|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:13:00 | Win2K-f | 24.213.224.230 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:198.78.220.124:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] a08f3b74a4 [Firefox:1395 hits: 06-18 to 11-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:10:00 | WinXP | 220.142.131.60 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:857 hits: 12-31 to 11-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 01:14:00 | Win2K-f | 70.64.8.16 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:199.93.44.124:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 32 of 36 |
2e43dc0077 [Firefox:14 hits: 10-01 to 11-10] 3fd58319f0 [Firefox: 2 hits: 10-08 to 10-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:23:00 | WinXP | 24.69.187.101 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:205.128.70.126:80 US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
other 238 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 33 of 36 |
090753e602 [Firefox: 7 hits: 10-09 to 10-30] 79595a71bb [Firefox: 7 hits: 10-09 to 10-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:36:00 | WinXP | 85.103.195.194 (TTNET.NET.TR): TURK TELEKOM ADSL-ALCATEL, ISTANBUL, ISTANBUL, TR. |
n/a | RU:moscow-advokat.ru US:lia.zanet.net :los-angeles.ca.us.undernet.org :flanders.be.eu.undernet.org NL:diemen.nl.eu.undernet.org :lulea.se.eu.undernet.org :gaspode.zanet.org.za SE:ozbytes.dal.net :brussels.be.eu.undernet.org :washington.dc.us.undernet.org SE:qis.md.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 0548660ce6 NEW |
none[none] | none:none |
none|none | none | none |
| 01:48:00 | WinXP | 82.233.168.212 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox: 8 hits: 10-28 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:02:05:00 | WinXP | 115.81.108.168 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 786c3bb507 NEW |
none[none] | none:none |
none|none | none | none |
| 02:08:00 | WinXP | 119.154.15.237 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:02:09:00 | WinXP | 118.0.236.241 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:679 hits: 01-01 to 11-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 02:12:00 | Win2K-f | 125.4.2.34 (ZAQ.NE.JP): HIGASHI-OSAKA CABLE TELEVISION CO. LTD, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 33 of 33 |
07fabc79ef [Firefox:25 hits: 06-19 to 11-03] 53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] |
07fabc79ef [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 02:13:00 | WinXP | 87.121.169.4 (NETERRA.NET): NETERRAIP, BG. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 805afbac09 [Firefox: 5 hits: 10-31 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 02:29:00 | WinXP | 119.154.32.216 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 771f87c713 [Firefox: 4 hits: 11-02 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 02:38:00 | WinXP | 41.214.150.213 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox:13 hits: 10-11 to 11-09] |
none[none] | none:none |
none|none | none | none |
| 02:39:00 | WinXP | 64.139.104.242 (RCABLETV.COM): NCI DATA.COM INC, REPUBLIC, WASHINGTON, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:206.33.45.125:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:47:00 | WinXP | 118.169.217.6 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox: 8 hits: 10-28 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:02:50:00 | Win2K-f | 115.83.207.73 (-): . |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.44.124:80 US:205.128.70.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 241 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 32 of 36 |
cc91fb83d8 [Firefox: 2 hits: 10-20 to 11-09] d224be6e3b [Firefox: 2 hits: 10-20 to 11-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 02:55:00 | Win2K-f | 60.249.118.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 57ce4acac2 [Firefox:337 hits: 06-17 to 11-10] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:15:00 | WinXP | 93.144.66.212 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 6f880fc1bd NEW |
none[none] | none:none |
none|none | none | none |
| T:03:26:00 | WinXP | 122.53.35.180 (PLDT.NET): IPG, PH. |
79.132.211.24:65520 | US:microsoft.com US:download.microsoft.com EU:proxim.ircgalaxy.pl US:199.93.44.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
http irc 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 33 33 of 33 0 of 33 |
16874933ea [Firefox:61 hits: 06-18 to 11-08] 76ee340669 [Firefox:61 hits: 06-18 to 11-08] e07c29c4ae [Firefox:828 hits: 06-19 to 11-10] |
16874933ea [1] none [4] e07c29c4ae[1] |
ASM:Graph none:none ASM:Graph |
Armadillo| PolyEnE| FSG| |
lines=82 none lines=92 |
trace trace trace |
| 03:54:00 | WinXP | 82.251.235.103 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 5d7c7f2ec8 [Firefox: 4 hits: 10-25 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:03:54:00 | WinXP | 82.251.235.103 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5d7c7f2ec8 [Firefox: 4 hits: 10-25 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:04:00:00 | WinXP | 24.74.19.152 (RR.COM): ROAD RUNNER HOLDCO LLC, CHARLOTTE, NORTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:531 hits: 12-31 to 11-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:17:00 | Win2K-f | 211.201.166.38 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | EU:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com CN:fleshkatera.cn US:205.128.70.126:80 CN:211.95.79.164:80 |
135 | pcap | raw alerts ruleset |
irc http 94 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 0 of 33 0 of 32 |
1509c8d024 [Firefox:43 hits: 06-17 to 11-07] a08f3b74a4 [Firefox:1395 hits: 06-18 to 11-10] b5919931fe [Firefox:1110 hits: 06-20 to 11-10] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 04:22:00 | WinXP | 122.54.252.109 (PLDT.NET): IPG, PH. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ddb3bd55db [Firefox: 6 hits: 10-29 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 04:37:00 | WinXP | 190.18.194.176 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:70 hits: 10-08 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 04:38:00 | WinXP | 98.140.229.179 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 04:44:00 | Win2K-f | 116.123.122.99 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | US:microsoft.com EU:proxima.ircgalaxy.pl US:download.microsoft.com CN:fleshkatera.cn CN:lolika.cn CN:www.upononjob.cn CN:mulfika.cn US:do-power-scan.com :av-pro-2009.com US:192.221.110.126:80 US:192.221.99.124:80 US:207.123.37.125:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc http 100 lines |
Yeah : 1.8 profile |
none | summary tarball |
0 of 33 10 of 36 20 of 36 30 of 32 11 of 36 |
4c3df24b32 [Firefox:247 hits: 06-17 to 11-10] 565d32972d NEW 7c50c76dbc NEW 8390780c27 [Firefox:44 hits: 06-18 to 11-07] fb8f82fcb3 [Firefox:26 hits: 10-24 to 11-09] |
4c3df24b32 [1] none [none] none [none] none [4] none [none] |
ASM:Graph none:none none:none none:none none:none |
Armadillo| none|none none|none tElock| none|none |
lines=81 none none none none |
trace none none trace none |
| 04:44:00 | WinXP | 87.110.152.7 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 2881209768 [Firefox:10 hits: 10-22 to 11-02] |
none[none] | none:none |
none|none | none | none |
| T:05:19:00 | WinXP | 80.218.20.151 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | ad592e0c24 [Firefox: 2 hits: 11-10 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 05:19:00 | WinXP | 80.218.20.151 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 34 | ad592e0c24 [Firefox: 2 hits: 11-10 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:05:32:00 | WinXP | 85.176.109.64 (ALICEDSL.DE): HANSENET-ADSL, HAMBURG, HAMBURG, DE. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:123 hits: 01-14 to 11-09] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| T:05:52:00 | WinXP | 122.214.74.5 (-): G-KG0035N, JP. (100Mbps) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:544 hits: 01-05 to 11-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:05:55:00 | WinXP | 212.69.1.78 (-): BIHARNET, BA. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:10:00 | Win2K-f | 202.22.214.94 (OTV.NE.JP): GUNMA CABLE MEDIA CORP, TOKYO, TOKYO, JP. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.104.126:80 US:204.160.126.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 133 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 32 of 36 |
d8676a9adc NEW e3ed1fdcbf NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 06:19:00 | WinXP | 24.86.15.102 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox:10 hits: 11-03 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 06:20:00 | WinXP | 212.69.5.179 (-): BIHARNET, BA. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:25 hits: 10-27 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:06:28:00 | WinXP | 78.34.15.30 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:11 hits: 10-06 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:06:35:00 | Win2K-f | 75.49.225.11 (SBCGLOBAL.NET): PPPOX POOL - BRAS6.STLSMO, SOUTH FORK, MISSOURI, US. (DSL) |
79.132.211.24:65520 | 445 | pcap | raw alerts ruleset |
irc 26 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:06:35:00 | WinXP | 207.144.234.42 (INFOAVE.NET): CITIZENS COMMUNICATIONS SYSTEMS, BREVARD, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 06:48:00 | Win2K-f | 64.183.252.27 (RR.COM): ROAD RUNNER HOLDCO LLC, MESQUITE, TEXAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
http 60 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] b7082104e4 [Firefox:263 hits: 06-18 to 11-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:06:49:00 | WinXP | 87.20.193.112 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, ROME, LAZIO, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:25 hits: 10-27 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:06:52:00 | WinXP | 122.55.222.34 (PLDT.NET): IPG, PH. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 9c0ad0c1cf NEW |
none[none] | none:none |
none|none | none | none |
| T:06:54:00 | Win2K-f | 77.222.116.26 (-): INTERSVYAZ, RU. |
79.132.211.24:65520 | CN:fleshkatera.cn CN:lolika.cn CN:www.upononjob.cn EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
irc http 31 lines |
Yeah : 0.8 profile |
none | summary tarball |
10 of 36 11 of 36 |
bb02604f4e NEW fb8f82fcb3 [Firefox:26 hits: 10-24 to 11-09] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:06:57:00 | WinXP | 4.174.130.101 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PENNSYLVANIA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.104.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:20:00 | WinXP | 210.79.128.47 (MEDIATTI.NET): MEDIATTI COMMUNICATIONS INC, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:679 hits: 01-01 to 11-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 07:23:00 | WinXP | 78.56.58.209 (ZEBRA.LT): LIETUVOS, LT. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | dea9ebe9e6 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:23:00 | WinXP | 78.56.58.209 (ZEBRA.LT): LIETUVOS, LT. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | dea9ebe9e6 NEW |
none[none] | none:none |
none|none | none | none |
| T:07:30:00 | WinXP | 86.123.140.51 (RDSPT.RO): RCS-RDS-FIBERLINK, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bac73bbac0 NEW |
none[none] | none:none |
none|none | none | none |
| 07:39:00 | WinXP | 147.175.66.16 (YNET.SK): SLOVAK TECHNICAL UNIVERSITY, BRATISLAVA, BRATISLAVSKY, SK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:212 hits: 01-03 to 11-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:39:00 | WinXP | 147.175.66.16 (YNET.SK): SLOVAK TECHNICAL UNIVERSITY, BRATISLAVA, BRATISLAVSKY, SK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:212 hits: 01-03 to 11-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:55:00 | WinXP | 77.76.180.122 (-): OPTILINK, BG. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:212 hits: 01-03 to 11-09] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:06:00 | WinXP | 115.165.82.236 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:544 hits: 01-05 to 11-10] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:08:07:00 | WinXP | 41.214.174.63 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:80 hits: 09-13 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:08:07:00 | Win2K-f | 70.60.105.245 (RR.COM): ROAD RUNNER HOLDCO LLC, SAN FRANCISCO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.124:80 US:206.33.45.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:21:00 | WinXP | 65.68.26.254 (SWBELL.NET): NUCOR YAMETO STEEL, BLYTHEVILLE, ARKANSAS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 US:207.123.42.126:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:31:00 | WinXP | 92.46.149.33 (IKBCC.COM): EU-ZZ, UK. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | ad3877cadf NEW |
none[none] | none:none |
none|none | none | none |
| 08:48:00 | WinXP | 98.141.162.205 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 09:08:00 | WinXP | 80.121.58.177 (TELEKOM.AT): HIGHWAY CUSTOMERS, VIENNA, WIEN, AT. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:198 hits: 01-08 to 11-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 09:12:00 | WinXP | 41.214.185.126 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:51 hits: 10-05 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:09:30:00 | Win2K-f | 4.238.142.219 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WILMINGTON, DELAWARE, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:34:00 | WinXP | 79.138.140.194 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6b1c6d0395 [Firefox: 9 hits: 09-18 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:09:36:00 | WinXP | 83.56.135.66 (RIMA-TDE.NET): TELEFONICA DE ESPANA (NCC#2005070725), MADRID, MADRID, ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4a60e2ace3 NEW |
none[none] | none:none |
none|none | none | none |
| 09:37:00 | WinXP | 218.75.149.21 (-): CHINANET-HN CHANGDE NODE NETWORK, CHANGDE, HUNAN, CN. |
n/a | 135 | pcap | raw alerts ruleset |
other 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:00:00 | Win2K-f | 71.141.88.201 (SBCGLOBAL.NET): PPPOX POOL - RBACK33.SNFC, SAN FRANCISCO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:205.128.70.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] a08f3b74a4 [Firefox:1395 hits: 06-18 to 11-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:20:00 | WinXP | 78.99.103.150 (TELECOM.SK): SLOVAK TELECOM A. S, SK. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 04ed4d2967 [Firefox: 2 hits: 11-08 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 10:21:00 | WinXP | 93.149.108.32 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:70 hits: 10-08 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:10:24:00 | WinXP | 89.44.43.52 (PINET.RO): SC PI NET SRL, TIMISOARA, TIMIS, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 0fe6a497e1 [Firefox: 2 hits: 10-31 to 11-02] |
none[none] | none:none |
none|none | none | none |
| 10:27:00 | WinXP | 208.65.246.190 (295.CA): 3757277 CANADA INC. (OA 295.CA), KITCHENER, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:47:00 | WinXP | 24.71.151.62 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d5a5c04ab4 NEW |
none[none] | none:none |
none|none | none | none |
| 10:49:00 | WinXP | 212.69.6.16 (-): BIHARNET, BA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:25 hits: 10-27 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 10:55:00 | WinXP | 80.218.120.54 (HISPEED.CH): CABLECOMMAIN-NET, ZURICH, ZURICH, CH. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 10:57:00 | WinXP | 93.156.8.101 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 779d9aedcd NEW |
none[none] | none:none |
none|none | none | none |
| T:11:04:00 | Win2K-f | 70.67.255.162 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
12 of 36 31 of 36 |
0b7b6cbb7c NEW 5d8bafebdb NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 11:04:00 | WinXP | 89.152.217.117 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 561a30ff73 NEW |
none[none] | none:none |
none|none | none | none | |
| T:11:05:00 | WinXP | 89.152.217.117 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 561a30ff73 NEW |
none[none] | none:none |
none|none | none | none | |
| 11:07:00 | WinXP | 213.22.173.31 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 11:21:00 | Win2K-f | 75.185.184.196 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBUS, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 11:28:00 | WinXP | 4.249.240.249 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GERMANTOWN, MARYLAND, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:199.93.44.126:80 US:204.160.104.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:46:00 | WinXP | 151.80.129.188 (38-151.NET24.IT): IUNET-BNET, IT. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 11 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:16 hits: 10-29 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 11:48:00 | WinXP | 116.127.207.23 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com EU:79.132.211.24:65520 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http irc 118 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 28 of 32 0 of 33 |
8a75955033 [Firefox:45 hits: 06-20 to 11-10] 9276c8b36b [Firefox:45 hits: 06-20 to 11-10] e07c29c4ae [Firefox:828 hits: 06-19 to 11-10] |
none[4] 9276c8b36b[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:12:03:00 | WinXP | 77.75.134.29 (-): DARYA, RU. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1a56a0a450 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:11:00 | WinXP | 208.191.253.33 (SWBELL.NET): AT&T INTERNET SERVICES, LITTLE ROCK, ARKANSAS, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | d5a5c04ab4 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:17:00 | WinXP | 78.139.136.189 (-): CAUCASUS NETWORK LTD, GE. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox:25 hits: 11-02 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:12:19:00 | WinXP | 4.226.114.158 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ALLEN, TEXAS, US. (DIAL) |
n/a | RU:moscow-advokat.ru SE:coins.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:857 hits: 12-31 to 11-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 12:22:00 | WinXP | 189.126.17.69 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox:10 hits: 11-03 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 12:32:00 | WinXP | 85.152.185.174 (CM-85-152-59-10.TELECABLE.ES): TELECABLE, ES. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c5b384d22c NEW |
none[none] | none:none |
none|none | none | none |
| 12:46:00 | WinXP | 83.97.173.233 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox:13 hits: 10-11 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:12:46:00 | WinXP | 83.97.173.233 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox:13 hits: 10-11 to 11-09] |
none[none] | none:none |
none|none | none | none |
| 13:04:00 | WinXP | 85.179.147.249 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1cc50efd1f NEW |
none[none] | none:none |
none|none | none | none |
| T:13:09:00 | WinXP | 89.165.246.250 (HERTZA.RO): HERTZA COMPUTERS SRL, RO. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 7530118606 NEW |
none[none] | none:none |
none|none | none | none |
| 13:24:00 | WinXP | 77.56.55.207 (HISPEED.CH): CABLECOM, CH. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 805afbac09 [Firefox: 5 hits: 10-31 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:13:32:00 | WinXP | 94.191.131.58 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:48 hits: 10-10 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:13:37:00 | WinXP | 60.249.118.241 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 57ce4acac2 [Firefox:337 hits: 06-17 to 11-10] e07c29c4ae [Firefox:828 hits: 06-19 to 11-10] |
none[4] 57ce4acac2[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 13:41:00 | Win2K-f | 72.174.65.214 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:205.128.73.126:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:13:47:00 | Win2K-f | 216.211.247.59 (NORWOODLIGHT.COM): NORWOOD LIGHT BROADBAND, NORWOOD, MASSACHUSETTS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:199.93.53.125:80 |
135 | pcap | raw alerts ruleset |
http 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] b5919931fe [Firefox:1110 hits: 06-20 to 11-10] |
none[4] 73f1082158[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| T:13:53:00 | WinXP | 4.233.194.78 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW HAMPSHIRE, US. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:531 hits: 12-31 to 11-10] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:13:56:00 | WinXP | 217.203.134.69 (-): TELECOM ITALIA MOBILE, IT. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru :parex-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | fbb3d0b43b NEW |
none[none] | none:none |
none|none | none | none |
| 14:03:00 | WinXP | 92.84.6.234 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace | |
| T:14:14:00 | WinXP | 98.135.20.25 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:80 hits: 09-13 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 14:17:00 | WinXP | 98.135.20.25 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:80 hits: 09-13 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 14:32:00 | WinXP | 208.105.110.125 (-): . |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | e50d19ea22 [Firefox: 6 hits: 10-21 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:14:36:00 | WinXP | 76.10.25.178 (PAVLOVMEDIA.COM): VILLAGE AT CHANDLER CROSSING, EAST LANSING, MICHIGAN, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a334368630 NEW |
none[none] | none:none |
none|none | none | none |
| 14:37:00 | WinXP | 88.86.1.17 (HOST-213-178-245-10.ALOOLA.SY): SCS-NET IS AN ISP BASED IN DAMASCUS SYRIA, AMMAN, 'AMMAN, JO. |
n/a | DE:siliconfireware.ru GB:new.egg.com :wpad DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
20 of 29 | 66859f8fba NEW |
none[none] | none:none |
none|none | none | none |
| 14:41:00 | Win2K-f | 66.169.15.15 (CHARTER.COM): CHARTER COMMUNICATIONS, GREENVILLE, SOUTH CAROLINA, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | e9ee0d4d34 [Firefox: 5 hits: 09-15 to 10-08] |
none[none] | none:none |
none|none | none | none | |
| T:14:41:00 | WinXP | 62.169.110.55 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb [Firefox: 4 hits: 10-25 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:15:12:00 | WinXP | 82.207.28.88 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK IN KIEV, UA. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:857 hits: 12-31 to 11-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:13:00 | WinXP | 170.51.140.79 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:14 hits: 10-14 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 15:15:00 | WinXP | 201.158.77.74 (CABLEXTREMO.COM.MX): CABLEVISION DE SALTILLO SA DE CV, MX. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:18:00 | WinXP | 4.230.228.192 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NEW ORLEANS, LOUISIANA, US. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 15:24:00 | WinXP | 94.191.179.146 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:48 hits: 10-10 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:15:24:00 | WinXP | 94.191.179.146 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:48 hits: 10-10 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 15:31:00 | WinXP | 63.78.122.83 (ALTER.NET): MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS, KANSAS CITY, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] e07c29c4ae [Firefox:828 hits: 06-19 to 11-10] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:15:42:00 | WinXP | 98.135.117.95 (-): . |
n/a | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a7c2fdb697 NEW |
none[none] | none:none |
none|none | none | none |
| 15:46:00 | WinXP | 75.82.185.76 (RR.COM): ROAD RUNNER HOLDCO LLC, THOUSAND OAKS, CALIFORNIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:198 hits: 01-08 to 11-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:15:48:00 | WinXP | 87.239.248.49 (-): SC ACROPOLIS TECH SRL, RO. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 554d29724f NEW |
none[none] | none:none |
none|none | none | none |
| 15:57:00 | WinXP | 70.78.15.116 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 7 of 36 |
2c0902a088 NEW 435638f87d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 15:57:00 | WinXP | 207.102.37.84 (VVV.COM): TELUS COMMUNICATIONS INC, CA. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:07:00 | WinXP | 189.51.226.245 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:11 hits: 10-06 to 11-09] |
none[none] | none:none |
none|none | none | none |
| 16:07:00 | WinXP | 189.51.226.245 (BRASILTELECOM.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. |
n/a | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:11 hits: 10-06 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:16:16:00 | WinXP | 72.174.154.62 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:14 hits: 10-14 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:16:23:00 | WinXP | 4.246.30.3 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, HOMELAND, CALIFORNIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 247 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 16:25:00 | WinXP | 76.242.8.164 (-): PPPOX POOL - BRAS1.SNANTX, DALLAS, TEXAS, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:16:26:00 | WinXP | 170.51.121.4 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:14 hits: 10-14 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 16:34:00 | WinXP | 203.184.1.66 (CALLPLUS.NET.NZ): CALLPLUS SERVICES LIMITED, NZ. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 986b59708d [Firefox:123 hits: 01-14 to 11-09] |
8a00217866 [0] | ASM:Graph |
PolyEnE| | lines=57 | trace |
| 16:47:00 | WinXP | 170.51.235.106 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:14 hits: 10-14 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:16:47:00 | WinXP | 170.51.235.106 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:14 hits: 10-14 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 16:51:00 | WinXP | 4.171.180.254 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, GAINESVILLE, FLORIDA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 92 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] e07c29c4ae [Firefox:828 hits: 06-19 to 11-10] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| 17:15:00 | WinXP | 72.235.145.4 (HAWAIIANTEL.NET): HAWAIIAN TELCOM SERVICES COMPANY INC, HANA, HAWAII, US. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1149931cfa NEW |
none[none] | none:none |
none|none | none | none |
| T:17:22:00 | WinXP | 71.85.125.90 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:17:37:00 | WinXP | 64.213.233.123 (CENTENNIALPR.NET): CENTENNIAL PR, SAN JUAN, PUERTO RICO, PR. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 03f64bb952 [Firefox: 2 hits: 10-05 to 11-09] |
none[none] | none:none |
none|none | none | none |
| 17:37:00 | WinXP | 151.118.211.208 (QWEST.NET): QWEST BROADBAND, LITTLETON, COLORADO, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:47:00 | Win2K-f | 116.122.27.9 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | US:microsoft.com EU:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.96.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 141 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 30 of 33 |
69be040d0b [Firefox: 9 hits: 06-21 to 11-09] 81bbbeac34 [Firefox: 9 hits: 06-21 to 11-09] |
none[4] 81bbbeac34[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:17:50:00 | WinXP | 71.71.60.54 (RR.COM): ROAD RUNNER HOLDCO LLC, BURLINGTON, NORTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:welcome3.smile.co.uk :wpad GB:195.92.84.198:80 |
445 | pcap | raw alerts ruleset |
http http http 17 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:620 hits: 01-01 to 11-10] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 18:02:00 | Win2K-f | 122.120.192.191 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
79.132.211.24:65520 | CN:fleshkatera.cn CN:lolika.cn EU:proxim.ircgalaxy.pl |
445 | pcap | raw alerts ruleset |
irc http 24 lines |
Yeah : 0.8 profile |
none | summary tarball |
11 of 36 | fb8f82fcb3 [Firefox:26 hits: 10-24 to 11-09] |
none[none] | none:none |
none|none | none | none |
| 18:07:00 | WinXP | 190.48.249.186 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox: 8 hits: 10-28 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:18:08:00 | WinXP | 190.48.249.186 (COM.AR): TELEFONICA DE ARGENTINA, BUENOS AIRES, BUENOS AIRES, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox: 8 hits: 10-28 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 18:18:00 | Win2K-f | 72.175.168.200 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 258 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 4dfa3d7b0c NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:33:00 | WinXP | 76.247.44.145 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:198 hits: 01-08 to 11-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:18:34:00 | WinXP | 67.125.140.230 (PACBELL.NET): AT&T INTERNET SERVICES, FRESNO, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:4.23.60.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] a08f3b74a4 [Firefox:1395 hits: 06-18 to 11-10] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 18:40:00 | WinXP | 24.80.114.231 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, BURNABY, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 603 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox: 9 hits: 10-06 to 11-05] |
none[none] | none:none |
none|none | none | none | |
| 18:57:00 | WinXP | 98.135.218.171 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:80 hits: 09-13 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:19:24:00 | Win2K-f | 68.147.212.176 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 31 of 36 |
0f7c020072 NEW b2673b6c86 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 19:45:00 | Win2K-f | 116.123.0.231 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | EU:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 29 of 32 0 of 32 |
168aab35a3 [Firefox:188 hits: 06-17 to 11-10] 61426996c3 [Firefox:19 hits: 06-20 to 11-09] b5919931fe [Firefox:1110 hits: 06-20 to 11-10] |
none[4] 61426996c3[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=82 lines=90 |
trace trace trace |
| 19:52:00 | WinXP | 64.38.71.222 (SPEAKEASY.NET): US. |
n/a | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d6e2715c83 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:52:00 | WinXP | 64.38.71.222 (SPEAKEASY.NET): US. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | d6e2715c83 NEW |
none[none] | none:none |
none|none | none | none |
| T:19:57:00 | WinXP | 173.88.40.118 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 3ae357d17b [Firefox:197 hits: 01-01 to 11-10] |
462a7be171 [0] | ASM:Graph |
PolyEnE| | lines=73 | trace |
| 20:00:00 | WinXP | 76.247.44.145 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:198 hits: 01-08 to 11-10] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:20:09:00 | Win2K-f | 4.190.216.208 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BILLINGS, MONTANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:204.160.126.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] b7082104e4 [Firefox:263 hits: 06-18 to 11-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 20:16:00 | WinXP | 72.174.70.48 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, PURCHASE, NEW YORK, US. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 20 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b07d6955cd [Firefox: 2 hits: 10-24 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:20:40:00 | WinXP | 4.254.239.26 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SALT LAKE CITY, UTAH, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 21:01:00 | WinXP | 76.188.43.228 (RR.COM): ROAD RUNNER HOLDCO LLC, NEW PHILADELPHIA, OHIO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 90 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 73f1082158 [Firefox:1928 hits: 06-18 to 11-10] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:01:00 | WinXP | 68.146.99.214 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 817c4faa32 NEW |
none[none] | none:none |
none|none | none | none |
| 21:11:00 | Win2K-f | 4.228.204.247 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, NAMPA, IDAHO, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 57ce4acac2 [Firefox:337 hits: 06-17 to 11-10] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 21:21:00 | WinXP | 219.105.122.17 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:679 hits: 01-01 to 11-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:21:48:00 | WinXP | 83.221.72.72 (PRIMACOM.NET): PRIMACOM-HEADENDS, LEIPZIG, SACHSEN, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | d5477a0736 NEW |
none[none] | none:none |
none|none | none | none |
| 21:55:00 | WinXP | 117.99.1.30 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1487 hits: 12-31 to 11-10] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:22:00 | WinXP | 117.99.22.15 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox:25 hits: 11-02 to 11-10] |
none[none] | none:none |
none|none | none | none |
| T:22:23:00 | WinXP | 117.99.22.15 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | f3f1ed8b36 [Firefox:25 hits: 11-02 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 22:39:00 | WinXP | 219.105.83.198 (ADACHI.NE.JP): CABLE TELEVISION ADACHI CORP, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:679 hits: 01-01 to 11-10] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:42:00 | WinXP | 203.73.84.98 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] 57ce4acac2 [Firefox:337 hits: 06-17 to 11-10] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
|
| 22:48:00 | WinXP | 70.44.129.43 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 71b183b0c8 [Firefox:47 hits: 09-17 to 11-08] |
none[none] | none:none |
none|none | none | none |
| 22:54:00 | Win2K-f | 66.168.215.88 (CHARTER.COM): CHARTER COMMUNICATIONS, ATHENS, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.41.126:80 US:204.160.126.124:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 35 33 of 36 |
18369c36f5 [Firefox: 4 hits: 09-24 to 09-27] e1cf89c22d [Firefox: 4 hits: 09-24 to 09-27] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 23:11:00 | WinXP | 220.128.143.183 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:zonetech.info CA:alwayssam.com |
135 | pcap | raw alerts ruleset |
irc http 356 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 32 of 36 15 of 36 |
41b9df60db [Firefox: 4 hits: 11-03 to 11-07] 51435ea229 NEW cada8d5adf [Firefox: 5 hits: 11-03 to 11-07] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 23:13:00 | Win2K-f | 211.59.183.221 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | US:microsoft.com EU:proxima.ircgalaxy.pl US:download.microsoft.com US:192.221.110.126:80 US:199.93.44.124:80 US:205.128.70.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 130 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 31 of 33 |
2ef9098242 [Firefox: 5 hits: 07-05 to 10-26] d789c8d157 [Firefox: 6 hits: 07-05 to 10-26] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:23:16:00 | Win2K-f | 116.123.98.200 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 194 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 2 of 35 |
6ec2a8994b [Firefox:32 hits: 06-18 to 11-04] bcf66a38c8 [Firefox:19 hits: 07-30 to 11-04] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| T:23:24:00 | WinXP | 220.128.143.183 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
67.43.236.66:8080 72.10.172.211:8080 67.43.236.99:5190 | :xx.nadnadzz.info CA:xx.ka3ek.com CA:xx.sqlteam.info CA:zonetech.info CA:alwayssam.com CA:67.43.226.242:8080 CA:67.43.236.66:8080 CA:72.10.172.211:8080 |
135 | pcap | raw alerts ruleset |
irc http 363 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 32 of 36 15 of 36 |
41b9df60db [Firefox: 4 hits: 11-03 to 11-07] 51435ea229 NEW cada8d5adf [Firefox: 5 hits: 11-03 to 11-07] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 23:24:00 | WinXP | 89.41.89.124 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 805afbac09 [Firefox: 5 hits: 10-31 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 23:33:00 | WinXP | 213.22.248.244 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PORTO, PORTO, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:857 hits: 12-31 to 11-10] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:23:46:00 | Win2K-f | 95.28.22.89 (-): . |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
irc 11 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 23:57:00 | Win2K-f | 4.190.216.208 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BILLINGS, MONTANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 64 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3886 hits: 06-17 to 11-10] b7082104e4 [Firefox:263 hits: 06-18 to 11-10] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |