|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:07:00 | WinXP | 78.59.219.74 (ZEBRA.LT): LIETUVOS, LT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | cd1d4a8f0a NEW |
none[none] | none:none |
none|none | none | none |
| 00:09:00 | WinXP | 114.48.40.153 (-): . |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 16727c6808 NEW |
none[none] | none:none |
none|none | none | none |
| 00:13:00 | WinXP | 116.127.232.167 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.104.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 91 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:180 hits: 06-17 to 11-02] 4c3df24b32 [Firefox:236 hits: 06-17 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 00:17:00 | WinXP | 98.25.127.181 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 11-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 00:48:00 | WinXP | 65.69.205.89 (COM-TECHED.NET): COLLEGE OF THE MAINLAND, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 00:52:00 | Win2K-f | 125.58.90.19 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:23:00 | Win2K-f | 124.195.158.89 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:26:00 | Win2K-f | 124.195.158.89 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 01:30:00 | Win2K-f | 140.239.201.214 (XO.NET): XO COMMUNICATIONS, BOSTON, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 0 of 32 |
73f1082158 [Firefox:1831 hits: 06-18 to 11-02] 79c01ec060 [Firefox:71 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
73f1082158 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 01:37:00 | WinXP | 218.162.182.220 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:01:39:00 | WinXP | 220.219.254.27 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), YOKOHAMA, KANAGAWA, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 01:56:00 | WinXP | 221.251.49.172 (UCOM.NE.JP): TK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 02:07:00 | Win2K-f | 24.84.5.16 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
28ce5fc467 [Firefox: 7 hits: 09-12 to 10-25] e7335cb667 [Firefox: 7 hits: 09-12 to 10-25] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:08:00 | WinXP | 68.148.148.151 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 5 of 36 |
e24773490e NEW fd419eefad [Firefox: 8 hits: 10-31 to 11-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:02:11:00 | WinXP | 122.52.37.157 (PLDT.NET): IPG, PH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 895d51605c NEW |
none[none] | none:none |
none|none | none | none |
| 02:37:00 | Win2K-f | 71.79.78.37 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTERVILLE, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.53.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:43:00 | WinXP | 213.22.81.195 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:41 hits: 10-08 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:03:00:00 | WinXP | 122.146.241.164 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:205.128.70.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 298 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 31 of 33 |
dd98c3c108 [Firefox:11 hits: 06-24 to 10-29] e98746deb1 [Firefox:10 hits: 06-24 to 10-29] |
dd98c3c108 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| 03:04:00 | Win2K-f | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:07:00 | WinXP | 122.146.225.166 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:11:00 | WinXP | 170.51.98.171 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 49c56a371e NEW |
none[none] | none:none |
none|none | none | none |
| 03:16:00 | Win2K-f | 116.120.107.66 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.104.126:80 US:204.160.126.124:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 |
168aab35a3 [Firefox:180 hits: 06-17 to 11-02] 61426996c3 [Firefox:16 hits: 06-20 to 10-29] |
none[4] 61426996c3[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:03:25:00 | WinXP | 122.108.254.212 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 03:39:00 | WinXP | 117.99.24.205 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:822 hits: 12-31 to 11-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:44:00 | WinXP | 78.34.14.247 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 6 hits: 10-06 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 03:44:00 | WinXP | 78.34.14.247 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 6 hits: 10-06 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 04:00:00 | WinXP | 193.250.68.192 (ABO.WANADOO.FR): WANADOO, FR. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 11-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:39:00 | WinXP | 219.162.196.251 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:647 hits: 01-01 to 11-02] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:48:00 | WinXP | 121.84.158.78 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:647 hits: 01-01 to 11-02] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:04:49:00 | WinXP | 87.58.92.37 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | a8c10e184d NEW |
none[none] | none:none |
none|none | none | none |
| 05:10:00 | Win2K-f | 70.66.89.82 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:205.128.70.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
12e484a198 [Firefox: 8 hits: 10-01 to 10-14] 2e43dc0077 [Firefox:10 hits: 10-01 to 10-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 05:24:00 | WinXP | 190.188.134.16 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6405484e84 [Firefox: 7 hits: 10-27 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 05:28:00 | WinXP | 85.174.15.213 (RUNEXT.COM): PROVIDER LOCAL REGISTRY, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 2 hits: 10-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:05:28:00 | WinXP | 85.174.15.213 (RUNEXT.COM): PROVIDER LOCAL REGISTRY, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 2 hits: 10-26 to 10-26] |
none[none] | none:none |
none|none | none | none |
| T:05:38:00 | WinXP | 94.191.154.73 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:201 hits: 01-03 to 11-02] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:05:44:00 | WinXP | 219.105.88.193 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1a8dccb1b8 [Firefox: 3 hits: 10-06 to 10-13] |
none[none] | none:none |
none|none | none | none |
| T:05:56:00 | WinXP | 4.227.107.234 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d6df3972a0 [Firefox:36 hits: 01-07 to 11-02] |
39eeef52a4 [0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:05:57:00 | WinXP | 217.201.203.135 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru US:lia.zanet.net :caen.fr.eu.undernet.org NO:london.uk.eu.undernet.org :brussels.be.eu.undernet.org SE:ced.dal.net SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 52a2e53dde NEW |
none[none] | none:none |
none|none | none | none |
| 05:58:00 | WinXP | 209.42.142.187 (WISPNET.NET): WISPNET LLC, KENTUCKY, US. |
n/a | DE:siliconfireware.ru RU:www.bbin.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com RU:195.200.213.54:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:604 hits: 01-01 to 11-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 06:14:00 | Win2K-f | 208.105.186.90 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:06:20:00 | WinXP | 84.73.49.173 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 42c101571e NEW |
none[none] | none:none |
none|none | none | none |
| 06:20:00 | WinXP | 84.73.49.173 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 42c101571e NEW |
none[none] | none:none |
none|none | none | none |
| T:06:26:00 | WinXP | 86.144.168.13 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 11-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 06:28:00 | Win2K-f | 123.213.246.187 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
other 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 36 |
2e04b06527 [Firefox:14 hits: 06-18 to 10-21] 514265be41 [Firefox: 4 hits: 09-24 to 10-21] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:06:35:00 | WinXP | 64.213.233.93 (CENTENNIALPR.NET): CENTENNIAL PR, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fccab86427 NEW |
none[none] | none:none |
none|none | none | none |
| 06:37:00 | WinXP | 64.213.233.93 (CENTENNIALPR.NET): CENTENNIAL PR, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fccab86427 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:37:00 | WinXP | 83.97.173.146 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org :washington.dc.us.undernet.org SE:ozbytes.dal.net SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 6d7baa9138 NEW |
none[none] | none:none |
none|none | none | none |
| 06:45:00 | Win2K-f | 115.83.101.139 (-): . |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 235 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 32 |
1fa62445aa [Firefox: 3 hits: 11-01 to 11-02] 963d5f92ac [Firefox: 4 hits: 10-28 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:06:52:00 | WinXP | 117.96.92.108 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 6 hits: 10-06 to 10-28] |
none[none] | none:none |
none|none | none | none |
| T:06:57:00 | WinXP | 88.163.109.247 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | a53c09baef NEW |
none[none] | none:none |
none|none | none | none |
| 07:08:00 | Win2K-f | 203.75.203.221 (ARTSUN.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
67.43.236.98:1863 | CA:xx.enterhere.biz CA:alwayssam.com CA:zonetech.info |
135 | pcap | raw alerts ruleset |
irc http 796 lines |
Yeah : 1.8 profile |
none | summary tarball |
none none none |
41b9df60db NEW aee7370f28 NEW cada8d5adf NEW |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 07:17:00 | WinXP | 59.146.121.108 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:647 hits: 01-01 to 11-02] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:19:00 | WinXP | 87.49.107.201 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | d4eed7b000 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:28:00 | WinXP | 130.13.241.24 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
72.10.172.218:9928 | :proxim.ircgalaxy.pl CA:teek.ihshsd8.com :preek.oihduhdd.net CA:japan.youngpeyatech.info 115.126.2.121:65520 CA:72.10.172.218:9928 |
139 | pcap | raw alerts ruleset |
ftp irc http 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
19 of 36 none |
03d5bf43b7 [Firefox: 7 hits: 09-18 to 10-31] 28ef8992b8 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:28:00 | Win2K-f | 130.13.241.24 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 28ef8992b8 NEW |
none[none] | none:none |
none|none | none | none | |
| 07:29:00 | Win2K-f | 130.13.35.90 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
63.173.172.98:6668 | :proxim.ircgalaxy.pl 115.126.2.121:65520 US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp irc 21 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7990452f6a [Firefox: 2 hits: 11-01 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:07:33:00 | WinXP | 85.152.185.134 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2231eb8648 [Firefox: 2 hits: 10-31 to 11-01] |
none[none] | none:none |
none|none | none | none |
| 07:38:00 | Win2K-f | 64.183.209.202 (RR.COM): ROAD RUNNER HOLDCO LLC, DALLAS, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] b7082104e4 [Firefox:244 hits: 06-18 to 11-02] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| T:07:38:00 | WinXP | 78.227.136.213 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 348149f9f6 NEW |
none[none] | none:none |
none|none | none | none |
| 07:38:00 | WinXP | 78.227.136.213 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 348149f9f6 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:45:00 | Win2K-f | 4.152.222.93 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, RICHMOND, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.126:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:52:00 | WinXP | 92.47.51.94 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | a0012f058f [Firefox: 8 hits: 10-20 to 10-26] |
none[none] | none:none |
none|none | none | none |
| 08:01:00 | WinXP | 89.246.211.163 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:14:00 | WinXP | 151.80.203.237 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | aa485c27a9 NEW |
none[none] | none:none |
none|none | none | none |
| 08:44:00 | WinXP | 64.141.65.231 (MERCURYSPEED.COM): BIG PIPE INC, KAMLOOPS, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:08:51:00 | WinXP | 88.170.104.92 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4ed031d88c [Firefox:10 hits: 10-20 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:08:58:00 | WinXP | 211.214.115.13 (-): HANANET-LLINE-SAHACABLE, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 175 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
4ef7771f3f NEW d29aef3217 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:09:14:00 | Win2K-f | 76.77.228.13 (MADISONTELCO.COM): MADISON TELEPHONE COMPANY, HAMEL, ILLINOIS, US. |
n/a | :proxima.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 260 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 32 | ea9787a186 [Firefox: 6 hits: 06-20 to 09-19] |
none[4] | none:none |
PolyEnE| | none | trace |
| 09:17:00 | WinXP | 76.178.247.74 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:17:00 | WinXP | 76.178.247.74 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:19:00 | WinXP | 88.172.213.144 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :gaspode.zanet.org.za US:lia.zanet.net 115.126.2.121:80 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8d74af6d5 [Firefox: 4 hits: 10-04 to 10-24] |
none[none] | none:none |
none|none | none | none |
| T:09:29:00 | Win2K-f | 118.83.13.150 (-): . |
n/a | 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 09:48:00 | Win2K-f | 66.153.211.73 (SCCOAST.NET): HTC - CABLE MODEM POOL, CONWAY, SOUTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:06:00 | WinXP | 81.198.245.52 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | dc92e77d1f NEW |
none[none] | none:none |
none|none | none | none |
| T:10:07:00 | Win2K-f | 74.211.7.232 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:10:08:00 | WinXP | 203.118.235.89 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:67 hits: 09-13 to 10-30] |
none[none] | none:none |
none|none | none | none |
| 10:08:00 | WinXP | 74.211.7.232 (BEYONDBB.COM): ORANGE BROADBAND, MT. VERNON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:10:11:00 | WinXP | 80.218.215.88 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
21 of 22 | 8d2ef3175a NEW |
none[none] | none:none |
none|none | none | none |
| T:10:42:00 | WinXP | 216.67.18.149 (ACSALASKA.NET): ALASKA COMMUNICATIONS SYSTEMS GROUP INC, RIALTO, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:32 hits: 02-16 to 11-02] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| 10:43:00 | Win2K-f | 63.28.68.210 (UU.NET): UUNET TECHNOLOGIES INC, HONOLULU, HAWAII, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:48:00 | WinXP | 81.198.50.200 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:822 hits: 12-31 to 11-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:10:52:00 | WinXP | 151.62.40.53 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:20 hits: 10-21 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 10:54:00 | WinXP | 79.206.120.31 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:647 hits: 01-01 to 11-02] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:11:09:00 | WinXP | 87.239.248.49 (-): SC ACROPOLIS TECH SRL, RO. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:80 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 554d29724f NEW |
none[none] | none:none |
none|none | none | none |
| T:11:09:00 | Win2K-f | 64.150.147.127 (SCCOAST.NET): HTC COMMUNICATIONS LLC, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:13:00 | Win2K-f | 196.208.34.165 (DIAL-UP.NET): AFRINIC, CAPE TOWN, WESTERN CAPE, ZA. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 |
135 | pcap | raw alerts ruleset |
other 171 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:30:00 | Win2K-f | 221.139.84.48 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 0 of 32 30 of 33 |
24e59ab043 NEW b5919931fe [Firefox:1040 hits: 06-20 to 11-02] ff2150aa95 [Firefox: 7 hits: 07-03 to 11-01] |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| T:11:32:00 | WinXP | 81.173.135.158 (NETCOLOGNE.DE): DYNAMIC CABLE MODEM IP POOL, COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d526bf5a3f [Firefox: 3 hits: 10-12 to 10-15] |
none[none] | none:none |
none|none | none | none |
| T:11:46:00 | Win2K-f | 58.107.89.140 (OPTUSNET.COM.AU): OPTUS INTERNET - RETAIL, SYDNEY, NEW SOUTH WALES, AU. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 191 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 none none |
b5919931fe [Firefox:1040 hits: 06-20 to 11-02] cb0c16849c NEW ebadd6c191 NEW |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| T:11:50:00 | WinXP | 151.67.222.40 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 9eb35d0f8c NEW |
none[none] | none:none |
none|none | none | none |
| T:11:50:00 | WinXP | 70.65.148.239 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LETHBRIDGE, ALBERTA, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox: 2 hits: 11-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:11:57:00 | WinXP | 79.138.221.15 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net SE:qis.md.us.dal.net :flanders.be.eu.undernet.org SE:ozbytes.dal.net AT:graz.at.eu.undernet.org SE:viking.dal.net :caen.fr.eu.undernet.org :gaspode.zanet.org.za SE:broadway.ny.us.dal.net NL:diemen.nl.eu.undernet.org SE:ced.dal.net SE:vancouver.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:822 hits: 12-31 to 11-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:57:00 | WinXP | 79.138.221.15 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:822 hits: 12-31 to 11-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 11:58:00 | WinXP | 98.174.80.235 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:11:59:00 | WinXP | 92.41.187.143 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :lulea.se.eu.undernet.org SE:viking.dal.net SE:qis.md.us.dal.net :los-angeles.ca.us.undernet.org SE:coins.dal.net :caen.fr.eu.undernet.org SE:ced.dal.net :brussels.be.eu.undernet.org SE:broadway.ny.us.dal.net SE:ozbytes.dal.net :flanders.be.eu.undernet.org US:lia.zanet.net AT:graz.at.eu.undernet.org :gaspode.zanet.org.za 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f04fb66461 [Firefox: 5 hits: 09-12 to 10-02] |
none[none] | none:none |
none|none | none | none |
| T:12:01:00 | WinXP | 81.56.44.139 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru SE:vancouver.dal.net SE:ozbytes.dal.net :lulea.se.eu.undernet.org NL:diemen.nl.eu.undernet.org :gaspode.zanet.org.za :washington.dc.us.undernet.org NL:london.uk.eu.undernet.org SE:qis.md.us.dal.net AT:graz.at.eu.undernet.org :caen.fr.eu.undernet.org SE:viking.dal.net :brussels.be.eu.undernet.org :los-angeles.ca.us.undernet.org SE:broadway.ny.us.dal.net SE:ced.dal.net US:lia.zanet.net :flanders.be.eu.undernet.org SE:coins.dal.net 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4bec1f8ed6 NEW |
none[none] | none:none |
none|none | none | none |
| 12:08:00 | WinXP | 24.167.99.148 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 [Firefox:149 hits: 01-01 to 11-02] |
af9ca5bed1 [0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| 12:24:00 | WinXP | 4.243.108.9 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN FRANCISCO, CALIFORNIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:822 hits: 12-31 to 11-02] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:30:00 | Win2K-f | 76.243.226.214 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:54:00 | WinXP | 86.96.9.31 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox: 9 hits: 10-14 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:12:59:00 | WinXP | 82.67.147.56 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | a8c3178b94 NEW |
none[none] | none:none |
none|none | none | none |
| 13:05:00 | WinXP | 216.78.100.26 (BELLSOUTH.NET): BELLSOUTH.NET INC, ATLANTA, GEORGIA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:06:00 | WinXP | 200.117.92.161 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:42 hits: 09-17 to 11-01] |
none[none] | none:none |
none|none | none | none |
| 13:06:00 | WinXP | 200.117.92.161 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:42 hits: 09-17 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:13:09:00 | WinXP | 155.239.192.219 (TELKOM-IPNET.CO.ZA): AFRINIC, DURBAN, KWAZULU-NATAL, ZA. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 4f1299acc0 [Firefox: 9 hits: 10-07 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:13:17:00 | WinXP | 87.58.93.75 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 314fbb94a7 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:23:00 | WinXP | 62.201.120.69 (AXELERO.HU): T-ONLINE CATV CLIENTS, SZEGED, CSONGRAD, HU. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:13:26:00 | Win2K-f | 75.185.184.196 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:30:00 | WinXP | 12.219.144.88 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, HUNTSVILLE, ALABAMA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:503 hits: 12-31 to 11-02] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:31:00 | WinXP | 190.136.107.154 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:45 hits: 10-05 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:13:32:00 | WinXP | 82.246.95.29 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
115.126.2.121:65520 194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru :fleshkatera.cn |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 37140983bf NEW |
none[none] | none:none |
none|none | none | none |
| 13:32:00 | WinXP | 81.132.190.142 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, LONDON, ENGLAND, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:34:00 | WinXP | 92.40.140.127 (IKBCC.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:45 hits: 10-05 to 11-01] |
none[none] | none:none |
none|none | none | none |
| 13:41:00 | Win2K-f | 4.161.203.98 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, DENVER, COLORADO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.41.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 143 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:42:00 | WinXP | 119.154.3.202 (-): . |
194.54.90.246:80 | UA:citi-bank.ru :adult-empire.com |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | bb55ca17eb NEW |
none[none] | none:none |
none|none | none | none |
| T:13:47:00 | WinXP | 83.97.174.20 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru :adult-empire.com |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | d74de676f3 NEW |
none[none] | none:none |
none|none | none | none |
| 13:55:00 | WinXP | 170.51.216.155 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox: 9 hits: 10-14 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 14:06:00 | WinXP | 87.49.107.201 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | d4eed7b000 NEW |
none[none] | none:none |
none|none | none | none |
| 14:41:00 | WinXP | 82.207.17.211 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN KIEV, UA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
19 of 32 | 5506fda84b [Firefox: 2 hits: 04-08 to 11-01] |
none[4] | none:none |
PolyEnE| | none | trace |
| 14:58:00 | WinXP | 92.41.93.68 (IKBCC.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:58:00 | WinXP | 92.41.93.68 (IKBCC.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:00:00 | WinXP | 69.134.217.22 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 15:08:00 | WinXP | 190.208.70.195 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 65e3f1d212 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:17:00 | WinXP | 211.119.110.132 (BORA.NET): BORANET-NET, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 34 34 of 36 0 of 33 |
3060fff5c0 [Firefox: 4 hits: 08-22 to 11-02] a7d11d75cd [Firefox: 4 hits: 08-22 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| T:15:34:00 | Win2K-f | 65.183.137.81 (BURLINGTONTELECOM.NET): BURLINGTON TELECOM, CLOQUET, MINNESOTA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 0 of 32 |
3ed16ae12d [Firefox:30 hits: 06-19 to 11-02] 79c01ec060 [Firefox:71 hits: 06-18 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
3ed16ae12d [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| 15:36:00 | WinXP | 72.174.154.62 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:41 hits: 10-08 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:15:36:00 | WinXP | 72.174.154.62 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:41 hits: 10-08 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:15:40:00 | WinXP | 41.214.187.210 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox: 2 hits: 11-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 15:47:00 | Win2K-f | 63.25.126.5 (UU.NET): UUNET TECHNOLOGIES INC, SHERMAN, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
none 0 of 32 |
0377456b0c NEW 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[none] 73f1082158[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=81 |
none trace |
|
| 15:51:00 | Win2K-f | 70.183.165.173 (COX.NET): COX COMMUNICATIONS, PROVIDENCE, RHODE ISLAND, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 34 of 36 28 of 33 |
b5919931fe [Firefox:1040 hits: 06-20 to 11-02] da00a8e7a1 [Firefox:35 hits: 08-05 to 10-29] f685f8e027 [Firefox:39 hits: 06-18 to 10-29] |
b5919931fe [1] none [none] f685f8e027[1] |
ASM:Graph none:none ASM:Graph |
ASProtect| none|none Armadillo| |
lines=90 none lines=82 |
trace none trace |
| 15:56:00 | WinXP | 94.191.156.120 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:201 hits: 01-03 to 11-02] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:06:00 | WinXP | 201.76.24.59 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:09:00 | WinXP | 24.109.218.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, THUNDER BAY, ONTARIO, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a9800f880f NEW |
none[none] | none:none |
none|none | none | none |
| 16:09:00 | WinXP | 24.109.218.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, THUNDER BAY, ONTARIO, CA. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a9800f880f NEW |
none[none] | none:none |
none|none | none | none |
| 16:17:00 | WinXP | 217.203.208.247 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 3d3a89feaa NEW |
none[none] | none:none |
none|none | none | none |
| T:16:18:00 | WinXP | 217.203.208.247 (-): TELECOM ITALIA MOBILE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 3d3a89feaa NEW |
none[none] | none:none |
none|none | none | none |
| 16:24:00 | WinXP | 89.204.230.87 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:27 hits: 10-10 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:16:24:00 | WinXP | 89.204.230.87 (O2.IE): O2 IRELAND MOBILE PHONE OPERATOR, IE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:27 hits: 10-10 to 11-01] |
none[none] | none:none |
none|none | none | none |
| 16:27:00 | WinXP | 68.189.148.0 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
none | 289d74b4ce NEW |
none[none] | none:none |
none|none | none | none |
| T:16:28:00 | WinXP | 68.189.148.0 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 289d74b4ce NEW |
none[none] | none:none |
none|none | none | none |
| 16:30:00 | Win2K-f | 66.153.193.78 (SCCOAST.NET): HTC - DIAL-UP INTERNET POOL, CONWAY, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:199.93.41.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:35:00 | WinXP | 96.15.53.189 (-): . |
n/a | DE:siliconfireware.ru US:searchportal.information.com EU:ebookfinaltrash.ru :wpad US:208.73.210.121:80 |
445 | pcap | raw alerts ruleset |
http http http 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:604 hits: 01-01 to 11-01] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:49:00 | Win2K-f | 98.141.162.205 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:50:00 | Win2K-f | 24.227.249.98 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN ANTONIO, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.53.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:16:56:00 | WinXP | 204.193.222.122 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c198ee4e94 [Firefox: 5 hits: 10-20 to 10-28] |
none[none] | none:none |
none|none | none | none |
| 16:58:00 | WinXP | 206.248.251.168 (NTELOS.NET): NTELOS INC, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox: 9 hits: 10-27 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 17:11:00 | WinXP | 125.4.9.180 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:24 hits: 06-19 to 10-25] 53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 17:21:00 | Win2K-f | 24.170.56.77 (RR.COM): ROAD RUNNER HOLDCO LLC, INGLESIDE, TEXAS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 57 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
a08f3b74a4 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:17:21:00 | WinXP | 118.231.136.214 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | d61760f6a1 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:22:00 | WinXP | 64.53.89.217 (COMPORIUM.NET): ROCK HILL TELEPHONE COMPANY, ROCK HILL, SOUTH CAROLINA, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | f665a37b6c [Firefox: 6 hits: 10-13 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:17:41:00 | WinXP | 209.177.126.117 (GVNI.COM): GLOBAL VALLEY NETWORKS, TURLOCK, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:27 hits: 10-10 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:17:42:00 | WinXP | 24.76.187.13 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:17 hits: 10-11 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 17:45:00 | WinXP | 79.132.209.224 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com UA:vit.ln.ua :baner.vit :www.proxy-socks.net :wpad UA:195.189.16.10:80 |
445 | pcap | raw alerts ruleset |
http http 190 lines |
Yeah : 0.8 profile |
none | summary tarball |
30 of 32 | 7dd1fe2970 [Firefox:22 hits: 02-03 to 10-06] |
dcc673c815 [0] | ASM:Graph |
ASPack| | lines=374 embedded dns |
trace |
| 17:59:00 | Win2K-f | 60.249.118.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.37.123:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 57ce4acac2 [Firefox:318 hits: 06-17 to 11-02] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:59:00 | WinXP | 24.78.164.81 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | :baner.vit EU:hyper-space-fuel.ru UA:195.189.16.10:80 DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 99 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 17:59:00 | Win2K-f | 216.77.193.101 (BELLSOUTH.NET): BELLSOUTH.NET INC, PICAYUNE, MISSISSIPPI, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 128 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:18:09:00 | Win2K-f | 96.251.106.197 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:11:00 | WinXP | 24.79.210.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SHERWOOD PARK, ALBERTA, CA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 1ed69f0ca4 NEW |
none[none] | none:none |
none|none | none | none |
| 18:22:00 | WinXP | 114.48.176.92 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:24:00 | WinXP | 76.172.171.20 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:647 hits: 01-01 to 11-02] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:34:00 | WinXP | 186.12.44.149 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:40:00 | WinXP | 24.84.5.16 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 466 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | 785f88c2da NEW |
none[none] | none:none |
none|none | none | none | |
| 18:45:00 | WinXP | 24.82.83.194 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 0c390db94d [Firefox: 3 hits: 10-01 to 10-09] |
none[none] | none:none |
none|none | none | none |
| 18:53:00 | WinXP | 24.76.66.55 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | bd425b37f8 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:04:00 | WinXP | 12.73.55.141 (ATT.NET): AT&T WORLDNET SERVICES, BATON ROUGE, LOUISIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 106 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:12:00 | WinXP | 99.129.199.219 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:191 hits: 01-08 to 11-02] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 19:22:00 | WinXP | 190.137.1.195 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 3d3a89feaa NEW |
none[none] | none:none |
none|none | none | none |
| T:19:22:00 | WinXP | 190.137.1.195 (NET.AR): APOLO -GOLD-TELECOM-PER, AR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | 3d3a89feaa NEW |
none[none] | none:none |
none|none | none | none |
| 19:28:00 | WinXP | 66.52.49.238 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | 34e9c433ab NEW |
none[none] | none:none |
none|none | none | none |
| 19:45:00 | WinXP | 118.7.3.210 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:519 hits: 01-05 to 11-02] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 19:50:00 | WinXP | 75.143.200.180 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:29 hits: 10-03 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 19:59:00 | WinXP | 211.109.96.220 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, KUNSAN, CHOLLA-BUKTO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.124:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 29 of 32 0 of 33 |
168aab35a3 [Firefox:180 hits: 06-17 to 11-02] 61426996c3 [Firefox:16 hits: 06-20 to 10-29] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 61426996c3[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=82 lines=92 |
trace trace trace |
| 20:02:00 | WinXP | 79.138.137.175 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 9 hits: 10-12 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:20:03:00 | WinXP | 79.138.137.175 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c0e2e2d5ee [Firefox: 9 hits: 10-12 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 20:06:00 | Win2K-f | 99.153.104.204 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 8 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] b7082104e4 [Firefox:244 hits: 06-18 to 11-02] |
none[4] b5919931fe[1] none [4] |
none:none ASM:Graph none:none |
tElock| ASProtect| tElock| |
none lines=90 none |
trace trace trace |
| 20:13:00 | WinXP | 69.208.1.75 (AMERITECH.NET): RBACK3.AKRNOH, CANTON, OHIO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:20:43:00 | WinXP | 69.85.106.219 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 20:59:00 | WinXP | 75.136.136.172 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | c91dfdf79a [Firefox: 4 hits: 10-20 to 10-28] |
none[none] | none:none |
none|none | none | none |
| T:20:59:00 | WinXP | 75.136.136.172 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c91dfdf79a [Firefox: 4 hits: 10-20 to 10-28] |
none[none] | none:none |
none|none | none | none |
| T:21:03:00 | Win2K-f | 61.101.181.94 (KRLINE.NET): KRNIC, KR. |
n/a | US:microsoft.com :proxima.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 US:198.78.201.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 0 of 32 |
168aab35a3 [Firefox:180 hits: 06-17 to 11-02] 667f0c59f3 [Firefox:31 hits: 07-04 to 11-02] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] |
none[4] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
tElock| none|none ASProtect| |
none none lines=90 |
trace none trace |
| 21:09:00 | Win2K-f | 24.80.121.67 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 603 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 6 hits: 10-06 to 10-31] |
none[none] | none:none |
none|none | none | none | |
| 21:18:00 | WinXP | 70.184.4.247 (COX.NET): COX COMMUNICATIONS, MACON, GEORGIA, US. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 306 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 29ae13a587 [Firefox: 6 hits: 10-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:21:32:00 | WinXP | 211.200.116.21 (HANANET.NET): HANARO TELECOM INC, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 36 0 of 33 |
2e04b06527 [Firefox:14 hits: 06-18 to 10-21] 514265be41 [Firefox: 4 hits: 09-24 to 10-21] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| none|none FSG| |
none none lines=92 |
trace none trace |
| 21:37:00 | Win2K-f | 119.94.29.96 (-): . |
n/a | CA:xx.ka3ek.com CA:alwayssam.com CA:zonetech.info |
135 | pcap | raw alerts ruleset |
irc http 288 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 none |
954a98c971 [Firefox:11 hits: 06-09 to 09-16] cada8d5adf NEW |
none[4] none [none] |
none:none none:none |
FSG| none|none |
none none |
trace none |
| 21:43:00 | WinXP | 64.181.83.170 (WVFIBERNET.NET): FIBERNET OF WV, GRANTSVILLE, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 107 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] e07c29c4ae [Firefox:777 hits: 06-19 to 11-02] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 21:59:00 | WinXP | 75.138.115.11 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:31 hits: 10-01 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 21:59:00 | Win2K-f | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 0 of 32 29 of 33 |
1f59c01aef [Firefox:15 hits: 08-01 to 11-01] b5919931fe [Firefox:1040 hits: 06-20 to 11-02] dc92683d9a [Firefox:22 hits: 06-19 to 11-01] |
none[none] b5919931fe[1] dc92683d9a[1] |
none:none ASM:Graph ASM:Graph |
none|none ASProtect| Armadillo| |
none lines=90 lines=82 |
none trace trace |
| 22:04:00 | Win2K-f | 75.191.146.224 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] 73f1082158 [Firefox:1831 hits: 06-18 to 11-02] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:07:00 | Win2K-f | 24.87.139.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
none none |
4bd8e539ab NEW fb97e82c81 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:09:00 | WinXP | 190.136.116.107 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:41 hits: 10-08 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 22:14:00 | WinXP | 84.73.142.115 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | db11825fcd NEW |
none[none] | none:none |
none|none | none | none |
| T:22:14:00 | WinXP | 84.73.142.115 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | db11825fcd NEW |
none[none] | none:none |
none|none | none | none |
| T:22:24:00 | WinXP | 65.185.123.119 (RR.COM): ROAD RUNNER HOLDCO LLC, LIMA, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:22:29:00 | Win2K-f | 203.88.176.61 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
other 482 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | b9d8d079b2 NEW |
none[none] | none:none |
none|none | none | none |
| T:22:42:00 | WinXP | 217.201.133.77 (-): TELECOM ITALIA MOBILE, FIRENZE, TOSCANA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1429 hits: 12-31 to 11-02] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:22:43:00 | Win2K-f | 65.25.67.94 (RR.COM): ROAD RUNNER HOLDCO LLC, CANTON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:15:00 | Win2K-f | 119.94.176.255 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:19:00 | WinXP | 24.86.10.216 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:192.221.99.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3675 hits: 06-17 to 11-02] a08f3b74a4 [Firefox:1309 hits: 06-18 to 11-02] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:31:00 | WinXP | 119.154.24.251 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:27 hits: 10-10 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:23:31:00 | WinXP | 119.154.24.251 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:27 hits: 10-10 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:23:38:00 | WinXP | 79.139.227.161 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | dabee3f591 NEW |
e834223711 [0] | ASM:Graph |
PolyEnE| | line=1 | trace |
| T:23:39:00 | Win2K-f | 96.48.158.50 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 611 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 6 hits: 10-06 to 10-31] |
none[none] | none:none |
none|none | none | none | |
| T:23:43:00 | WinXP | 24.138.149.53 (PERSONAINC.NET): PERSONA COMMUNICATIONS INC, ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | b81df3157e NEW |
none[none] | none:none |
none|none | none | none |