|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:09:00 | Win2K-f | 125.4.240.29 (ZAQ.NE.JP): KITAKAWACHI CABLE NET CO LTD, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:205.128.70.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
2e45ae247e [Firefox: 7 hits: 06-25 to 11-02] 53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:00:31:00 | WinXP | 94.191.155.150 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 00:40:00 | WinXP | 70.70.173.135 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:00:53:00 | WinXP | 81.9.69.235 (ELLINK.RU): ELECTROSVJAZ OF PSKOV REGION, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4ed031d88c [Firefox:11 hits: 10-20 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:01:22:00 | WinXP | 4.137.14.216 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WEDOWEE, ALABAMA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.70.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
other 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:52:00 | WinXP | 84.247.23.18 (-): SC AMBASADOR IMPEX SRL, GALATI, GALATI, RO. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a74193aceb NEW |
none[none] | none:none |
none|none | none | none |
| T:01:57:00 | WinXP | 94.191.237.205 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb NEW |
none[none] | none:none |
none|none | none | none |
| 01:57:00 | WinXP | 94.191.237.205 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb NEW |
none[none] | none:none |
none|none | none | none |
| T:02:12:00 | WinXP | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] e07c29c4ae [Firefox:788 hits: 06-19 to 11-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 02:18:00 | Win2K-f | 116.125.128.136 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:199.93.44.124:80 US:204.160.104.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
2f27f1f3ed [Firefox: 2 hits: 08-24 to 09-14] baa7256c07 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:19:00 | WinXP | 123.225.86.59 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:652 hits: 01-01 to 11-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:35:00 | WinXP | 94.191.154.159 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 02:44:00 | Win2K-f | 4.137.14.216 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WEDOWEE, ALABAMA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 156 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 02:46:00 | WinXP | 203.91.176.117 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:50:00 | WinXP | 79.163.29.5 (-): IDEA, PL. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:21 hits: 10-21 to 11-03] |
none[none] | none:none |
none|none | none | none | |
| 02:56:00 | WinXP | 75.15.94.106 (-): PPPOX POOL.RBACK3.- CHI2CA, SAN LUIS OBISPO, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:02:58:00 | Win2K-f | 70.168.131.92 (COX.NET): COX COMMUNICATIONS, FALLS CHURCH, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:03:06:00 | WinXP | 41.214.181.149 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:03:13:00 | WinXP | 124.98.227.17 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 03:14:00 | WinXP | 61.217.245.235 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 17820f0d69 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:15:00 | WinXP | 123.236.41.245 (-): RELIANCE INFOCOMM LIMITED, MUMBAI, MAHARASHTRA, IN. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 63 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] b7082104e4 [Firefox:246 hits: 06-18 to 11-03] e07c29c4ae [Firefox:788 hits: 06-19 to 11-03] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| 03:20:00 | WinXP | 82.130.166.196 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, SAN SEBASTIAN, PAIS VASCO, ES. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c227716af1 NEW |
none[none] | none:none |
none|none | none | none | |
| 03:21:00 | WinXP | 79.80.156.254 (G-M-I.NET): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9eb35d0f8c NEW |
none[none] | none:none |
none|none | none | none |
| T:03:21:00 | WinXP | 79.80.156.254 (G-M-I.NET): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9eb35d0f8c NEW |
none[none] | none:none |
none|none | none | none |
| T:03:26:00 | Win2K-f | 125.58.79.10 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] b7082104e4 [Firefox:246 hits: 06-18 to 11-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 03:37:00 | WinXP | 161.53.141.207 (FESB.HR): UNIVERSITY COMPUTING CENTRE, ZAGREB, GRAD ZAGREB, HR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fe12e0d1f8 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:39:00 | WinXP | 78.227.136.213 (PRESTONAUTO.COM): PROXAD INTERNET SERVICE PROVIDER IN FRANCE, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 348149f9f6 [Firefox: 3 hits: 10-30 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 03:46:00 | WinXP | 200.114.32.7 (INTERCABLE.NET.CO): TV CABLE PROMISION S.A, BUCARAMANGA, SANTANDER, CO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 163daa6b71 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:49:00 | WinXP | 114.137.162.184 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:18 hits: 10-11 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 04:11:00 | Win2K-f | 116.126.115.115 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox:31 hits: 06-18 to 11-02] bcf66a38c8 [Firefox:18 hits: 07-30 to 11-02] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:04:26:00 | WinXP | 121.254.81.113 (TCOL.COM.TW): MONAD DIGITNAMIC CORP, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:203 hits: 01-03 to 11-03] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:04:35:00 | Win2K-f | 124.241.188.52 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 57ce4acac2 [Firefox:319 hits: 06-17 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 04:37:00 | Win2K-f | 60.248.45.145 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 33 of 36 |
3c0111b617 NEW 87bf57f7f3 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:38:00 | WinXP | 98.25.127.181 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:05:04:00 | WinXP | 220.219.251.12 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:07:00 | WinXP | 81.198.232.109 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d9a4f2f314 [Firefox:11 hits: 09-29 to 10-29] |
none[none] | none:none |
none|none | none | none |
| T:05:15:00 | Win2K-f | 97.90.139.230 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.104.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:41:00 | WinXP | 83.132.150.67 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, ALMADA, SETUBAL, PT. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:11:00 | WinXP | 170.51.58.112 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:45 hits: 10-08 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 06:12:00 | WinXP | 77.56.196.56 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | eaa9422755 [Firefox: 4 hits: 10-31 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:06:12:00 | WinXP | 193.227.109.250 (-): SC SKY NET SRL, IASI, IASI, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 08f7a637d6 NEW |
none[none] | none:none |
none|none | none | none |
| 06:15:00 | Win2K-f | 61.218.193.250 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 57ce4acac2 [Firefox:319 hits: 06-17 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 57ce4acac2[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 06:20:00 | WinXP | 89.254.129.125 (-): OSTKOM, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1437 hits: 12-31 to 11-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:06:26:00 | WinXP | 114.58.87.46 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:203 hits: 01-03 to 11-03] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:36:00 | WinXP | 59.190.14.151 (EONET.NE.JP): K-OPTICOM CORPORATION, SINGAPORE, SINGAPORE, SG. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:652 hits: 01-01 to 11-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:06:42:00 | WinXP | 219.251.86.85 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 |
1509c8d024 [Firefox:40 hits: 06-17 to 10-14] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:57:00 | WinXP | 94.191.221.202 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:00:00 | WinXP | 122.130.143.53 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 07:28:00 | WinXP | 115.80.34.145 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:28:00 | WinXP | 140.239.41.138 (XO.NET): XO COMMUNICATIONS, CAMBRIDGE, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:31 hits: 06-18 to 11-01] 79c01ec060 [Firefox:73 hits: 06-18 to 11-03] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:07:39:00 | WinXP | 12.107.247.236 (DTCCOM.NET): DEKALB TELEPHONE COOPERATIVE, SMITHVILLE, TENNESSEE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:03:00 | WinXP | 117.99.52.173 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:30 hits: 10-03 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:08:12:00 | Win2K-f | 115.81.5.38 (-): . |
115.126.2.121:65520 | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
irc http 136 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 32 of 36 |
58a2179594 NEW 72c2440514 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:17:00 | WinXP | 83.97.210.2 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 4bc66a2444 NEW |
none[none] | none:none |
none|none | none | none |
| T:08:28:00 | WinXP | 41.214.181.68 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:08:31:00 | Win2K-f | 89.207.71.143 (-): JOINT STOCK COMPANY SVYAZIST, RU. |
115.126.2.121:65520 | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
445 | pcap | raw alerts ruleset |
irc 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 08:38:00 | WinXP | 118.169.131.114 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4ed031d88c [Firefox:11 hits: 10-20 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 08:42:00 | WinXP | 83.213.204.107 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f6710df15d NEW |
none[none] | none:none |
none|none | none | none |
| T:08:42:00 | WinXP | 83.213.204.107 (CLIENTES.EUSKALTEL.ES): GLOBAL TELECOMMUNICATION SERVICE PROVIDER, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f6710df15d NEW |
none[none] | none:none |
none|none | none | none |
| 08:44:00 | WinXP | 216.59.244.169 (EXECULINK.COM): GOLDEN TRIANGLE ON LINE, KITCHENER, ONTARIO, CA. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 8988e13dc6 [Firefox: 5 hits: 10-25 to 10-29] |
none[none] | none:none |
none|none | none | none | |
| 08:54:00 | WinXP | 24.207.55.61 (DCCNET.COM): DELTA DCCNET HIGH SPEED INTERNET, DELTA, BRITISH COLUMBIA, CA. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 71a8c0f10b NEW |
none[none] | none:none |
none|none | none | none |
| T:08:59:00 | WinXP | 4.254.239.187 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SALT LAKE CITY, UTAH, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 45d3b6bd28 [Firefox: 9 hits: 10-15 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:09:00:00 | WinXP | 87.205.244.30 (INETIA.PL): NETIA, VIENNA, WIEN, AT. (DSL) |
115.126.2.121:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 9 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 08f7a637d6 NEW |
none[none] | none:none |
none|none | none | none |
| 09:04:00 | WinXP | 170.51.74.160 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:32 hits: 10-10 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 09:09:00 | Win2K-f | 116.123.57.135 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
2e04b06527 [Firefox:16 hits: 06-18 to 11-03] 5c054291de [Firefox:10 hits: 06-18 to 10-12] |
none[4] 5c054291de[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:09:12:00 | WinXP | 117.97.199.161 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 6 hits: 09-21 to 10-14] |
none[none] | none:none |
none|none | none | none |
| T:09:23:00 | WinXP | 151.32.73.60 (32-151.IOL.IT): ITALIA ONLINE S.P.A, IT. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:26:00 | WinXP | 117.199.2.136 (-): . |
n/a | :proxim.ircgalaxy.pl 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 85742761c8 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:32:00 | Win2K-f | 71.131.139.132 (SBCGLOBAL.NET): DOMINO'S PIZZA, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:199.93.53.125:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:40:00 | WinXP | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:198.78.201.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:41:00 | WinXP | 24.82.94.76 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e7d48dcb39 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:44:00 | WinXP | 79.132.203.211 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru SE:viking.dal.net AT:graz.at.eu.undernet.org :flanders.be.eu.undernet.org SE:qis.md.us.dal.net :lulea.se.eu.undernet.org SE:broadway.ny.us.dal.net NO:london.uk.eu.undernet.org :washington.dc.us.undernet.org US:lia.zanet.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:09:48:00 | WinXP | 218.171.169.220 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 34 | 747de612f3 NEW |
none[none] | none:none |
none|none | none | none |
| 09:54:00 | WinXP | 115.69.133.40 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 [Firefox: 2 hits: 11-01 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 09:59:00 | WinXP | 87.15.149.176 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 [Firefox: 2 hits: 11-01 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 10:09:00 | WinXP | 88.166.50.59 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b7ba8daae1 [Firefox:10 hits: 10-15 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 10:10:00 | WinXP | 89.218.218.149 (ADSL.ONLINE.KZ): KAZAKHTELECOM DATA NETWORK ADMINISTRATION, KZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox: 8 hits: 10-09 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:10:10:00 | WinXP | 71.111.62.235 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BEAVERTON, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] e07c29c4ae [Firefox:788 hits: 06-19 to 11-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:11:00 | WinXP | 65.25.107.66 (RR.COM): ROAD RUNNER HOLDCO LLC, CANTON, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] b7082104e4 [Firefox:246 hits: 06-18 to 11-03] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 10:15:00 | WinXP | 211.119.72.250 (BORA.NET): BORANET-NET, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:199.93.41.126:80 US:207.123.37.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 222 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 34 34 of 36 |
3060fff5c0 [Firefox: 5 hits: 08-22 to 11-03] a7d11d75cd [Firefox: 5 hits: 08-22 to 11-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 10:30:00 | WinXP | 93.163.57.18 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:28 hits: 01-20 to 10-31] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:10:40:00 | WinXP | 93.177.213.20 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4e51abcf57 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:46:00 | WinXP | 75.177.174.143 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:120 hits: 01-14 to 11-02] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 10:46:00 | WinXP | 201.69.193.97 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 519def95b1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:48:00 | WinXP | 201.69.193.97 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
32 of 36 | 519def95b1 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:52:00 | WinXP | 203.75.203.221 (ARTSUN.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:zonetech.info CA:alwayssam.com |
135 | pcap | raw alerts ruleset |
irc http 797 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 34 of 36 15 of 36 |
41b9df60db NEW aee7370f28 NEW cada8d5adf [Firefox: 2 hits: 11-03 to 11-03] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:11:03:00 | WinXP | 66.153.193.78 (SCCOAST.NET): HTC - DIAL-UP INTERNET POOL, CONWAY, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] e07c29c4ae [Firefox:788 hits: 06-19 to 11-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 11:12:00 | Win2K-f | 202.107.247.8 (CNINFO.NET): CHINANET-ZJ QUZHOU NODE NETWORK, BEIJING, BEIJING, CN. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.125:80 US:207.123.37.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:15:00 | WinXP | 79.124.108.53 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:30 hits: 10-03 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:11:19:00 | WinXP | 119.154.27.147 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bb55ca17eb NEW |
none[none] | none:none |
none|none | none | none |
| 11:20:00 | WinXP | 203.118.232.101 (-): GRAND TAINAN TECHNOLOGY CO.LTD, TAINAN, KAO-HSIUNG, TW. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 8a75608b93 NEW |
none[none] | none:none |
none|none | none | none |
| 11:30:00 | WinXP | 87.58.9.98 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 31b8bb70f7 [Firefox: 4 hits: 10-06 to 10-27] |
none[none] | none:none |
none|none | none | none |
| T:11:36:00 | WinXP | 77.253.140.48 (COM.PL): NETIA, PL. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:45 hits: 10-08 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:11:43:00 | WinXP | 80.218.96.178 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 217de26957 [Firefox: 3 hits: 10-27 to 10-30] |
none[none] | none:none |
none|none | none | none |
| 11:53:00 | WinXP | 75.177.169.33 (RR.COM): ROAD RUNNER HOLDCO LLC, RALEIGH, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 12:00:00 | WinXP | 77.56.49.152 (HISPEED.CH): CABLECOM, CH. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8001873dd NEW |
none[none] | none:none |
none|none | none | none |
| T:12:01:00 | WinXP | 77.56.49.152 (HISPEED.CH): CABLECOM, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b8001873dd NEW |
none[none] | none:none |
none|none | none | none |
| 12:17:00 | WinXP | 68.151.179.156 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 31 of 36 |
8bd43ae737 NEW d058cd6afc NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 12:34:00 | WinXP | 85.110.237.118 (TTNET.NET.TR): TT ADSL-ALCATEL DYNAMIC_ULUS, TR. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 994a21dde0 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:41:00 | WinXP | 4.190.160.148 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:120 hits: 01-14 to 11-02] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 12:42:00 | Win2K-f | 67.246.199.19 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:35 hits: 06-17 to 10-28] 41efedf70f [Firefox:34 hits: 06-19 to 10-28] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 12:48:00 | WinXP | 78.159.88.206 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb NEW |
none[none] | none:none |
none|none | none | none |
| T:12:54:00 | WinXP | 137.118.219.197 (NEONOVA.NET): NEONOVA NETWORK SERVICES, US. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1e3cef226f NEW |
none[none] | none:none |
none|none | none | none |
| T:13:00:00 | WinXP | 83.4.251.249 (TPNET.PL): NEOSTRADA PLUS, TYCHY, SLASKIE, PL. (DSL) |
n/a | :proxima.ircgalaxy.pl RU:moscow-advokat.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox: 9 hits: 10-06 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:13:06:00 | WinXP | 117.97.124.171 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | c26fc3c9a3 [Firefox: 6 hits: 09-21 to 10-14] |
none[none] | none:none |
none|none | none | none |
| 13:08:00 | WinXP | 77.56.194.159 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eaa9422755 [Firefox: 4 hits: 10-31 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:13:09:00 | WinXP | 77.56.194.159 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eaa9422755 [Firefox: 4 hits: 10-31 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 13:12:00 | WinXP | 137.118.184.137 (ACTACCESS.NET): NEONOVA NETWORK SERVICES, US. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1e3cef226f NEW |
none[none] | none:none |
none|none | none | none |
| 13:14:00 | WinXP | 78.34.50.81 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8c10e184d NEW |
none[none] | none:none |
none|none | none | none |
| T:13:23:00 | WinXP | 88.166.218.62 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 36 | a1c572df66 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:30:00 | WinXP | 151.67.223.206 (38-151.NET24.IT): IUNET-BNET, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9eb35d0f8c NEW |
none[none] | none:none |
none|none | none | none |
| 13:33:00 | Win2K-f | 211.179.101.21 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 88 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 33 |
023977790d [Firefox: 2 hits: 09-24 to 10-11] 53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] |
none[none] none [4] |
none:none none:none |
none|none tElock| |
none none |
none trace |
| T:13:36:00 | WinXP | 87.251.203.22 (RP80.SE): WEBTECHNORD-SANDVIKEN-NET, STOCKHOLM, STOCKHOLM, SE. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru 115.126.2.121:80 UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | fd78b71142 NEW |
none[none] | none:none |
none|none | none | none |
| 13:51:00 | Win2K-f | 203.91.191.104 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 13:55:00 | WinXP | 70.118.226.184 (RR.COM): ROAD RUNNER HOLDCO LLC, LAKELAND, FLORIDA, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:08:00 | WinXP | 61.229.121.134 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | ce1a18eaa8 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:09:00 | WinXP | 217.201.168.115 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 3daacf4294 [Firefox: 2 hits: 11-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 14:17:00 | Win2K-f | 24.78.45.161 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:31 hits: 09-12 to 11-02] 321f4fc27d [Firefox:31 hits: 09-12 to 11-02] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 14:27:00 | Win2K-f | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 14:28:00 | WinXP | 70.67.139.158 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NANAIMO, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:11 hits: 10-14 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:14:34:00 | WinXP | 190.183.70.65 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2afd89521c NEW |
none[none] | none:none |
none|none | none | none |
| T:14:37:00 | WinXP | 118.216.26.27 (-): . |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com 115.126.2.121:65520 US:192.221.99.124:80 US:199.93.41.124:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 32 30 of 32 |
475d9a7753 [Firefox:10 hits: 06-22 to 10-22] e9a7fa27d5 [Firefox:10 hits: 06-22 to 10-22] |
none[4] e9a7fa27d5[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:14:42:00 | WinXP | 98.135.137.179 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 14:53:00 | WinXP | 189.48.161.228 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1437 hits: 12-31 to 11-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:03:00 | WinXP | 70.77.193.245 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
other 166 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:40 hits: 06-18 to 10-31] e53a9ea82e [Firefox:39 hits: 06-18 to 10-31] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:15:06:00 | WinXP | 92.250.79.206 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | ce1a18eaa8 NEW |
none[none] | none:none |
none|none | none | none |
| 15:12:00 | WinXP | 204.193.221.180 (QWEST.NET): QWEST BROADBAND SERVICES INC, DENVER, COLORADO, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c198ee4e94 [Firefox: 6 hits: 10-20 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 15:16:00 | WinXP | 88.163.109.247 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a53c09baef NEW |
none[none] | none:none |
none|none | none | none |
| 15:19:00 | WinXP | 75.186.153.49 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 15:23:00 | Win2K-f | 70.58.38.238 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, SALT LAKE CITY, UTAH, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:28:00 | WinXP | 170.51.104.80 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f17f896658 [Firefox: 3 hits: 10-26 to 10-29] |
none[none] | none:none |
none|none | none | none |
| 15:33:00 | WinXP | 75.46.213.233 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.LTRKAR, LITTLE ROCK, ARKANSAS, US. |
177.43.154.3:135 | 135 | pcap | raw alerts ruleset |
ftp 18 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 32 | b47155634c [Firefox: 2 hits: 01-01 to 02-19] |
c8bc9230a1 [0] | ASM:Graph |
FSG| | lines=49 | trace | |
| T:15:33:00 | Win2K-f | 75.46.213.233 (SBCGLOBAL.NET): PPPOX POOL - RBACK7.LTRKAR, LITTLE ROCK, ARKANSAS, US. |
n/a | :yandex.ru EU:77.88.21.11:25 |
135 | pcap | raw alerts ruleset |
ftp 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | b47155634c [Firefox: 2 hits: 01-01 to 02-19] |
c8bc9230a1 [0] | ASM:Graph |
FSG| | lines=49 | trace |
| 15:59:00 | WinXP | 71.106.172.157 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:525 hits: 01-05 to 11-03] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:16:04:00 | WinXP | 219.162.38.55 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:23:00 | Win2K-f | 4.160.24.210 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CINCINNATI, OHIO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.126.124:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 159 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
afe30eff1c NEW d14560f16a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:33:00 | WinXP | 88.163.52.204 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 5c7a2bd95a NEW |
none[none] | none:none |
none|none | none | none |
| 16:35:00 | WinXP | 66.50.120.166 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 7 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 35 | e6cfd91cbc [Firefox: 2 hits: 10-31 to 11-01] |
none[none] | none:none |
none|none | none | none |
| T:16:36:00 | WinXP | 189.66.138.130 (-): . |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:606 hits: 01-01 to 11-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 16:39:00 | Win2K-f | 208.117.117.27 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:39:00 | Win2K-f | 124.195.158.22 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:47:00 | WinXP | 87.78.192.105 (NETCOLOGNE.DE): NETCOLOGNE GMBH, COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) |
n/a | UA:citi-bank.ru :adult-empire.com UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 4 hits: 10-26 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 17:06:00 | Win2K-f | 123.212.119.64 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 4c3df24b32 [Firefox:237 hits: 06-17 to 11-03] |
4c3df24b32 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:17:12:00 | WinXP | 114.48.46.66 (-): . |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f24bd35aa7 [Firefox: 4 hits: 10-26 to 10-27] |
none[none] | none:none |
none|none | none | none |
| 17:15:00 | WinXP | 24.92.189.231 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] e07c29c4ae [Firefox:788 hits: 06-19 to 11-03] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:17:36:00 | WinXP | 88.170.169.102 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 7 hits: 10-11 to 10-27] |
none[none] | none:none |
none|none | none | none |
| 17:36:00 | WinXP | 88.170.169.102 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 7 hits: 10-11 to 10-27] |
none[none] | none:none |
none|none | none | none |
| 17:50:00 | Win2K-f | 4.246.42.83 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAPITOLA, CALIFORNIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
http 161 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:51:00 | WinXP | 67.150.125.43 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1437 hits: 12-31 to 11-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:54:00 | Win2K-f | 4.164.183.111 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OMAHA, NEBRASKA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] b5919931fe [Firefox:1056 hits: 06-20 to 11-03] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 17:57:00 | WinXP | 195.162.58.215 (OTTS.RU): OMSK TELEGRAPH TELEPHONE STATION, OMSK, OMSKAYA OBLAST', RU. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1437 hits: 12-31 to 11-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 18:09:00 | Win2K-f | 70.182.79.90 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 303 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 119cdb01eb [Firefox: 4 hits: 10-11 to 10-15] |
none[none] | none:none |
none|none | none | none |
| 18:19:00 | WinXP | 68.149.149.240 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 9a5473abde NEW |
none[none] | none:none |
none|none | none | none |
| 18:32:00 | WinXP | 69.107.174.37 (PACBELL.NET): 3CIM INC, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.124:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 |
1f59c01aef [Firefox:16 hits: 08-01 to 11-03] dc92683d9a [Firefox:23 hits: 06-19 to 11-03] |
none[none] dc92683d9a[1] |
none:none ASM:Graph |
none|none Armadillo| |
none lines=82 |
none trace |
| T:18:35:00 | WinXP | 97.77.49.110 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 34 | a7003c5a33 [Firefox:15 hits: 10-21 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:18:38:00 | WinXP | 24.84.105.97 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, LANGLEY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
28ce5fc467 [Firefox: 8 hits: 09-12 to 11-03] e7335cb667 [Firefox: 8 hits: 09-12 to 11-03] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:49:00 | WinXP | 61.201.187.97 (ODN.AD.JP): OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:652 hits: 01-01 to 11-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:18:54:00 | Win2K-f | 209.252.105.169 (MCLEODUSA.NET): MDI ACCESS, ROCHESTER, MINNESOTA, US. |
n/a | US:microsoft.com :proxim.ircgalaxy.pl US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
28 of 36 35 of 36 |
495aff77e9 NEW 6fcefc1f4f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:16:00 | WinXP | 12.218.183.243 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, COLUMBUS, GEORGIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:19:28:00 | WinXP | 71.160.200.208 (VERIZON.NET): VERIZON INTERNET SERVICES INC, POST FALLS, IDAHO, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:38:00 | Win2K-f | 172.129.188.241 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 29 of 33 |
3373948767 [Firefox:38 hits: 07-03 to 10-31] c73f738c30 [Firefox:38 hits: 07-03 to 10-31] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:47:00 | WinXP | 209.60.99.140 (FAST.NET): FASTNET CORPORATION, BETHLEHEM, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru SE:viking.dal.net US:lia.zanet.net :washington.dc.us.undernet.org :lulea.se.eu.undernet.org SE:broadway.ny.us.dal.net :brussels.be.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:19:47:00 | WinXP | 209.60.99.140 (FAST.NET): FASTNET CORPORATION, BETHLEHEM, PENNSYLVANIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 20:01:00 | Win2K-f | 211.245.237.61 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 136 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 31 of 33 |
87bd0a062f [Firefox:10 hits: 06-29 to 10-15] c7d6018f97 [Firefox:10 hits: 06-29 to 10-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:02:00 | WinXP | 130.13.73.179 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 4d9fda377d [Firefox: 6 hits: 10-22 to 10-30] |
none[none] | none:none |
none|none | none | none |
| 20:34:00 | Win2K-f | 76.244.176.42 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.73.126:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:34:00 | WinXP | 75.80.93.236 (RR.COM): ROAD RUNNER HOLDCO LLC, BAKERSFIELD, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:20:35:00 | Win2K-f | 71.122.155.205 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BARTOW, FLORIDA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:40:00 | WinXP | 59.146.125.221 (SO-NET.NE.JP): SO-NET SERVICE, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:652 hits: 01-01 to 11-03] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:40:00 | WinXP | 190.30.196.94 (NET.AR): APOLO -GOLD-TELECOM-PER, CORDOBA, CORDOBA, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox: 8 hits: 10-09 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:20:42:00 | WinXP | 61.229.158.17 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:20:46:00 | WinXP | 68.189.148.0 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox: 2 hits: 11-03 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 21:38:00 | Win2K-f | 24.29.43.79 (RR.COM): ROAD RUNNER HOLDCO LLC, ALBANY, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] a08f3b74a4 [Firefox:1322 hits: 06-18 to 11-03] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:39:00 | WinXP | 72.174.70.48 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b07d6955cd NEW |
none[none] | none:none |
none|none | none | none |
| 21:59:00 | WinXP | 24.174.13.12 (CARRERACOMMUNICATIONS.NET): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com :www.proxy-socks.net :wpad US:spi.domainsponsor.com RU:www.bbin.ru US:208.73.210.121:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 10 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:606 hits: 01-01 to 11-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:22:06:00 | WinXP | 218.163.3.105 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:827 hits: 12-31 to 11-03] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 22:09:00 | WinXP | 122.146.243.23 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.124:80 US:205.128.70.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3709 hits: 06-17 to 11-03] 73f1082158 [Firefox:1852 hits: 06-18 to 11-03] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:11:00 | WinXP | 88.161.63.113 (PROXAD.NET): PROXAD / FREE SAS, FR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 771f87c713 [Firefox: 2 hits: 11-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:22:11:00 | WinXP | 88.161.63.113 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 771f87c713 [Firefox: 2 hits: 11-02 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:22:22:00 | WinXP | 76.175.23.230 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:28 hits: 01-01 to 10-25] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| T:22:41:00 | WinXP | 118.86.76.159 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
0b951c2832 [Firefox: 8 hits: 08-19 to 10-31] e4ed4df0f0 [Firefox: 8 hits: 08-19 to 10-31] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:22:54:00 | WinXP | 89.116.135.241 (ERDVES.LT): SC LITHUANIAN RADIO AND TV CENTER, VILNIUS, VILNIAUS APSKRITIS, LT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:32 hits: 10-10 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:22:56:00 | WinXP | 122.21.237.152 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 07cf2e82e3 NEW |
none[none] | none:none |
none|none | none | none |
| 22:59:00 | WinXP | 92.46.164.1 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox: 4 hits: 11-02 to 11-03] |
none[none] | none:none |
none|none | none | none |
| 23:03:00 | WinXP | 76.250.194.245 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:507 hits: 12-31 to 11-03] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:12:00 | WinXP | 118.86.76.159 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:19:00 | WinXP | 98.140.229.241 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:36:00 | WinXP | 87.57.144.35 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1f00284aa7 [Firefox: 5 hits: 10-13 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 23:37:00 | WinXP | 220.109.14.62 (PLALA.OR.JP): PLALA NETWORKS INC, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 7f7b9ecb22 NEW |
none[none] | none:none |
none|none | none | none | |
| 23:39:00 | WinXP | 93.126.116.18 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1437 hits: 12-31 to 11-03] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 23:52:00 | Win2K-f | 70.237.179.20 (-): BARREWOODS, KANSAS CITY, MISSOURI, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:23:53:00 | WinXP | 4.244.222.1 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad US:208.73.210.121:80 DE:217.11.54.126:80 |
445 | pcap | raw alerts ruleset |
http http http http 30 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:606 hits: 01-01 to 11-03] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:23:57:00 | WinXP | 219.162.41.210 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | :proxim.ircgalaxy.pl ES:tele-pc.com IT:macedonia.my1.ru CN:jrsx.jre.net.cn PL:tunska.komrel.net US:www.hkwebguru.com ES:www.familiaordonez.com AU:ozfloorball.com |
445 | pcap | raw alerts ruleset |
shell ftp 39 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 516add0428 NEW |
none[none] | none:none |
none|none | none | none |