|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:05:00 | Win2K-f | 122.52.66.18 (PLDT.NET): IPG, PH. |
n/a | US:microsoft.com US:download.microsoft.com :proxim.ircgalaxy.pl US:198.78.201.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 127 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 32 |
16874933ea [Firefox:60 hits: 06-18 to 11-06] 76ee340669 [Firefox:60 hits: 06-18 to 11-06] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
16874933ea [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| ASProtect| |
lines=82 none lines=90 |
trace trace trace |
| 00:09:00 | Win2K-f | 124.241.144.82 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:19:00 | WinXP | 70.62.226.28 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
15 of 36 13 of 36 |
5db0ec83f4 NEW df157c297c NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:00:22:00 | WinXP | 86.97.252.208 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, SHARJAH, ASH SHARIQAH, AE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:26:00 | WinXP | 24.86.124.146 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 579 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 36 | 739739a85a NEW |
none[none] | none:none |
none|none | none | none | |
| 00:28:00 | WinXP | 115.83.169.25 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:205.128.73.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
58a2179594 NEW 72c2440514 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:48:00 | WinXP | 60.248.37.67 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:49:00 | WinXP | 59.104.254.15 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f4bffb9e96 NEW |
none[none] | none:none |
none|none | none | none |
| T:00:51:00 | WinXP | 84.237.205.57 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 4246aed71d NEW |
none[none] | none:none |
none|none | none | none |
| 01:16:00 | WinXP | 78.139.155.182 (-): CAUCASUS NETWORK LTD, GE. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 7530118606 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:18:00 | WinXP | 24.85.82.128 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
72.10.172.218:9928 | CA:dong.nagitiriheiwu.net CA:teek.ihshsd8.com CA:72.10.169.26:2293 CA:72.10.169.26:80 |
135 | pcap | raw alerts ruleset |
irc 285 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 | 5982f6fc33 NEW |
none[none] | none:none |
none|none | none | none |
| 01:21:00 | WinXP | 82.254.90.88 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9dab636a01 [Firefox: 2 hits: 07-09 to 08-08] |
none[none] | none:none |
none|none | none | none |
| T:01:24:00 | Win2K-f | 71.130.22.21 (PACBELL.NET): WILLIAM MARTINEZ DBA, PLANO, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.70.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:43:00 | WinXP | 211.178.55.152 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 33 |
168aab35a3 [Firefox:185 hits: 06-17 to 11-07] 4c3df24b32 [Firefox:241 hits: 06-17 to 11-05] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[4] 4c3df24b32[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:01:45:00 | WinXP | 92.84.22.17 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 [Firefox:11 hits: 11-01 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:01:52:00 | WinXP | 193.227.109.250 (-): SC SKY NET SRL, IASI, IASI, RO. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 08f7a637d6 [Firefox: 4 hits: 11-04 to 11-06] |
none[none] | none:none |
none|none | none | none |
| T:01:54:00 | WinXP | 77.253.102.152 (COM.PL): NETIA, PL. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 08f7a637d6 [Firefox: 4 hits: 11-04 to 11-06] |
none[none] | none:none |
none|none | none | none |
| 01:58:00 | Win2K-f | 61.221.167.96 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:199.93.53.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 57ce4acac2 [Firefox:328 hits: 06-17 to 11-07] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:00:00 | WinXP | 88.141.150.26 (GAOLAND.NET): INTERNET RESIDENTIEL CEGETEL FRANCE, FR. |
n/a | UA:citi-bank.ru :makemegood24.com :73769.makemegood24.com :aaakemegood24.com :perfectchoice1.com :7393e.perfectchoice1.com **:bparfectchoice1.com DE:cash-ddt.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:20 hits: 10-11 to 11-05] |
none[none] | none:none |
none|none | none | none |
| 02:08:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 53 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:02:11:00 | Win2K-f | 172.133.110.36 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 210 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 29 of 33 0 of 32 |
0474b4b09f [Firefox:13 hits: 09-24 to 11-05] 1c3210698a [Firefox:15 hits: 07-13 to 11-05] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:02:12:00 | Win2K-f | 203.91.180.130 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:13:00 | WinXP | 71.115.148.241 (VERIZON.NET): VERIZON INTERNET SERVICES INC, DENTON, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 02:22:00 | Win2K-f | 203.91.180.130 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 1009 lines |
Yeah : 1.3 profile |
none | summary tarball |
13 of 36 15 of 36 |
594676857c NEW 5db0ec83f4 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| T:02:22:00 | WinXP | 92.114.233.177 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 68de8072e3 NEW |
none[none] | none:none |
none|none | none | none |
| 02:23:00 | WinXP | 92.114.233.177 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 68de8072e3 NEW |
none[none] | none:none |
none|none | none | none |
| 02:30:00 | WinXP | 114.48.139.34 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-02.mx.aol.com US:ftp.newaol.com US:yutunrz.1dumb.com US:mailin-03.mx.aol.com UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http http 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
1 of 36 35 of 36 |
7b0b91d5ce NEW e2b7a05dbb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:02:31:00 | WinXP | 114.48.139.34 (-): . |
194.54.90.246:80 | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-03.mx.aol.com SE:ftp.icq.com US:yutunrz.1dumb.com US:mailin-02.mx.aol.com US:http.icq.com.edgesuite.net **:glilepv.1dumb.com **:mlxvdl.3-a.net :xfbdspu.dynserv.com :qbycxpxz.afraid.org **:gypzmaudtlv.hn.org US:znvibonyf.yi.org UA:citi-bank.ru US:143.215.15.145:80 |
445 | pcap | raw alerts ruleset |
http http 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | e2b7a05dbb NEW |
none[none] | none:none |
none|none | none | none |
| 03:11:00 | Win2K-f | 219.174.36.53 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, TOKYO, TOKYO, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 03:11:00 | WinXP | 218.210.133.158 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
http 204 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 0 of 33 |
87e1117f2a [Firefox:31 hits: 07-18 to 11-06] b4fe4581c3 [Firefox:31 hits: 07-18 to 11-06] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 03:20:00 | Win2K-f | 69.105.29.99 (PACBELL.NET): PPPOX POOL - RBACK4.IRVNCA, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 US:204.160.104.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:36:00 | WinXP | 78.114.54.253 (CEGETEL.NET): INTERNET RESIDENTIEL CEGETEL FRANCE, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 0e5f51ee8e [Firefox:20 hits: 10-11 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:03:46:00 | WinXP | 85.132.5.200 (AZ-IX.NET): PROVIDER LOCAL REGISTRY, BAKU, ABSERON, AZ. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 113b3c92c8 NEW |
none[none] | none:none |
none|none | none | none |
| 03:54:00 | WinXP | 83.12.132.228 (TPNET.PL): CUSTOMER-IDSL, PL. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 04:31:00 | WinXP | 83.97.172.202 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 9 hits: 10-11 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:04:31:00 | WinXP | 83.97.172.202 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox: 9 hits: 10-11 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 04:36:00 | WinXP | 59.103.155.134 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 34 | a7003c5a33 [Firefox:20 hits: 10-21 to 11-06] |
none[none] | none:none |
none|none | none | none |
| T:04:45:00 | WinXP | 202.221.175.5 (BMOBILE.NE.JP): JAPAN COMMUNICATION INC, TOKYO, TOKYO, JP. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:194 hits: 01-01 to 11-06] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 04:57:00 | WinXP | 156.17.236.142 (WROC.PL): THE NETWORK COVERS WHOLE WROCLAW AREA, PL. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a5fb35c9fd NEW |
none[none] | none:none |
none|none | none | none |
| T:05:01:00 | WinXP | 83.248.59.176 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, GöTEBORG, VASTRA GOTALAND, SE. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | e50d19ea22 [Firefox: 3 hits: 10-21 to 10-30] |
none[none] | none:none |
none|none | none | none |
| 05:03:00 | WinXP | 61.229.131.128 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:05:16:00 | WinXP | 200.122.89.17 (NET.AR): PRIMA S.A, BUENOS AIRES, BUENOS AIRES, AR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 0cebd91e3d NEW |
none[none] | none:none |
none|none | none | none |
| 05:30:00 | WinXP | 79.163.175.53 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:24 hits: 10-21 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:05:30:00 | WinXP | 79.163.175.53 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:24 hits: 10-21 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:05:32:00 | WinXP | 86.123.131.30 (RDSNET.RO): RCS-RDS-FIBERLINK, PITESTI, ARGES, RO. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | aafad97b39 NEW |
none[none] | none:none |
none|none | none | none |
| 05:57:00 | WinXP | 71.14.152.92 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox: 5 hits: 11-03 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:05:58:00 | WinXP | 71.14.152.92 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox: 5 hits: 11-03 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:06:01:00 | Win2K-f | 173.16.65.241 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:06:09:00 | WinXP | 41.214.187.212 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:48 hits: 10-05 to 11-05] |
none[none] | none:none |
none|none | none | none |
| 06:14:00 | WinXP | 122.2.147.139 (PLDT.NET): IPG, PH. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3dc936f5f1 [Firefox: 2 hits: 11-05 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:06:25:00 | Win2K-f | 65.68.26.254 (SWBELL.NET): NUCOR YAMETO STEEL, BLYTHEVILLE, ARKANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:06:26:00 | WinXP | 64.130.149.215 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
http 283 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 0 of 33 34 of 36 |
dac70cc3b4 NEW e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] e0ee54a7d1 NEW |
none[none] e07c29c4ae[1] none [none] |
none:none ASM:Graph none:none |
none|none FSG| none|none |
none lines=92 none |
none trace none |
| T:06:27:00 | WinXP | 78.27.251.101 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:57 hits: 10-08 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 06:36:00 | WinXP | 59.104.98.202 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 01d3d30b02 NEW |
none[none] | none:none |
none|none | none | none |
| 06:49:00 | Win2K-f | 219.250.183.227 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 0 of 32 |
4c3df24b32 [Firefox:241 hits: 06-17 to 11-05] 53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
4c3df24b32 [1] none [4] b5919931fe[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| tElock| ASProtect| |
lines=81 none lines=90 |
trace trace trace |
| T:06:54:00 | WinXP | 79.206.88.121 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 01-01 to 11-07] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:07:02:00 | WinXP | 116.122.234.224 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 137 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
2f27f1f3ed [Firefox: 3 hits: 08-24 to 11-04] baa7256c07 [Firefox: 2 hits: 09-14 to 11-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 07:05:00 | WinXP | 89.41.89.118 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 414ae45a85 NEW |
none[none] | none:none |
none|none | none | none |
| 07:24:00 | Win2K-f | 203.88.176.61 (CTT.NE.JP): CABLE TELEVISION TOYAMA INCORPORETED, TOKYO, TOKYO, JP. |
n/a | :proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
other 310 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 5211d1d7c6 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:29:00 | WinXP | 66.65.215.253 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad |
445 | pcap | raw alerts ruleset |
http http http 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:306 hits: 01-01 to 11-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:07:49:00 | WinXP | 87.58.2.61 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8c10e184d [Firefox: 3 hits: 11-03 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:08:03:00 | WinXP | 75.79.70.163 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:844 hits: 12-31 to 11-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 08:21:00 | Win2K-f | 219.110.139.244 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 08:22:00 | WinXP | 72.253.240.31 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f4f065e88b NEW |
none[none] | none:none |
none|none | none | none |
| T:08:25:00 | WinXP | 89.44.145.215 (SMANET.RO): JUMP NETWORK SERVICES S.R.L, RO. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 04ed4d2967 NEW |
none[none] | none:none |
none|none | none | none |
| 08:31:00 | WinXP | 218.163.203.32 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, CHENNAI, TAMIL NADU, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:08:44:00 | WinXP | 125.58.65.146 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 61 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] b7082104e4 [Firefox:257 hits: 06-18 to 11-07] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[4] none [4] e07c29c4ae[1] |
none:none none:none ASM:Graph |
tElock| tElock| FSG| |
none none lines=92 |
trace trace trace |
| T:08:56:00 | Win2K-f | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:206.33.45.125:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:00:00 | WinXP | 122.19.147.242 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 01-01 to 11-07] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:08:00 | WinXP | 83.97.224.250 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:14 hits: 10-27 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 09:15:00 | WinXP | 87.15.205.235 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 [Firefox:11 hits: 11-01 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:09:16:00 | WinXP | 87.15.205.235 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 10c3e12a46 [Firefox:11 hits: 11-01 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:09:24:00 | WinXP | 210.79.133.114 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 01-01 to 11-07] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 09:41:00 | WinXP | 74.75.235.55 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:209 hits: 01-03 to 11-07] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:09:42:00 | WinXP | 74.75.235.55 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:209 hits: 01-03 to 11-07] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:45:00 | WinXP | 87.228.35.143 (-): INFOLINE ZAO, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d09f36fcfb NEW |
none[none] | none:none |
none|none | none | none |
| 09:51:00 | WinXP | 82.53.90.102 (POOL8253.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, NAPOLI, CAMPANIA, IT. |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1e3cef226f [Firefox: 6 hits: 11-04 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:09:52:00 | WinXP | 122.19.147.242 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 01-01 to 11-07] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:09:53:00 | WinXP | 114.48.51.120 (-): . |
n/a | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-04.mx.aol.com SE:ftp.icq.com US:yutunrz.1dumb.com US:mailin-02.mx.aol.com BE:ftp.scarlet.be US:mcduii.3-a.net UA:citi-bank.ru :jdjsloy.dynserv.com **:wyqggvow.afraid.org **:nttstziinpa.hn.org US:fcnhysydw.yi.org US:dlivmg.1dumb.com US:neytteybbo.3-a.net :fzzdik.dynserv.com US:143.215.15.145:80 UA:194.54.90.246:80 US:64.12.137.89:25 US:69.31.121.50:80 |
445 | pcap | raw alerts ruleset |
http http 69 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e2b7a05dbb NEW |
none[none] | none:none |
none|none | none | none |
| T:10:04:00 | WinXP | 93.156.106.45 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru SE:qis.md.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 3f4618b880 NEW |
none[none] | none:none |
none|none | none | none |
| 10:04:00 | WinXP | 93.156.106.45 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3f4618b880 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:04:00 | WinXP | 206.251.71.168 (LINKLINE.COM): LINKLINE COMMUNICATIONS INC, MARIETTA, GEORGIA, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox:13 hits: 11-02 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 10:09:00 | WinXP | 76.177.79.223 (RR.COM): ROAD RUNNER HOLDCO LLC, LONDON, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[4] a08f3b74a4[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 10:13:00 | WinXP | 66.103.120.85 (CTSIOK.NET): CHICKASAW TELECOMMUNICATIONS SERVICES INC, STILLWATER, OKLAHOMA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox: 5 hits: 11-03 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 10:27:00 | Win2K-f | 65.34.30.26 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:29:00 | WinXP | 201.69.108.23 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b23ffca78e [Firefox: 7 hits: 10-24 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:10:36:00 | WinXP | 76.84.176.41 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:10:38:00 | Win2K-f | 72.64.30.16 (VERIZON.NET): VERIZON INTERNET SERVICES INC, CHARLESTON, WEST VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 10:38:00 | WinXP | 92.97.238.239 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:57 hits: 10-08 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 10:43:00 | WinXP | 91.138.31.223 (YETNET.CH): YETNET.CH CABLETV AND INTERNET PROVIDER, SCHLIEREN, ZURICH, CH. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 5f551b7bbd NEW |
none[none] | none:none |
none|none | none | none |
| T:10:46:00 | WinXP | 200.82.114.218 (NET.AR): APOLO -GOLD-TELECOM-PER, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 30b1c8ae06 [Firefox: 4 hits: 10-30 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 11:18:00 | WinXP | 170.51.74.100 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f17f896658 [Firefox: 4 hits: 10-26 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 11:28:00 | WinXP | 90.137.144.138 (SWIP.NET): SWIPNET, SE. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 5eda0ddcb7 [Firefox: 3 hits: 11-07 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:11:43:00 | WinXP | 41.214.172.34 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:36 hits: 10-03 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 11:44:00 | WinXP | 41.214.172.34 (-): . |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:36 hits: 10-03 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:11:49:00 | WinXP | 68.183.128.103 (DSLEXTREME.COM): DSL EXTREME, US. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b81df3157e NEW |
none[none] | none:none |
none|none | none | none |
| T:12:04:00 | WinXP | 124.241.173.149 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 0 of 33 |
4c3df24b32 [Firefox:241 hits: 06-17 to 11-05] dbce870f48 [Firefox: 7 hits: 07-03 to 08-14] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
4c3df24b32 [1] none [none] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| none|none FSG| |
lines=81 none lines=92 |
trace none trace |
| 12:17:00 | Win2K-f | 71.120.73.141 (VERIZON.NET): VERIZON INTERNET SERVICES INC, BLOOMINGTON, ILLINOIS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:12:35:00 | WinXP | 88.104.227.91 (AS9105.COM): TISCALI UK LTD, MANCHESTER, ENGLAND, UK. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 12:36:00 | WinXP | 88.104.227.91 (AS9105.COM): TISCALI UK LTD, MANCHESTER, ENGLAND, UK. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:00:00 | WinXP | 75.79.51.39 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.53.126:80 US:207.123.37.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:08:00 | WinXP | 93.102.12.41 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox:10 hits: 10-09 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 13:13:00 | WinXP | 82.249.229.5 (PROXAD.NET): PROXAD / FREE SAS, FOURMIES, NORD-PAS-DE-CALAIS, FR. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox: 4 hits: 10-26 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 13:13:00 | WinXP | 41.210.219.79 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e3e8735196 NEW |
none[none] | none:none |
none|none | none | none |
| T:13:16:00 | WinXP | 62.248.18.88 (TTNET.NET.TR): TELEKOM, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:22:00 | Win2K-f | 98.141.161.136 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 13:26:00 | WinXP | 81.40.248.124 (RIMA-TDE.NET): TELEFONICA DE ESPANA SAU, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:55:00 | WinXP | 94.191.174.105 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:75 hits: 09-13 to 11-06] |
none[none] | none:none |
none|none | none | none |
| T:13:56:00 | WinXP | 94.191.174.105 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:75 hits: 09-13 to 11-06] |
none[none] | none:none |
none|none | none | none |
| T:14:11:00 | WinXP | 59.133.222.201 (DION.NE.JP): DION (KDDI CORPORATION), NAGASAKI, NAGASAKI, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 14:34:00 | WinXP | 66.65.215.253 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :wpad RU:www.bbin.ru RU:195.200.213.54:80 |
445 | pcap | raw alerts ruleset |
http http http 19 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:306 hits: 01-01 to 11-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| T:14:37:00 | WinXP | 203.184.1.205 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, NZ. |
n/a | DE:siliconfireware.ru US:searchportal.information.com :wpad :www.proxy-socks.net DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:306 hits: 01-01 to 11-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 14:46:00 | Win2K-f | 4.174.181.34 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CAMDEN, NEW JERSEY, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 15:09:00 | WinXP | 68.151.52.88 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, EDMONTON, ALBERTA, CA. (DSL) |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b81df3157e NEW |
none[none] | none:none |
none|none | none | none |
| T:15:10:00 | WinXP | 201.5.82.5 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | e178aa51ec NEW |
none[none] | none:none |
none|none | none | none |
| T:15:10:00 | WinXP | 68.145.226.217 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | RU:moscow-advokat.ru :lulea.se.eu.undernet.org SE:viking.dal.net SE:coins.dal.net :washington.dc.us.undernet.org SE:ced.dal.net SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:844 hits: 12-31 to 11-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:27:00 | WinXP | 217.202.210.173 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 99cdac0f7e NEW |
none[none] | none:none |
none|none | none | none |
| 15:29:00 | WinXP | 82.15.41.177 (NTL.COM): NTL INFRASTRUCTURE - BAGULEY, HARTLEPOOL, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:15:33:00 | WinXP | 195.174.237.126 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ANKARA, ANKARA, TR. |
n/a | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:11 hits: 10-29 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 15:39:00 | WinXP | 207.5.157.107 (SUSCOM-MAINE.NET): GREAT WORKS INTERNET, BRUNSWICK, MAINE, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 50 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:15:48:00 | WinXP | 41.214.148.161 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3416b0812c NEW |
none[none] | none:none |
none|none | none | none |
| 15:48:00 | WinXP | 41.214.148.161 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0d2740acc9 [Firefox: 6 hits: 10-14 to 11-06] |
none[none] | none:none |
none|none | none | none |
| T:15:49:00 | WinXP | 210.3.218.72 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 98 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 35 of 36 |
5364f689f4 NEW ca2680af58 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:15:56:00 | WinXP | 216.8.194.168 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:14 hits: 10-27 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 16:05:00 | WinXP | 4.252.135.155 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SYCAMORE, ILLINOIS, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 16:14:00 | WinXP | 124.241.173.149 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | :proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.37.123:80 US:207.123.46.126:80 EU:79.132.211.25:65520 |
135 | pcap | raw alerts ruleset |
other 86 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
4c3df24b32 [Firefox:241 hits: 06-17 to 11-05] dbce870f48 [Firefox: 7 hits: 07-03 to 08-14] |
4c3df24b32 [1] none [none] |
ASM:Graph none:none |
Armadillo| none|none |
lines=81 none |
trace none |
| T:16:21:00 | WinXP | 190.137.12.211 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:45 hits: 09-17 to 11-05] |
none[none] | none:none |
none|none | none | none |
| 16:21:00 | WinXP | 190.137.12.211 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:45 hits: 09-17 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:16:47:00 | WinXP | 24.69.3.182 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 0 of 33 |
2778910f2e NEW 7f3f6fd066 NEW e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 16:47:00 | Win2K-f | 70.70.143.180 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
85399e0032 NEW 861904d477 NEW b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:16:47:00 | WinXP | 4.235.156.68 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, OCALA, FLORIDA, US. (DIAL) |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 1594b25284 NEW |
none[none] | none:none |
none|none | none | none |
| 16:58:00 | WinXP | 190.18.193.18 (-): . |
n/a | RU:moscow-advokat.ru AT:graz.at.eu.undernet.org :flanders.be.eu.undernet.org :washington.dc.us.undernet.org BE:london.uk.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:broadway.ny.us.dal.net :los-angeles.ca.us.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:57 hits: 10-08 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:16:59:00 | WinXP | 190.18.193.18 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:57 hits: 10-08 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:17:00:00 | WinXP | 189.49.111.219 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru SE:viking.dal.net SE:ced.dal.net :los-angeles.ca.us.undernet.org :lulea.se.eu.undernet.org :brussels.be.eu.undernet.org SE:ozbytes.dal.net SE:vancouver.dal.net :washington.dc.us.undernet.org SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:844 hits: 12-31 to 11-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:03:00 | WinXP | 81.57.58.69 (PROXAD.NET): PROXAD / FREE TELECOM, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :brussels.be.eu.undernet.org :los-angeles.ca.us.undernet.org SE:ced.dal.net SE:vancouver.dal.net SE:coins.dal.net NL:london.uk.eu.undernet.org :flanders.be.eu.undernet.org US:lia.zanet.net :lulea.se.eu.undernet.org SE:viking.dal.net :washington.dc.us.undernet.org SE:broadway.ny.us.dal.net SE:qis.md.us.dal.net :caen.fr.eu.undernet.org NL:diemen.nl.eu.undernet.org RU:194.6.222.11:6667 EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4ca09ef83c NEW |
none[none] | none:none |
none|none | none | none |
| 17:03:00 | WinXP | 81.57.58.69 (PROXAD.NET): PROXAD / FREE TELECOM, PARIS, ILE-DE-FRANCE, FR. |
n/a | :proxim.ircgalaxy.pl RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:vancouver.dal.net :gaspode.zanet.org.za AT:graz.at.eu.undernet.org US:lia.zanet.net SE:ced.dal.net SE:broadway.ny.us.dal.net :flanders.be.eu.undernet.org SE:qis.md.us.dal.net NL:diemen.nl.eu.undernet.org NL:london.uk.eu.undernet.org RU:194.6.222.11:6667 EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4ca09ef83c NEW |
none[none] | none:none |
none|none | none | none |
| 17:05:00 | Win2K-f | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 EU:79.132.211.25:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:31 hits: 07-18 to 11-06] b4fe4581c3 [Firefox:31 hits: 07-18 to 11-06] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 17:11:00 | WinXP | 208.117.117.37 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:19:00 | WinXP | 189.48.210.4 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:844 hits: 12-31 to 11-07] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:17:20:00 | WinXP | 125.198.20.94 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:536 hits: 01-05 to 11-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 17:20:00 | Win2K-f | 71.117.203.49 (VERIZON.NET): VERIZON INTERNET SERVICES INC, PORTLAND, OREGON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.123:80 US:207.123.37.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:22:00 | WinXP | 91.154.236.155 (ELISA-LAAJAKAISTA.FI): ELISA, FI. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:28:00 | WinXP | 96.15.165.150 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 5e4f6ad9dc [Firefox: 8 hits: 10-20 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:17:35:00 | WinXP | 190.159.159.38 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 8dc8408225 NEW |
none[none] | none:none |
none|none | none | none |
| T:17:47:00 | WinXP | 98.135.231.216 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:75 hits: 09-13 to 11-06] |
none[none] | none:none |
none|none | none | none |
| 17:56:00 | WinXP | 83.248.123.59 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, SE. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.25:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | e50d19ea22 [Firefox: 3 hits: 10-21 to 10-30] |
none[none] | none:none |
none|none | none | none |
| T:18:01:00 | WinXP | 190.190.12.37 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0928500bb5 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:02:00 | Win2K-f | 172.190.225.49 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.46.125:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1353 hits: 06-18 to 11-07] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:07:00 | WinXP | 186.12.30.11 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 93edf77b3a NEW |
none[none] | none:none |
none|none | none | none |
| 18:19:00 | WinXP | 116.120.143.175 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:205.128.70.126:80 US:207.123.47.126:80 EU:79.132.211.25:65520 |
135 | pcap | raw alerts ruleset |
other 129 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 31 of 33 |
1951eee0cd [Firefox:16 hits: 06-18 to 11-02] e5e0dbde57 [Firefox:16 hits: 06-18 to 11-02] |
1951eee0cd [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=82 none |
trace trace |
| T:18:30:00 | WinXP | 66.65.215.253 (RR.COM): ROAD RUNNER HOLDCO LLC, CLIFTON PARK, NEW YORK, US. |
n/a | EU:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:306 hits: 01-01 to 11-07] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 18:35:00 | Win2K-f | 24.69.3.182 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VICTORIA, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.41.124:80 US:204.160.126.124:80 |
135 | pcap | raw alerts ruleset |
other 223 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
2778910f2e NEW 7f3f6fd066 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 18:38:00 | WinXP | 4.233.194.90 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 18:56:00 | WinXP | 203.184.8.206 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, AUCKLAND, AUCKLAND, NZ. |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 101 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] b7082104e4 [Firefox:257 hits: 06-18 to 11-07] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:19:18:00 | WinXP | 77.56.194.67 (SOLPA.NET): CABLECOM, ZURICH, ZURICH, CH. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | eaa9422755 [Firefox: 9 hits: 10-31 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:19:21:00 | WinXP | 122.120.97.166 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:14 hits: 10-27 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 19:25:00 | Win2K-f | 114.201.118.253 (-): . |
n/a | :proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.124:80 US:207.123.37.126:80 |
135 | pcap | raw alerts ruleset |
other 135 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 30 of 33 |
69be040d0b [Firefox: 7 hits: 06-21 to 11-06] 81bbbeac34 [Firefox: 7 hits: 06-21 to 11-06] |
none[4] 81bbbeac34[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 19:37:00 | WinXP | 114.48.35.69 (-): . |
n/a | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-02.mx.aol.com US:ftp.newaol.com US:yutunrz.1dumb.com US:mailin-01.mx.aol.com US:mcduii.3-a.net UA:citi-bank.ru US:143.215.15.145:80 UA:194.54.90.246:80 US:64.12.137.89:25 |
445 | pcap | raw alerts ruleset |
http http 69 lines |
Yeah : 0.8 profile |
none | summary tarball |
1 of 36 35 of 36 |
7a14dde05a NEW e2b7a05dbb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:19:38:00 | WinXP | 114.48.35.69 (-): . |
n/a | :proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-01.mx.aol.com SE:ftp.icq.com US:yutunrz.1dumb.com US:http.icq.com.edgesuite.net UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http http 23 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | e2b7a05dbb NEW |
none[none] | none:none |
none|none | none | none |
| 19:42:00 | Win2K-f | 60.249.118.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:199.93.44.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 57ce4acac2 [Firefox:328 hits: 06-17 to 11-07] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:46:00 | WinXP | 68.74.124.16 (AMERITECH.NET): PPPOX POOL - RBACK1 EMHRIL, CHICAGO, ILLINOIS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:20:08:00 | WinXP | 76.167.199.207 (RR.COM): ROAD RUNNER HOLDCO LLC, PACIFIC PALISADES, CALIFORNIA, US. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 492957db81 [Firefox:29 hits: 01-01 to 11-04] |
064e4d7742 [0] | ASM:Graph |
PolyEnE| | lines=69 embedded dns |
trace |
| 20:10:00 | WinXP | 92.47.133.242 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d0b4eda253 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:10:00 | WinXP | 92.47.133.242 (IKBCC.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | d0b4eda253 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:14:00 | WinXP | 75.143.206.175 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:33 hits: 10-01 to 11-05] |
none[none] | none:none |
none|none | none | none |
| T:20:24:00 | WinXP | 117.99.26.66 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:14 hits: 10-27 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 20:25:00 | WinXP | 133.205.29.187 (MESH.AD.JP): JAPAN NETWORK INFORMATION CENTER, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:668 hits: 01-01 to 11-07] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:20:25:00 | WinXP | 186.12.73.130 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:38 hits: 10-10 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 20:25:00 | WinXP | 98.25.127.181 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:36:00 | Win2K-f | 24.66.55.14 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 US:192.221.99.124:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:42 hits: 06-18 to 11-05] e53a9ea82e [Firefox:41 hits: 06-18 to 11-05] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 20:38:00 | Win2K-f | 64.139.110.70 (JCURRY): NCI DATA.COM INC, OROVILLE, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:48:00 | Win2K-f | 24.80.121.67 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.41.126:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0115338c8b [Firefox:32 hits: 09-12 to 11-04] 321f4fc27d [Firefox:32 hits: 09-12 to 11-04] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:56:00 | WinXP | 24.80.121.67 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 124 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 0 of 33 |
0115338c8b [Firefox:32 hits: 09-12 to 11-04] 321f4fc27d [Firefox:32 hits: 09-12 to 11-04] e07c29c4ae [Firefox:805 hits: 06-19 to 11-07] |
none[none] none [none] e07c29c4ae[1] |
none:none none:none ASM:Graph |
none|none none|none FSG| |
none none lines=92 |
none none trace |
| 21:21:00 | WinXP | 72.188.110.40 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:21:21:00 | WinXP | 72.188.110.40 (RR.COM): ROAD RUNNER HOLDCO LLC, ORLANDO, FLORIDA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1465 hits: 12-31 to 11-07] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:23:00 | WinXP | 4.244.220.13 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 25 lines |
Yeah : 0.8 profile |
none | summary tarball |
27 of 36 | ade75b3df3 NEW |
none[none] | none:none |
none|none | none | none |
| 21:39:00 | WinXP | 117.97.200.201 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 5 hits: 10-26 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:21:41:00 | WinXP | 117.97.200.201 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 5 hits: 10-26 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:21:51:00 | WinXP | 93.156.42.22 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
79.132.211.24:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b3a244075e NEW |
none[none] | none:none |
none|none | none | none |
| 21:56:00 | WinXP | 190.30.203.21 (NET.AR): APOLO -GOLD-TELECOM-PER, CORDOBA, CORDOBA, AR. |
79.132.211.24:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:11 hits: 10-29 to 11-07] |
none[none] | none:none |
none|none | none | none |
| T:21:57:00 | WinXP | 121.58.205.228 (-): . |
n/a | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b81df3157e NEW |
none[none] | none:none |
none|none | none | none |
| T:22:00:00 | WinXP | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 57ce4acac2 [Firefox:328 hits: 06-17 to 11-07] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:03:00 | WinXP | 208.105.171.122 (-): . |
79.132.211.24:65520 | :proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | f665a37b6c [Firefox:10 hits: 10-13 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 22:06:00 | Win2K-f | 208.100.229.167 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 7 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:22:19:00 | Win2K-f | 121.73.140.210 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 351 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
7f89b38665 [Firefox:34 hits: 08-02 to 11-07] a51a50404e [Firefox:34 hits: 08-02 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| 22:23:00 | WinXP | 122.147.96.108 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:204.160.104.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
594201690a NEW 618ce13002 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 22:25:00 | Win2K-f | 173.17.79.42 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] b5919931fe [Firefox:1087 hits: 06-20 to 11-07] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:22:26:00 | Win2K-f | 12.210.34.108 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, STREAMWOOD, ILLINOIS, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 228 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | 131351dd21 [Firefox:12 hits: 05-22 to 10-05] |
none[4] | none:none |
none|none | none | trace | |
| 22:40:00 | Win2K-f | 70.183.63.227 (COX.NET): COX COMMUNICATIONS INC, NEWPORT BEACH, CALIFORNIA, US. |
n/a | CN:imb.f6hbr.in CN:124.207.41.198:5900 |
135 | pcap | raw alerts ruleset |
other 288 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | d732dd0b4d NEW |
none[none] | none:none |
none|none | none | none |
| T:23:01:00 | WinXP | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.124:80 US:199.93.44.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:42 hits: 06-18 to 11-05] e53a9ea82e [Firefox:41 hits: 06-18 to 11-05] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| T:23:11:00 | Win2K-f | 70.60.205.20 (RR.COM): ROAD RUNNER HOLDCO LLC, FAYETTEVILLE, NORTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] 73f1082158 [Firefox:1890 hits: 06-18 to 11-07] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 23:13:00 | WinXP | 24.67.176.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox:10 hits: 10-09 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:23:13:00 | WinXP | 24.67.176.218 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, KELOWNA, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 1595515522 [Firefox:10 hits: 10-09 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 23:22:00 | WinXP | 77.37.144.14 (NCNET.RU): NCN-INFRA, RU. |
194.54.90.246:80 | :proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox:13 hits: 11-02 to 11-07] |
none[none] | none:none |
none|none | none | none |
| 23:25:00 | WinXP | 119.77.171.167 (-): . |
79.132.211.24:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 783c18d2b9 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:25:00 | WinXP | 119.77.171.167 (-): . |
79.132.211.24:65520 | :proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 783c18d2b9 NEW |
none[none] | none:none |
none|none | none | none |
| T:23:27:00 | WinXP | 222.1.235.62 (DION.NE.JP): DION (KDDI CORPORATION), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:536 hits: 01-05 to 11-07] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:23:31:00 | Win2K-f | 219.250.171.184 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 33 of 33 |
4c3df24b32 [Firefox:241 hits: 06-17 to 11-05] 53bfe15e91 [Firefox:3791 hits: 06-17 to 11-07] |
4c3df24b32 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:23:35:00 | WinXP | 83.93.192.240 (ADSL-DHCP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, AALBORG, NORDJYLLAND, DK. (DSL) |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net SE:qis.md.us.dal.net :caen.fr.eu.undernet.org :flanders.be.eu.undernet.org :brussels.be.eu.undernet.org SE:broadway.ny.us.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox:18 hits: 10-03 to 11-05] |
none[none] | none:none |
none|none | none | none |
| 23:49:00 | WinXP | 76.250.194.245 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:520 hits: 12-31 to 11-07] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace |