|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:14:00 | Win2K-f | 4.182.141.90 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RENO, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 182 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 00:22:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:14 hits: 08-01 to 10-30] dc92683d9a [Firefox:21 hits: 06-19 to 10-30] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:00:25:00 | Win2K-f | 130.13.134.109 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 29 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 05fd1c8520 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:40:00 | Win2K-f | 68.148.92.95 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
2b761d003d NEW 62ead8956a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:47:00 | WinXP | 117.99.58.185 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | ddb3bd55db NEW |
none[none] | none:none |
none|none | none | none |
| 00:54:00 | Win2K-f | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.96.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 00:57:00 | WinXP | 70.182.172.13 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:192.221.96.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:00:00 | WinXP | 89.204.250.2 (O2.IE): DIGIFONE ONLINE, IE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:01:00:00 | WinXP | 89.204.250.2 (O2.IE): DIGIFONE ONLINE, IE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:01:04:00 | WinXP | 62.1.182.32 (FORTHNET.GR): FORTHNET-NOC-ATH, ATHENS, ATTIKI, GR. (DIAL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 01:05:00 | WinXP | 62.1.182.32 (FORTHNET.GR): FORTHNET-NOC-ATH, ATHENS, ATTIKI, GR. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:11:00 | WinXP | 89.116.135.241 (ERDVES.LT): SC LITHUANIAN RADIO AND TV CENTER, VILNIUS, VILNIAUS APSKRITIS, LT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:01:22:00 | WinXP | 85.86.56.118 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 03e3403df1 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:23:00 | Win2K-f | 222.235.110.132 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 30 of 32 0 of 32 |
4c3df24b32 [Firefox:232 hits: 06-17 to 10-30] 8390780c27 [Firefox:40 hits: 06-18 to 09-30] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:01:40:00 | WinXP | 122.147.98.234 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
594201690a NEW 618ce13002 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:08:00 | Win2K-f | 71.109.38.139 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GLENDORA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:205.128.73.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:09:00 | Win2K-f | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 57ce4acac2 [Firefox:313 hits: 06-17 to 10-31] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:11:00 | WinXP | 119.154.13.104 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bb01f35429 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:12:00 | WinXP | 119.154.13.104 (-): . |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bb01f35429 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:16:00 | WinXP | 77.56.196.195 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | eaa9422755 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:31:00 | WinXP | 89.33.140.26 (U-NITE.RO): JUMP NETWORK SERVICES S.R.L, RO. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:17 hits: 10-21 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 02:32:00 | WinXP | 114.48.164.59 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 17eba07b99 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:32:00 | WinXP | 114.48.164.59 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 17eba07b99 NEW |
none[none] | none:none |
none|none | none | none |
| T:02:40:00 | WinXP | 123.204.79.242 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox: 7 hits: 10-27 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 02:48:00 | WinXP | 70.63.94.174 (RR.COM): ROAD RUNNER HOLDCO LLC, WILMINGTON, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:49:00 | WinXP | 63.24.26.38 (UU.NET): UUNET TECHNOLOGIES INC, ALLENTOWN, PENNSYLVANIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.47.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:02:00 | WinXP | 79.52.123.84 (SRC.ORG): TELECOM ITALIA NET, ROME, LAZIO, IT. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 039d82e2db [Firefox: 4 hits: 10-28 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 03:11:00 | WinXP | 41.214.169.78 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f3440caba1 [Firefox: 2 hits: 10-24 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:03:11:00 | WinXP | 41.214.169.78 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f3440caba1 [Firefox: 2 hits: 10-24 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:03:11:00 | Win2K-f | 196.208.43.236 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:198.78.201.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:20:00 | WinXP | 219.255.6.118 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:26:00 | Win2K-f | 85.186.163.233 (ASTRAL.RO): ASTRAL-BR-CABLE, GALATI, GALATI, RO. (DSL) |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 03:31:00 | Win2K-f | 92.4.31.149 (-): CARPHONE WAREHOUSE BROADBAND SERVICES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:03:34:00 | Win2K-f | 89.136.65.175 (-): ASTRAL BRAILA DOCSIS, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 03:35:00 | WinXP | 116.206.15.95 (-): MOBIF WIRELESS BROADBAND SDN. BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:38:00 | WinXP | 122.55.218.221 (PLDT.NET): IPG, PH. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | dc558084f5 NEW |
none[none] | none:none |
none|none | none | none |
| 03:39:00 | Win2K-f | 83.147.209.174 (-): ORACLE INVESTMENT GROUP, IR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 03:46:00 | Win2K-f | 118.165.144.26 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 03:48:00 | Win2K-f | 89.129.168.66 (YA.COM): YA.COM INTERNET FACTORY, BARCELONA, CATALUñA, ES. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 43 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 03:54:00 | WinXP | 196.20.165.13 (-): MAURITIUS TELECOM, MU. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru :parex-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox: 2 hits: 10-26 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 04:05:00 | WinXP | 78.96.68.10 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:05:00 | WinXP | 91.66.110.28 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:10:00 | WinXP | 82.229.92.42 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:12:00 | WinXP | 62.180.208.136 (IGNITE.NET): BT-IGNITE DIAL-IN, COLOGNE, NORDRHEIN-WESTFALEN, DE. (DIAL) |
n/a | RU:moscow-advokat.ru NL:london.uk.eu.undernet.org :lulea.se.eu.undernet.org SE:ozbytes.dal.net NL:diemen.nl.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
19 of 32 | 5506fda84b NEW |
none[4] | none:none |
PolyEnE| | none | trace |
| T:04:12:00 | WinXP | 85.66.202.33 (BACS-NET.HU): FIBERNET COMMUNICATION CO, BUDAPEST, BUDAPEST, HU. |
69.42.216.108:9890 | :proxim.ircgalaxy.pl :f.unicat.org 115.126.2.121:65520 |
139 | pcap | raw alerts ruleset |
ftp lanman shell irc 264 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 814cfd571f NEW |
none[none] | none:none |
none|none | none | none |
| 04:13:00 | WinXP | 78.97.172.67 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:17:00 | WinXP | 92.83.147.97 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
69.42.216.108:9890 | :f.unicat.org US:aflam.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc 183 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 | c577b49cc3 NEW |
none[none] | none:none |
none|none | none | none |
| 04:18:00 | Win2K-f | 78.96.245.196 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org US:aflam.100free.com |
445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 8121a84151 NEW |
none[none] | none:none |
none|none | none | none |
| 04:22:00 | WinXP | 119.94.34.138 (-): . |
119.94.34.138:80 | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:04:24:00 | Win2K-f | 89.204.91.109 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:26:00 | Win2K-f | 78.97.172.67 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 51 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:30:00 | WinXP | 89.246.104.102 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 04:42:00 | WinXP | 77.54.7.53 (REV.VODAFONE.PT): GPRS POOLS, PT. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:46:00 | Win2K-f | 116.197.242.52 (-): MOBILEONE LTD, SINGAPORE, SINGAPORE, SG. |
69.42.216.108:9890 | :f.unicat.org | 139 | pcap | raw alerts ruleset |
ftp lanman shell irc 250 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 46358b7b7d NEW |
none[none] | none:none |
none|none | none | none |
| 04:51:00 | Win2K-f | 91.66.81.58 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 4b156f6203 NEW |
none[none] | none:none |
none|none | none | none |
| 04:52:00 | Win2K-f | 88.147.249.201 (-): VTSARATOV, RU. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 27 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:04:54:00 | Win2K-f | 78.97.162.135 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 04:55:00 | WinXP | 201.254.64.90 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:01:00 | Win2K-f | 122.123.108.212 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 05:08:00 | WinXP | 212.27.3.32 (-): MLIFENET, RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 7 hits: 10-12 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:05:10:00 | WinXP | 190.225.88.218 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 30b1c8ae06 [Firefox: 2 hits: 10-30 to 10-30] |
none[none] | none:none |
none|none | none | none | |
| T:05:18:00 | Win2K-f | 69.8.44.88 (-): SALINA-SPAVINAW TELEPHONE CO, LOCUST GROVE, OKLAHOMA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:25:00 | Win2K-f | 89.204.91.109 (PERMONLINE.RU): OJSC URALSVYAZINFORM, RU. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 05:26:00 | Win2K-f | 189.87.199.158 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 0b38f1b8a5 NEW |
none[none] | none:none |
none|none | none | none |
| T:05:28:00 | WinXP | 78.50.227.120 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:29:00 | WinXP | 86.102.30.155 (PRIMORYE.RU): DYNAMIC BROADBAND CLIENTS, VLADIVOSTOK, PRIMORSKIY KRAY, RU. (DSL) |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 05:32:00 | Win2K-f | 89.34.201.25 (BERCENI.NET): SC-OMNINET-TELECOM-SRL, RO. |
69.42.216.108:9890 | :proxim.ircgalaxy.pl :f.unicat.org 115.126.2.121:65520 |
139 | pcap | raw alerts ruleset |
ftp lanman shell irc 263 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 441fac8f8d NEW |
none[none] | none:none |
none|none | none | none |
| 05:38:00 | Win2K-f | 78.97.70.198 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 30 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:05:38:00 | Win2K-f | 78.97.35.58 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:05:42:00 | WinXP | 78.96.68.10 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:05:57:00 | WinXP | 89.34.201.25 (BERCENI.NET): SC-OMNINET-TELECOM-SRL, RO. |
69.42.216.108:9890 | :proxim.ircgalaxy.pl :f.unicat.org 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ee4e1f5f63 NEW |
none[none] | none:none |
none|none | none | none |
| 06:01:00 | Win2K-f | 86.105.66.209 (UPCNET.RO): UPC ROMANIA SA, TIMISOARA, TIMIS, RO. (DSL) |
n/a | 139 | pcap | raw alerts ruleset |
ftp lanman shell 231 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 8196cf3c4a NEW |
none[none] | none:none |
none|none | none | none | |
| 06:05:00 | Win2K-f | 89.137.116.46 (-): ASTRAL CLUJ-NAPOCA DOCSIS NETWORK, CLUJ-NAPOCA, CLUJ, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp lanman shell 231 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | 8196cf3c4a NEW |
none[none] | none:none |
none|none | none | none | |
| T:06:06:00 | WinXP | 79.163.28.178 (-): IDEA, PL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7b91966cd9 NEW |
none[none] | none:none |
none|none | none | none |
| 06:09:00 | WinXP | 85.242.19.193 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 97d2241366 NEW |
none[none] | none:none |
none|none | none | none |
| 06:10:00 | WinXP | 83.93.192.110 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c11aa2aaf8 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:18:00 | Win2K-f | 91.65.10.52 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:06:27:00 | WinXP | 78.139.164.124 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b6ab111104 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:29:00 | WinXP | 91.67.177.100 (SUPERKABEL.DE): KABEL DEUTSCHLAND BREITBAND SERVICE GMBH, DE. |
69.42.216.108:9890 | :f.unicat.org 69.42.216.108:9890 |
445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| T:06:45:00 | WinXP | 24.42.68.233 (-): . |
69.42.216.108:9890 | :f.unicat.org 69.42.216.108:9890 |
139 | pcap | raw alerts ruleset |
ftp lanman shell irc 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 8196cf3c4a NEW |
none[none] | none:none |
none|none | none | none |
| T:06:48:00 | WinXP | 91.65.0.168 (SUPERKABEL.DE): KABEL-DEUTSCHLAND-CUSTOMER-SERVICES, DE. |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 36 | 9de39ab0c9 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:55:00 | WinXP | 62.201.95.34 (T-ONLINE.HU): T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL), HU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:514 hits: 01-05 to 10-31] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:56:00 | Win2K-f | 78.96.178.184 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
69.42.216.108:9890 | :f.unicat.org | 139 | pcap | raw alerts ruleset |
ftp lanman shell irc 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | 8196cf3c4a NEW |
none[none] | none:none |
none|none | none | none |
| 07:04:00 | WinXP | 210.18.50.126 (SIFY.NET): ROSY BLUE (INDIA) PVT LTD, IN. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 07:13:00 | WinXP | 118.219.144.243 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 33 |
4c3df24b32 [Firefox:232 hits: 06-17 to 10-30] 53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] e07c29c4ae [Firefox:763 hits: 06-19 to 10-31] |
4c3df24b32 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| T:07:20:00 | Win2K-f | 118.219.144.243 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.41.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:232 hits: 06-17 to 10-30] 53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 07:29:00 | Win2K-f | 118.165.144.26 (-): . |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 07:33:00 | WinXP | 4.249.240.78 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GERMANTOWN, MARYLAND, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bea6308368 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:33:00 | WinXP | 83.68.70.87 (TNP.PL): TELENETCENTRUM-NET, PL. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 5818023061 [Firefox: 6 hits: 01-03 to 10-26] |
a227e5e49d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:39:00 | Win2K-f | 78.97.58.141 (ASTRAL.RO): ASTRAL TELECOM SA, RO. |
n/a | 139 | pcap | raw alerts ruleset |
ftp lanman shell 239 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b9fe435e65 NEW |
none[none] | none:none |
none|none | none | none | |
| T:07:39:00 | WinXP | 115.81.88.129 (-): . |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com US:dl2.bundlext.com US:b152.bundlext.com 115.126.2.121:65520 US:64.233.187.99:80 |
135 | pcap | raw alerts ruleset |
http irc 267 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 36 34 of 36 25 of 36 10 of 36 32 of 36 |
188a76e028 [Firefox: 7 hits: 10-30 to 10-31] 1fa62445aa NEW 2738d752a2 [Firefox: 6 hits: 10-30 to 10-30] 66f6cc6757 [Firefox: 2 hits: 10-30 to 10-30] 963d5f92ac NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:07:42:00 | WinXP | 61.221.250.18 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 57ce4acac2 [Firefox:313 hits: 06-17 to 10-31] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:54:00 | WinXP | 69.85.106.130 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:14:00 | Win2K-f | 203.88.176.61 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
irc http 492 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 36 25 of 36 32 of 36 |
188a76e028 [Firefox: 7 hits: 10-30 to 10-31] 2738d752a2 [Firefox: 6 hits: 10-30 to 10-30] 856e8c4832 NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:08:15:00 | Win2K-f | 70.248.127.149 (SWBELL.NET): PPPOX POOL - BRAS14 RCSNTX, DALLAS, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:26:00 | WinXP | 96.53.129.127 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1513777af1 NEW |
none[none] | none:none |
none|none | none | none |
| 08:26:00 | WinXP | 96.53.129.127 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1513777af1 NEW |
none[none] | none:none |
none|none | none | none |
| 08:28:00 | Win2K-f | 71.106.167.3 (VERIZON.NET): VERIZON INTERNET SERVICES INC, SANTA MONICA, CALIFORNIA, US. (DSL) |
115.126.2.121:65520 | IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com :proxim.ircgalaxy.pl :ntkrnlpa.cn 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
23 of 36 25 of 36 |
188a76e028 [Firefox: 7 hits: 10-30 to 10-31] 2738d752a2 [Firefox: 6 hits: 10-30 to 10-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:31:00 | WinXP | 208.8.178.58 (IMT.NET): COMPUTERS UNLIMITED, BILLINGS, MONTANA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:31:00 | WinXP | 76.171.90.122 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad DE:ebookfinaltrash.ru EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http http 40 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:601 hits: 01-01 to 10-31] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:08:35:00 | WinXP | 24.100.0.236 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 253 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox: 9 hits: 09-12 to 10-30] d8cf9fc784 [Firefox:10 hits: 09-12 to 10-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 08:40:00 | WinXP | 79.206.74.31 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:643 hits: 01-01 to 10-31] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 08:47:00 | WinXP | 76.167.146.157 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl :ntkrnlpa.cn IL:wrsnav.wwlax.com IL:bugreport.waverevenue.com US:google.com IL:xul93.pubdomainstr.com US:dl2.bundlext.com US:b155.bundlext.com US:b156.bundlext.com IL:mtn6.com-com.ws |
445 | pcap | raw alerts ruleset |
http irc 23 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 25 of 36 34 of 36 18 of 36 16 of 36 |
188a76e028 [Firefox: 7 hits: 10-30 to 10-31] 2738d752a2 [Firefox: 6 hits: 10-30 to 10-30] 637ead27ba NEW a34161aabf [Firefox: 2 hits: 10-30 to 10-30] c5fe54ac0b NEW |
none[none] none [none] none [none] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none none|none none|none none|none none|none |
none none none none none |
none none none none none |
| T:09:31:00 | Win2K-f | 130.13.216.245 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 6 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:36:00 | WinXP | 88.22.174.74 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2006112951), ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:189 hits: 01-08 to 10-31] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:09:36:00 | WinXP | 118.231.107.127 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:40:00 | Win2K-f | 140.239.201.214 (XO.NET): XO COMMUNICATIONS, BOSTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
73f1082158 [Firefox:1790 hits: 06-18 to 10-31] 79c01ec060 [Firefox:67 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
73f1082158 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:09:43:00 | WinXP | 24.76.66.55 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | bd425b37f8 NEW |
none[none] | none:none |
none|none | none | none |
| 09:44:00 | WinXP | 77.57.194.33 (SOLPA.NET): CABLECOM, CH. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:ced.dal.net SE:coins.dal.net HR:london.uk.eu.undernet.org US:lia.zanet.net :gaspode.zanet.org.za SE:viking.dal.net :caen.fr.eu.undernet.org :los-angeles.ca.us.undernet.org AT:graz.at.eu.undernet.org 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 9317ee6f77 NEW |
none[none] | none:none |
none|none | none | none |
| 10:15:00 | Win2K-f | 68.150.54.217 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 0 of 32 32 of 36 |
91c40145cf NEW b5919931fe [Firefox:1015 hits: 06-20 to 10-31] f4ac963c4d NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 10:51:00 | Win2K-f | 130.234.185.195 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | US:mail.fucuzzy.com DE:www.proxy.us.pl |
445 | pcap | raw alerts ruleset |
irc http 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
5 of 36 | fd419eefad [Firefox: 2 hits: 10-31 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:10:52:00 | Win2K-f | 130.13.224.226 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com US:mail.TIKTIKZ.COM US:www.topgameland.com DE:www.proxy.us.pl 115.126.2.121:65520 US:209.205.196.2:80 US:209.205.196.3:80 |
135 | pcap | raw alerts ruleset |
irc http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | b6ef846bb2 NEW |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | Win2K-f | 130.13.224.226 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
irc http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | b6ef846bb2 NEW |
none[none] | none:none |
none|none | none | none |
| 11:00:00 | WinXP | 87.246.21.47 (MOBIFONIKA.COM): MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN, SLIVEN, BURGAS, BG. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox: 3 hits: 10-28 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:11:01:00 | Win2K-f | 130.13.54.186 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 7e70c47d22 NEW |
none[none] | none:none |
none|none | none | none |
| 11:06:00 | Win2K-f | 211.187.175.190 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:199.93.53.125:80 US:204.160.126.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 28 of 32 |
8a75955033 [Firefox:41 hits: 06-20 to 10-30] 9276c8b36b [Firefox:41 hits: 06-20 to 10-30] |
none[4] 9276c8b36b[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:06:00 | Win2K-f | 70.184.153.39 (COX.NET): COX COMMUNICATIONS, PHOENIX, ARIZONA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
bea8cb1865 [Firefox:36 hits: 08-11 to 10-31] fac78fde16 [Firefox:15 hits: 09-13 to 10-31] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:11:13:00 | WinXP | 85.138.42.68 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, OEIRAS, LISBOA, PT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | c439e59be9 NEW |
none[none] | none:none |
none|none | none | none |
| 11:27:00 | WinXP | 140.239.201.214 (XO.NET): XO COMMUNICATIONS, BOSTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 33 |
73f1082158 [Firefox:1790 hits: 06-18 to 10-31] 79c01ec060 [Firefox:67 hits: 06-18 to 10-31] e07c29c4ae [Firefox:763 hits: 06-19 to 10-31] |
73f1082158 [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| FSG| |
lines=81 none lines=92 |
trace trace trace |
| 11:42:00 | WinXP | 77.54.171.77 (REV.VODAFONE.PT): VODAFONE TELECEL COMUNICACOES PESSOAIS SA, PT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4fa326bff3 NEW |
none[none] | none:none |
none|none | none | none |
| 11:45:00 | Win2K-f | 71.109.21.158 (VERIZON.NET): VERIZON INTERNET SERVICES INC, GLENDORA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 189 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:11:00 | WinXP | 114.48.7.48 (-): . |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ec0ea881ab NEW |
none[none] | none:none |
none|none | none | none |
| T:12:27:00 | WinXP | 173.18.118.181 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] e07c29c4ae [Firefox:763 hits: 06-19 to 10-31] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 12:46:00 | WinXP | 86.106.40.230 (UPCNET.RO): SC UPC ROMANIA SA, TIMISOARA, TIMIS, RO. (DSL) |
69.42.216.108:9890 | :f.unicat.org | 445 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 31 | e8d4d8cde1 [Firefox:708 hits: 03-31 to 10-05] |
fda109a6fd [0] | ASM:Graph |
ASProtect| | lines=583 embedded dns |
trace |
| 12:56:00 | WinXP | 82.253.218.82 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 624f7c01d0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:56:00 | WinXP | 82.253.218.82 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 624f7c01d0 NEW |
none[none] | none:none |
none|none | none | none |
| 13:06:00 | Win2K-f | 218.211.83.151 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:18:00 | Win2K-f | 24.78.183.119 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:31:00 | Win2K-f | 130.234.185.195 (JYU.FI): UNIVERSITY OF JYVASKYLA NETWORK, JYVäSKYLä, LANSI-SUOMEN LAANI, FI. |
n/a | US:mail.fucuzzy.com DE:www.proxy.us.pl |
445 | pcap | raw alerts ruleset |
irc http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
5 of 36 | fd419eefad [Firefox: 2 hits: 10-31 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 13:36:00 | WinXP | 4.143.23.101 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PLYMOUTH, MINNESOTA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
2 of 36 | b5c98afc7d NEW |
none[none] | none:none |
none|none | none | none | |
| 13:44:00 | Win2K-f | 173.16.128.165 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:204.160.126.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] b7082104e4 [Firefox:242 hits: 06-18 to 10-31] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:13:50:00 | Win2K-f | 208.105.186.90 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:14:12:00 | WinXP | 189.48.5.232 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 05808e504c NEW |
none[none] | none:none |
none|none | none | none |
| T:14:18:00 | WinXP | 69.105.99.116 (PACBELL.NET): PPPOX POOL - RBACK4 IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:23:00 | WinXP | 130.13.72.208 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 779099165a NEW |
none[none] | none:none |
none|none | none | none |
| 14:23:00 | WinXP | 75.42.82.238 (SBCGLOBAL.NET): PPPOX POOL - BRAS5.SCRMCA 090106-1000, US. (DSL) |
n/a | US:www.yahoo.com :www.google.com.au :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:53 hits: 04-18 to 10-31] |
none[3] | none:none |
tElock| | none | trace |
| 14:24:00 | Win2K-f | 130.13.72.208 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 779099165a NEW |
none[none] | none:none |
none|none | none | none |
| 14:25:00 | WinXP | 66.50.120.159 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 35 | e6cfd91cbc NEW |
none[none] | none:none |
none|none | none | none |
| 14:31:00 | WinXP | 130.13.208.199 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:mail.fucuzzy.com US:mail.TIKTIKZ.COM US:www.topgameland.com DE:www.proxy.us.pl US:209.205.196.3:80 |
445 | pcap | raw alerts ruleset |
irc 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
5 of 36 | fd419eefad [Firefox: 2 hits: 10-31 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 14:33:00 | WinXP | 87.56.146.196 (BROADBAND.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:601 hits: 01-01 to 10-31] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:14:35:00 | WinXP | 96.14.204.122 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:40:00 | WinXP | 86.129.248.74 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:498 hits: 12-31 to 10-31] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:14:46:00 | Win2K-f | 98.141.161.136 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:06:00 | WinXP | 71.136.17.66 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:30 hits: 06-18 to 10-31] 79c01ec060 [Firefox:67 hits: 06-18 to 10-31] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 15:07:00 | WinXP | 202.221.174.219 (BMOBILE.NE.JP): JAPAN COMMUNICATION INC, TOKYO, TOKYO, JP. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:189 hits: 01-01 to 10-31] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 15:17:00 | WinXP | 76.246.126.79 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 729e7b849a NEW |
none[none] | none:none |
none|none | none | none |
| T:15:17:00 | WinXP | 76.246.126.79 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 729e7b849a NEW |
none[none] | none:none |
none|none | none | none |
| T:15:27:00 | WinXP | 76.93.253.57 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:815 hits: 12-31 to 10-31] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:32:00 | WinXP | 70.71.250.130 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | CA:dirty.eiheihre3.com | 135 | pcap | raw alerts ruleset |
irc 245 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 | b9cdf4ca69 [Firefox: 8 hits: 06-18 to 09-22] |
none[4] | none:none |
none|none | none | trace |
| T:15:49:00 | WinXP | 200.122.99.23 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:15:51:00 | WinXP | 84.75.210.104 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 1a88bd5450 [Firefox: 5 hits: 10-02 to 10-20] |
none[none] | none:none |
none|none | none | none |
| T:15:55:00 | WinXP | 172.191.19.34 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.46.126:80 US:207.123.47.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:01:00 | Win2K-f | 70.61.156.64 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:03:00 | WinXP | 115.130.14.165 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:10:00 | Win2K-f | 208.105.186.90 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:20:00 | Win2K-f | 219.44.12.53 (BBTEC.NET): SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:16:28:00 | WinXP | 70.64.152.12 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 644ab77c01 [Firefox: 7 hits: 10-21 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 16:28:00 | Win2K-f | 64.21.224.55 (GONDTC.COM): GONDTC.COM, HARVEY, NORTH DAKOTA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:16:29:00 | WinXP | 78.84.153.178 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:498 hits: 12-31 to 10-31] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 16:34:00 | Win2K-f | 76.87.208.17 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:48:00 | WinXP | 98.105.196.2 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f353d4eed9 [Firefox:38 hits: 09-17 to 10-20] |
none[none] | none:none |
none|none | none | none |
| 16:49:00 | Win2K-f | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 57ce4acac2 [Firefox:313 hits: 06-17 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:58:00 | WinXP | 200.117.120.55 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:43 hits: 10-05 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:16:58:00 | WinXP | 200.117.120.55 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:43 hits: 10-05 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:17:01:00 | Win2K-f | 122.147.97.140 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] b5919931fe [Firefox:1015 hits: 06-20 to 10-31] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:17:04:00 | WinXP | 217.184.65.213 (MEDIAWAYS.NET): VARIOUS ONLINE SERVICES, DE. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad RU:www.bbin.ru |
445 | pcap | raw alerts ruleset |
http http http 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:293 hits: 01-01 to 10-31] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 17:04:00 | WinXP | 218.160.251.81 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 17:04:00 | WinXP | 65.188.32.184 (RR.COM): ROAD RUNNER HOLDCO LLC, FT. WORTH, TEXAS, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:498 hits: 12-31 to 10-31] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:17:10:00 | WinXP | 77.56.56.198 (HISPEED.CH): CABLECOM, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8001873dd NEW |
none[none] | none:none |
none|none | none | none |
| 17:28:00 | WinXP | 172.191.19.34 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.201.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:28:00 | WinXP | 70.15.72.2 (PTD.NET): PENTELEDATA INC. - CABLE, SELINSGROVE, PENNSYLVANIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1413 hits: 12-31 to 10-31] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:17:29:00 | Win2K-f | 130.13.156.107 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl US:mail.TIKTIKZ.COM US:www.topgameland.com US:www.genesisstore.sk 115.126.2.121:65520 DE:217.115.152.170:80 |
135 | pcap | raw alerts ruleset |
irc http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 956a804767 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:35:00 | WinXP | 121.84.28.11 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 26b398e92b NEW |
none[none] | none:none |
none|none | none | none | |
| 17:40:00 | Win2K-f | 71.51.225.46 (EMBARQHSD.NET): EMBARQ CORPORATION, RAEFORD, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.37.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:48:00 | Win2K-f | 72.215.54.126 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:52:00 | WinXP | 70.68.63.195 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:21 hits: 10-10 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:17:59:00 | Win2K-f | 72.215.54.126 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:02:00 | Win2K-f | 130.13.225.250 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | b6ef846bb2 NEW |
none[none] | none:none |
none|none | none | none | |
| 18:02:00 | Win2K-f | 203.91.185.216 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 9 of 33 |
2851817490 [Firefox: 8 hits: 06-27 to 10-08] 624c441842 [Firefox: 5 hits: 06-27 to 10-08] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:19:00 | WinXP | 24.229.178.201 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 NEW |
none[none] | none:none |
none|none | none | none |
| 18:21:00 | WinXP | 217.201.11.77 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 1c8b439ba5 [Firefox: 5 hits: 10-20 to 10-22] |
none[none] | none:none |
none|none | none | none |
| 18:26:00 | WinXP | 64.150.147.110 (SCCOAST.NET): HTC COMMUNICATIONS LLC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:31:00 | WinXP | 217.184.65.213 (MEDIAWAYS.NET): VARIOUS ONLINE SERVICES, DE. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:293 hits: 01-01 to 10-31] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 18:33:00 | Win2K-f | 130.13.228.85 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
irc http 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | b6ef846bb2 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:39:00 | WinXP | 24.78.45.161 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:29 hits: 09-12 to 10-31] 321f4fc27d [Firefox:29 hits: 09-12 to 10-31] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:42:00 | Win2K-f | 130.13.228.85 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 DE:217.115.152.170:80 |
445 | pcap | raw alerts ruleset |
irc http 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | b6ef846bb2 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:08:00 | WinXP | 200.117.121.44 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:37 hits: 10-08 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 19:09:00 | WinXP | 64.32.122.20 (CODETEL.NET.DO): VERIZON DOMINICANA, SANTIAGO, SANTIAGO, DO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:195 hits: 01-03 to 10-31] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:19:23:00 | WinXP | 200.82.92.183 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:815 hits: 12-31 to 10-31] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:31:00 | WinXP | 211.11.33.252 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | b17fa91b0a NEW |
none[none] | none:none |
none|none | none | none |
| T:19:38:00 | WinXP | 66.19.93.44 (USLEC.NET): USLEC CORP, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 19:51:00 | Win2K-f | 130.13.216.97 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
63.173.172.98:6668 | :proxim.ircgalaxy.pl 115.126.2.121:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 29 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7990452f6a NEW |
none[none] | none:none |
none|none | none | none |
| T:19:51:00 | WinXP | 130.13.216.97 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
63.173.172.98:6668 | :proxim.ircgalaxy.pl 115.126.2.121:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7990452f6a NEW |
none[none] | none:none |
none|none | none | none |
| 19:54:00 | Win2K-f | 116.127.164.194 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:199.93.41.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
776985f561 [Firefox:22 hits: 06-24 to 10-31] 8ec6129efe [Firefox:22 hits: 06-24 to 10-31] |
776985f561 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:20:15:00 | Win2K-f | 4.184.233.8 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LOUISA, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 0 of 32 33 of 36 |
2541b367ac NEW b5919931fe [Firefox:1015 hits: 06-20 to 10-31] d1e66049ed NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:20:20:00 | WinXP | 130.13.194.13 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:mail.fucuzzy.com DE:www.proxy.us.pl |
445 | pcap | raw alerts ruleset |
irc http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
5 of 36 | fd419eefad [Firefox: 2 hits: 10-31 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 20:21:00 | Win2K-f | 130.13.194.13 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | US:mail.fucuzzy.com DE:www.proxy.us.pl DE:217.115.152.170:80 |
135 | pcap | raw alerts ruleset |
irc http 27 lines |
Yeah : 0.8 profile |
none | summary tarball |
5 of 36 | fd419eefad [Firefox: 2 hits: 10-31 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:20:21:00 | WinXP | 71.74.95.81 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:601 hits: 01-01 to 10-31] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 20:23:00 | Win2K-f | 118.220.32.252 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:38 hits: 06-21 to 10-31] 58c343a8d8 [Firefox:42 hits: 06-21 to 10-31] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 20:28:00 | WinXP | 24.67.8.136 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox: 6 hits: 10-09 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 21:27:00 | Win2K-f | 130.13.46.143 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 DE:217.115.152.170:80 |
135 | pcap | raw alerts ruleset |
irc http 28 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c704e39248 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:47:00 | Win2K-f | 64.150.147.110 (SCCOAST.NET): HTC COMMUNICATIONS LLC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:53:00 | WinXP | 72.251.93.29 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:30 hits: 02-16 to 10-28] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 22:05:00 | WinXP | 24.85.5.229 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 115 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none 0 of 33 |
05b1ed9c9c [Firefox: 8 hits: 09-22 to 10-26] 0c87a74ebe [Firefox: 7 hits: 09-22 to 10-24] e07c29c4ae [Firefox:763 hits: 06-19 to 10-31] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:22:11:00 | WinXP | 61.124.119.252 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:514 hits: 01-05 to 10-31] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:18:00 | Win2K-f | 216.208.56.35 (BELL.CA): BELL CANADA, BARRIE, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 181 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] a08f3b74a4 [Firefox:1290 hits: 06-18 to 10-31] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:18:00 | Win2K-f | 75.36.121.141 (SBCGLOBAL.NET): IRIS MFG INC, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 74 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 33 33 of 33 |
4ca3056804 [Firefox:10 hits: 06-18 to 10-31] 53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] |
4ca3056804 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 22:47:00 | WinXP | 211.187.200.123 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.124:80 US:207.123.37.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 30 of 33 |
eb9217b966 [Firefox: 2 hits: 08-22 to 10-01] ff2150aa95 [Firefox: 6 hits: 07-03 to 10-31] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:06:00 | WinXP | 68.146.1.156 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 2009aa9f53 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:10:00 | WinXP | 204.193.221.143 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:41 hits: 09-17 to 10-30] |
none[none] | none:none |
none|none | none | none |
| T:23:19:00 | WinXP | 130.13.67.152 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 2231eb8648 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:21:00 | Win2K-f | 130.13.32.211 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | :proxim.ircgalaxy.pl US:mail.fucuzzy.com DE:www.proxy.us.pl 115.126.2.121:65520 DE:217.115.152.170:80 |
445 | pcap | raw alerts ruleset |
irc 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | c704e39248 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:27:00 | WinXP | 4.249.240.213 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GERMANTOWN, MARYLAND, US. (DIAL) |
194.14.236.50:6667 | 445 | pcap | raw alerts ruleset |
irc 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:39:00 | Win2K-f | 65.69.205.89 (COM-TECHED.NET): COLLEGE OF THE MAINLAND, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3609 hits: 06-17 to 10-31] 73f1082158 [Firefox:1790 hits: 06-18 to 10-31] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:46:00 | WinXP | 41.234.230.138 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cebccf0ff8 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:47:00 | WinXP | 41.234.230.138 (TEDATA.NET): PROVIDER LOCAL REGISTRY, EG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | cebccf0ff8 NEW |
none[none] | none:none |
none|none | none | none |