SPEAKEASY.NET): US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:45:00 | WinXP | 210.209.243.68 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 449 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 34 | 5116dffa5e NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:49:00 | Win2K-f | 98.141.161.158 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:07:53:00 | WinXP | 84.74.12.76 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 42c101571e NEW |
none[none] | none:none |
none|none | none | none |
| T:08:05:00 | WinXP | 190.226.8.174 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:08:00 | WinXP | 130.13.105.2 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | a816277ffd NEW |
none[none] | none:none |
none|none | none | none |
| T:08:10:00 | Win2K-f | 130.13.105.2 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | a816277ffd NEW |
none[none] | none:none |
none|none | none | none |
| 08:13:00 | WinXP | 76.78.94.95 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:38 hits: 10-05 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:08:14:00 | WinXP | 76.78.94.95 (APOGEENET.NET): APOGEE TELECOM INC, AUSTIN, TEXAS, US. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:38 hits: 10-05 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 08:14:00 | Win2K-f | 116.126.163.71 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
9d571adc3c [Firefox: 8 hits: 07-04 to 10-22] a704164588 [Firefox:10 hits: 07-04 to 10-22] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:17:00 | WinXP | 99.140.143.200 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:24:00 | WinXP | 67.150.170.67 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com GB:welcome3.smile.co.uk :wpad DE:ebookfinaltrash.ru GB:195.92.84.198:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 35 | 452313e1c7 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:28:00 | Win2K-f | 98.175.167.206 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:37:00 | Win2K-f | 70.64.8.16 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 32 |
2e43dc0077 [Firefox: 9 hits: 10-01 to 10-14] 3fd58319f0 NEW b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:08:38:00 | WinXP | 130.13.220.208 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:39:00 | WinXP | 130.13.220.208 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| 08:44:00 | WinXP | 85.122.69.210 (RNC.RO): RNC, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:192 hits: 01-03 to 10-29] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:02:00 | WinXP | 130.234.185.195 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
17 of 36 | f36f19b885 NEW |
none[none] | none:none |
none|none | none | none | |
| T:09:13:00 | Win2K-f | 75.34.107.250 (SBCGLOBAL.NET): MOHSEN KHAZIRI DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] b7082104e4 [Firefox:238 hits: 06-18 to 10-29] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 09:16:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 0 of 32 |
4ca3056804 [Firefox: 8 hits: 06-18 to 10-26] 53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
4ca3056804 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:09:30:00 | WinXP | 124.195.153.195 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.247:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:31:00 | WinXP | 151.32.77.194 (14-151.IOL.IT): ITALIA ONLINE S.P.A, IT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | 81d4831a55 NEW |
none[none] | none:none |
none|none | none | none | |
| 09:38:00 | WinXP | 80.199.42.47 (ADSL-FIXED.TELE.DK): TDC-INTERNET-STATIC-ASSIGNED-IP, COPENHAGEN, COPENHAGEN, DK. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:26 hits: 01-20 to 10-14] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:39:00 | Win2K-f | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:40:00 | WinXP | 24.207.44.45 (DCCNET.COM): DELTA DCCNET HIGH SPEED INTERNET, DELTA, BRITISH COLUMBIA, CA. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 71a8c0f10b NEW |
none[none] | none:none |
none|none | none | none |
| 09:41:00 | WinXP | 86.155.87.112 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:636 hits: 01-01 to 10-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:41:00 | WinXP | 203.136.76.19 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:490 hits: 12-31 to 10-29] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:49:00 | WinXP | 89.195.202.214 (-): ORANGE, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru :parex-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 491fef3335 [Firefox: 5 hits: 10-26 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:09:52:00 | WinXP | 89.201.114.16 (-): BALTKOM, LV. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 NEW |
none[none] | none:none |
none|none | none | none |
| 10:02:00 | WinXP | 79.33.153.220 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:10:00 | WinXP | 69.239.147.17 (SBCGLOBAL.NET): PPPOX POOL - BRAS1.RENOCS, RENO, NEVADA, US. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:145 hits: 01-01 to 10-22] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 10:17:00 | WinXP | 89.232.231.162 (ISURGUT.RU): SHOPPING CENTER-OFFICE OBSKOY IN NIZHNEVARTOVSK RUSSIA, RU. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:17:00 | WinXP | 89.232.231.162 (ISURGUT.RU): SHOPPING CENTER-OFFICE OBSKOY IN NIZHNEVARTOVSK RUSSIA, RU. (DIAL) |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org NL:diemen.nl.eu.undernet.org :washington.dc.us.undernet.org AT:graz.at.eu.undernet.org SE:broadway.ny.us.dal.net SE:vancouver.dal.net SE:qis.md.us.dal.net :lulea.se.eu.undernet.org SE:ozbytes.dal.net SE:ced.dal.net SE:coins.dal.net :gaspode.zanet.org.za RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:21:00 | WinXP | 24.80.167.73 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 602 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 4 hits: 10-06 to 10-27] |
none[none] | none:none |
none|none | none | none | |
| 10:34:00 | WinXP | 117.99.10.147 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2dab138760 NEW |
none[none] | none:none |
none|none | none | none |
| 10:38:00 | WinXP | 79.121.52.23 (-): PORION-DIGITAL KFT, HU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | af4201ff14 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:38:00 | WinXP | 79.121.52.23 (-): PORION-DIGITAL KFT, HU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | af4201ff14 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:43:00 | WinXP | 69.85.120.133 (SPEAKEASY.NET): US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:49:00 | WinXP | 76.93.253.28 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:55:00 | WinXP | 99.145.139.139 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.70.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] b7082104e4 [Firefox:238 hits: 06-18 to 10-29] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 11:00:00 | Win2K-f | 66.88.98.162 (XO.NET): XO COMMUNICATIONS, HOLLYWOOD, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:11:11:00 | WinXP | 79.163.218.86 (-): IDEA, PL. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 02ce2d42b8 NEW |
none[none] | none:none |
none|none | none | none |
| 11:14:00 | WinXP | 86.129.244.241 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:490 hits: 12-31 to 10-29] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 11:18:00 | WinXP | 4.152.198.190 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:11:20:00 | Win2K-f | 130.13.60.134 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 24065189fb NEW |
none[none] | none:none |
none|none | none | none | |
| 11:21:00 | Win2K-f | 130.13.60.134 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 24065189fb NEW |
none[none] | none:none |
none|none | none | none | |
| 11:39:00 | Win2K-f | 58.226.18.79 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | 139 | pcap | raw alerts ruleset |
ftp irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox:16 hits: 07-29 to 10-28] |
none[none] | none:none |
none|none | none | none | |
| 11:42:00 | WinXP | 89.152.109.180 (-): TVCABO PORTUGAL S.A, OEIRAS, LISBOA, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:46:00 | Win2K-f | 70.248.127.149 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 11:47:00 | WinXP | 85.87.67.163 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru :brussels.be.eu.undernet.org :caen.fr.eu.undernet.org SE:viking.dal.net SE:vancouver.dal.net SE:qis.md.us.dal.net US:lia.zanet.net :lulea.se.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:34 hits: 10-08 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:12:00:00 | WinXP | 41.214.184.167 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:27 hits: 10-03 to 10-27] |
none[none] | none:none |
none|none | none | none |
| T:12:06:00 | WinXP | 79.138.214.192 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:08:00 | Win2K-f | 58.226.18.79 (HANANET.NET): HANARO TELECOM INC, KR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox:16 hits: 07-29 to 10-28] |
none[none] | none:none |
none|none | none | none |
| T:12:09:00 | Win2K-f | 130.67.92.110 (ONLINE.NO): NORTELE-H, HøNEFOSS, BUSKERUD, NO. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:16:00 | Win2K-f | 98.149.190.201 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:21:00 | WinXP | 83.97.167.21 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1401 hits: 12-31 to 10-29] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:28:00 | Win2K-f | 218.211.207.127 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:44:00 | Win2K-f | 24.69.187.101 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 36 0 of 32 |
090753e602 [Firefox: 5 hits: 10-09 to 10-25] 79595a71bb [Firefox: 5 hits: 10-09 to 10-25] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:12:45:00 | WinXP | 85.13.82.86 (-): LIDOS-ZELEZNARUDA-CDT-NET, CZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:15 hits: 10-21 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 12:51:00 | WinXP | 79.163.184.122 (-): IDEA, PL. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:53:00 | Win2K-f | 66.153.211.73 (SCCOAST.NET): HTC - CABLE MODEM POOL, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.108:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:03:00 | WinXP | 190.254.68.43 (-): . |
n/a | :www.google.com.au US:www.altavista.com :jbeegvia.ru EU:crutop.nu US:www.worldbank.org :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru DE:kavkaz.co.uk :pnlkria.ru :kargai.ru :kfwfceki.ru RU:alfabank.ru :nhuwxyuw.ru SE:kavkaz.tv :udluzuq.ru :fiazpvnne.ru :ppxuub.ru US:crime-research.ru GB:www.candidateverifier.com :lvwgdhwlj.ru :raxeqajrf.ru :dhagunb.ru :zpwmktjv.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | bb7681eca8 [Firefox:11 hits: 09-26 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:13:51:00 | WinXP | 130.13.75.94 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 4d9fda377d [Firefox: 5 hits: 10-22 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:14:01:00 | WinXP | 4.245.164.187 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DANBURY, CONNECTICUT, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:07:00 | WinXP | 208.222.44.174 (WHEATSTATE.COM): NETWORK TOOL AND DIE COMPANY, CHANUTE, KANSAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 393d3a40db [Firefox:15 hits: 02-14 to 10-28] |
8a0ff8065a [0] | ASM:Graph |
PolyEnE| | lines=76 | trace |
| 14:07:00 | WinXP | 218.75.149.21 (-): CHINANET-HN CHANGDE NODE NETWORK, CHANGDE, HUNAN, CN. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
http 172 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 33 |
5ed15671ec NEW 6434b9480d NEW e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 14:11:00 | Win2K-f | 130.13.208.239 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:12:00 | WinXP | 72.188.109.233 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :wpad US:spi.domainsponsor.com :www.proxy-socks.net US:208.73.210.121:80 |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:290 hits: 01-01 to 10-29] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:14:12:00 | WinXP | 130.13.208.239 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:23:00 | WinXP | 24.144.20.168 (CONWAYCORP.NET): CONWAY CORPORATION, CONWAY, ARKANSAS, US. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 760602b816 NEW |
none[none] | none:none |
none|none | none | none |
| 14:27:00 | WinXP | 186.9.40.15 (-): . |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org SE:vancouver.dal.net AT:graz.at.eu.undernet.org :washington.dc.us.undernet.org US:lia.zanet.net SE:ced.dal.net SE:ozbytes.dal.net NL:diemen.nl.eu.undernet.org SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | dd19428f27 NEW |
none[none] | none:none |
none|none | none | none |
| 14:29:00 | WinXP | 207.5.229.254 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:29:00 | Win2K-f | 75.79.45.202 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.52:80 US:208.111.173.53:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:30:00 | WinXP | 68.126.125.240 (PACBELL.NET): PPPOX POOL - RBACK5 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru SE:broadway.ny.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:32:00 | WinXP | 41.214.181.227 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 24cfd92b45 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:32:00 | WinXP | 41.214.181.227 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 24cfd92b45 NEW |
none[none] | none:none |
none|none | none | none |
| 14:43:00 | WinXP | 72.51.202.220 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 8 hits: 09-12 to 10-15] d8cf9fc784 [Firefox: 9 hits: 09-12 to 10-17] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:44:00 | Win2K-f | 65.25.107.66 (RR.COM): ROAD RUNNER HOLDCO LLC, CANTON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] b7082104e4 [Firefox:238 hits: 06-18 to 10-29] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| T:14:46:00 | Win2K-f | 130.234.185.195 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
17 of 36 | f36f19b885 NEW |
none[none] | none:none |
none|none | none | none | |
| T:14:54:00 | WinXP | 85.138.241.49 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8df76b0d35 [Firefox: 2 hits: 10-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:15:10:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.124:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:16:00 | WinXP | 165.166.225.252 (INFOAVE.NET): INFO AVENUE INTERNET SERVICES LLC, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | bef242afd6 NEW |
none[none] | none:none |
none|none | none | none |
| 15:18:00 | Win2K-f | 130.13.181.91 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | bbf3f3b76e NEW |
none[none] | none:none |
none|none | none | none | |
| T:15:20:00 | WinXP | 130.13.181.91 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | bbf3f3b76e NEW |
none[none] | none:none |
none|none | none | none | |
| 15:25:00 | WinXP | 71.106.172.155 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:504 hits: 01-05 to 10-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:15:25:00 | WinXP | 170.51.68.162 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox: 6 hits: 10-14 to 10-27] |
none[none] | none:none |
none|none | none | none |
| T:15:26:00 | Win2K-f | 118.217.217.169 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:36 hits: 06-21 to 10-27] 58c343a8d8 [Firefox:40 hits: 06-21 to 10-27] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 15:32:00 | Win2K-f | 24.69.41.63 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:199.93.44.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 35 31 of 35 |
215c5cf6ea NEW e00b258bce NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:41:00 | WinXP | 83.176.224.140 (TELE2.SE): ZITIUS DELIVERY AB, STOCKHOLM, STOCKHOLM, SE. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 5ccd948a20 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:42:00 | WinXP | 94.137.13.170 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:66 hits: 09-13 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:15:46:00 | Win2K-f | 140.239.41.230 (XO.NET): XO COMMUNICATIONS, CAMBRIDGE, MASSACHUSETTS, US. |
n/a | 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| T:15:46:00 | WinXP | 65.190.162.216 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:114 hits: 01-14 to 10-26] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:15:47:00 | Win2K-f | 58.226.18.79 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox:16 hits: 07-29 to 10-28] |
none[none] | none:none |
none|none | none | none | |
| 16:00:00 | Win2K-f | 130.13.58.96 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 6a423f9994 NEW |
none[none] | none:none |
none|none | none | none |
| 16:01:00 | WinXP | 130.13.222.3 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| 16:01:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:208.111.148.15:80 US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:13 hits: 08-01 to 10-14] dc92683d9a [Firefox:20 hits: 06-19 to 10-14] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:16:06:00 | Win2K-f | 130.13.222.3 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
15 of 36 | 0658411431 NEW |
none[none] | none:none |
none|none | none | none | |
| 16:21:00 | WinXP | 114.48.19.230 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 64d359864b [Firefox: 2 hits: 10-20 to 10-21] |
none[none] | none:none |
none|none | none | none | |
| T:16:25:00 | WinXP | 74.141.72.130 (INSIGHTBB.COM): INSIGHT COMMUNICATIONS COMPANY L.P, LOUISVILLE, KENTUCKY, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:38:00 | Win2K-f | 58.226.18.79 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 35 | 50649fc087 [Firefox:16 hits: 07-29 to 10-28] |
none[none] | none:none |
none|none | none | none | |
| 16:58:00 | WinXP | 24.65.248.244 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 0a33175b5b NEW |
none[none] | none:none |
none|none | none | none |
| 17:10:00 | Win2K-f | 130.13.221.151 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:11:00 | WinXP | 207.5.235.9 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 0 of 33 |
43a2ea8129 NEW dae97ee6a2 NEW e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 17:13:00 | WinXP | 87.116.247.176 (TNP.PL): TELENET MIELEC SPOLKA Z OGRANICZONA ODPOWIEDZIALNOSCIA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | fcd4bae1af [Firefox: 2 hits: 10-27 to 10-28] |
none[none] | none:none |
none|none | none | none |
| T:17:14:00 | Win2K-f | 70.128.1.245 (PARAGOULD.NET): PARAGOULD CITY LIGHT & WATER, PARAGOULD, ARKANSAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 167 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:17:00 | WinXP | 130.13.104.64 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 6a423f9994 NEW |
none[none] | none:none |
none|none | none | none |
| 17:18:00 | WinXP | 130.13.104.64 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 6a423f9994 NEW |
none[none] | none:none |
none|none | none | none |
| 17:19:00 | WinXP | 4.246.163.221 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net SE:coins.dal.net NL:diemen.nl.eu.undernet.org :caen.fr.eu.undernet.org SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org :washington.dc.us.undernet.org :lulea.se.eu.undernet.org AT:graz.at.eu.undernet.org SE:viking.dal.net :flanders.be.eu.undernet.org SE:ced.dal.net :los-angeles.ca.us.undernet.org US:lia.zanet.net SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
27 of 36 | 7d4c250955 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:31:00 | WinXP | 190.84.5.81 (CABLE.NET.CO): TV CABLE S.A, SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:15 hits: 10-10 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 17:35:00 | WinXP | 201.252.121.36 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 30b1c8ae06 NEW |
none[none] | none:none |
none|none | none | none |
| 17:47:00 | Win2K-f | 24.78.190.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:69.28.178.10:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 32 of 35 |
4037a11392 NEW d958d5db37 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:58:00 | WinXP | 130.13.116.67 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 466a8acf2e NEW |
none[none] | none:none |
none|none | none | none |
| T:18:26:00 | WinXP | 203.136.2.89 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:636 hits: 01-01 to 10-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:26:00 | WinXP | 200.117.53.70 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | RU:moscow-advokat.ru SE:vancouver.dal.net SE:ced.dal.net :caen.fr.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:coins.dal.net NO:london.uk.eu.undernet.org :lulea.se.eu.undernet.org SE:viking.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 18:28:00 | WinXP | 60.249.242.178 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | bef242afd6 NEW |
none[none] | none:none |
none|none | none | none |
| 18:39:00 | Win2K-f | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.73.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 57ce4acac2 [Firefox:310 hits: 06-17 to 10-29] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:55:00 | WinXP | 209.127.192.127 (-): TELSCAPE COMMUNICATIONS INC, TORONTO, OHIO, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com 115.126.2.121:65520 IL:194.90.224.83:80 |
135 | pcap | raw alerts ruleset |
http irc 129 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 36 25 of 36 34 of 36 0 of 33 32 of 36 |
188a76e028 NEW 2738d752a2 NEW a8c074e136 [Firefox: 5 hits: 08-21 to 10-29] e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] fc22cbd605 [Firefox: 5 hits: 08-21 to 10-29] |
none[none] none [none] none [none] e07c29c4ae[1] none [none] |
none:none none:none none:none ASM:Graph none:none |
none|none none|none none|none FSG| none|none |
none none none lines=92 none |
none none none trace none |
| T:18:56:00 | WinXP | 201.213.176.181 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:15 hits: 10-10 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 19:01:00 | WinXP | 4.171.205.240 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, FT. MYERS, FLORIDA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 0 of 32 |
2610413a5c NEW 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[none] 73f1082158[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
|
| 19:08:00 | WinXP | 81.35.8.133 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MADRID, MADRID, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:192 hits: 01-03 to 10-29] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 19:17:00 | WinXP | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.53:80 US:208.111.173.54:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:20:00 | WinXP | 122.55.112.182 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | dc558084f5 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:35:00 | Win2K-f | 130.13.151.96 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com US:dl2.bundlext.com US:b116.bundlext.com |
135 | pcap | raw alerts ruleset |
irc http 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 23 of 36 33 of 36 25 of 36 |
0c6bf71059 NEW 188a76e028 NEW 22b648d99d NEW 2738d752a2 NEW |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 19:36:00 | WinXP | 130.13.151.96 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com :wpad US:google.com IL:xul93.pubdomainstr.com |
445 | pcap | raw alerts ruleset |
irc http 36 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 33 of 36 25 of 36 |
188a76e028 NEW 22b648d99d NEW 2738d752a2 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 19:55:00 | Win2K-f | 71.148.35.37 (SBCGLOBAL.NET): KASSA KASSA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.42:80 US:208.111.173.45:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:03:00 | Win2K-f | 67.10.71.242 (RR.COM): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. (100Mbps) |
194.109.11.65:6556 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 185 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 [Firefox:12 hits: 06-10 to 10-01] |
none[4] | none:none |
StarForce| | none | trace |
| 20:25:00 | WinXP | 61.186.208.194 (163DATA.COM.CN): CHINANET CHONGQING PROVINCE NETWORK, HUANG SHAN, ANHUI, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:29:00 | Win2K-f | 61.39.208.171 (BORA.NET): DACOM CORP, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:42:00 | Win2K-f | 130.13.177.154 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | f256ce17d1 NEW |
none[none] | none:none |
none|none | none | none |
| 20:47:00 | Win2K-f | 4.225.142.139 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAWRENCEBURG, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:49:00 | WinXP | 24.197.134.110 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.50:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:52:00 | Win2K-f | 124.195.157.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.148.23:80 US:208.111.148.50:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:57:00 | WinXP | 130.13.51.175 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com :wpad US:google.com IL:xul93.pubdomainstr.com US:dl2.bundlext.com US:b152.bundlext.com US:b155.bundlext.com |
445 | pcap | raw alerts ruleset |
irc http 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 25 of 36 10 of 36 33 of 36 18 of 36 |
188a76e028 NEW 2738d752a2 NEW 66f6cc6757 NEW 6a423f9994 NEW a34161aabf NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:21:09:00 | Win2K-f | 24.78.190.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.49:80 US:208.111.173.51:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 32 of 35 |
4037a11392 NEW d958d5db37 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 21:19:00 | Win2K-f | 64.150.147.110 (SCCOAST.NET): HTC COMMUNICATIONS LLC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 21:20:00 | WinXP | 203.136.2.89 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell ftp 15 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:636 hits: 01-01 to 10-29] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:21:32:00 | WinXP | 130.13.228.240 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c74c1814d7 NEW |
none[none] | none:none |
none|none | none | none |
| 21:32:00 | WinXP | 130.13.228.240 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c74c1814d7 NEW |
none[none] | none:none |
none|none | none | none |
| 21:47:00 | Win2K-f | 24.69.187.101 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 36 0 of 32 |
090753e602 [Firefox: 5 hits: 10-09 to 10-25] 79595a71bb [Firefox: 5 hits: 10-09 to 10-25] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 21:55:00 | Win2K-f | 69.121.161.229 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), STRATFORD, CONNECTICUT, US. |
194.109.11.65:1023 | NL:0x80.online-software.org | 135 | pcap | raw alerts ruleset |
other 193 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | 15d4d85dc0 [Firefox:12 hits: 06-10 to 10-01] |
none[4] | none:none |
StarForce| | none | trace |
| 21:55:00 | WinXP | 130.13.128.14 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 922a1339af NEW |
none[none] | none:none |
none|none | none | none |
| T:21:55:00 | Win2K-f | 130.13.128.14 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 922a1339af NEW |
none[none] | none:none |
none|none | none | none |
| T:22:04:00 | Win2K-f | 68.148.18.3 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:208.111.173.45:80 US:208.111.173.47:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 31 of 36 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] c3686cb37f NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 22:15:00 | WinXP | 210.126.168.137 (KRLINE.NET): KRNIC, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 22:20:00 | Win2K-f | 70.65.17.97 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RED DEER, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:20:00 | WinXP | 4.154.221.120 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WORCESTER, MASSACHUSETTS, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:504 hits: 01-05 to 10-29] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 22:56:00 | Win2K-f | 75.49.18.130 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, COLUMBUS, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:00:00 | WinXP | 98.175.153.98 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 0 of 33 |
430b442da3 [Firefox: 3 hits: 10-10 to 10-28] bea8cb1865 [Firefox:33 hits: 08-11 to 10-29] e07c29c4ae [Firefox:749 hits: 06-19 to 10-29] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:23:08:00 | WinXP | 218.223.219.67 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 1d84ca0934 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:09:00 | WinXP | 151.118.192.146 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:09:00 | WinXP | 151.118.192.146 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:19:00 | Win2K-f | 130.13.236.3 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | e8d1c6f7a8 NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:24:00 | Win2K-f | 130.13.236.3 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | e8d1c6f7a8 NEW |
none[none] | none:none |
none|none | none | none | |
| T:23:24:00 | Win2K-f | 4.136.93.227 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WINSTON SALEM, NORTH CAROLINA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 150 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] a08f3b74a4 [Firefox:1261 hits: 06-18 to 10-29] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:34:00 | Win2K-f | 130.13.131.207 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | e8d1c6f7a8 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:34:00 | Win2K-f | 173.18.118.181 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3535 hits: 06-17 to 10-29] 73f1082158 [Firefox:1753 hits: 06-18 to 10-29] b5919931fe [Firefox:988 hits: 06-20 to 10-29] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:49:00 | WinXP | 117.99.2.111 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:23:50:00 | WinXP | 117.99.2.111 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:802 hits: 12-31 to 10-29] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |