|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| 00:07:00 | WinXP | 4.240.246.58 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, TUCSON, ARIZONA, US. (DIAL) |
n/a | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.42.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
irc 155 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 31 of 36 |
0fb01a3e98 NEW 4c18271815 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:11:00 | Win2K-f | 121.73.21.143 (TELSTRACLEAR.NET): TELSTRACLEAR WELLINGTON CABLE CUSTOMERS, WELLINGTON, WELLINGTON, NZ. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:207.123.37.124:80 US:207.123.42.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:38 hits: 08-02 to 11-14] a51a50404e [Firefox:38 hits: 08-02 to 11-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:00:15:00 | WinXP | 93.126.92.237 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:27:00 | WinXP | 60.248.17.88 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAOYUAN, T'AI-WAN, TW. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 57ce4acac2 [Firefox:347 hits: 06-17 to 11-14] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:34:00 | WinXP | 211.22.28.109 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:36:00 | WinXP | 61.217.246.39 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 17820f0d69 [Firefox: 2 hits: 10-22 to 11-04] |
none[none] | none:none |
none|none | none | none |
| T:00:45:00 | WinXP | 61.20.131.110 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 00:57:00 | WinXP | 118.174.90.69 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:02:00 | WinXP | 69.111.37.248 (PACBELL.NET): IRVNCA ADSL RBACK4 PPPOX, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:20:00 | WinXP | 88.161.68.139 (PROXAD.NET): PROXAD / FREE SAS, FR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 043d170364 NEW |
none[none] | none:none |
none|none | none | none |
| 01:27:00 | Win2K-f | 98.141.163.233 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:01:29:00 | WinXP | 78.159.33.131 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb [Firefox: 7 hits: 10-25 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:01:36:00 | WinXP | 203.91.176.155 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
http 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 02:07:00 | WinXP | 81.56.44.139 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4bec1f8ed6 [Firefox: 2 hits: 10-20 to 11-03] |
none[none] | none:none |
none|none | none | none |
| T:02:13:00 | WinXP | 119.77.240.191 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5b901e64d0 [Firefox: 2 hits: 11-13 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 02:19:00 | WinXP | 93.163.57.194 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | c05385e600 [Firefox:23 hits: 05-12 to 11-04] |
6a383b021d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:23:00 | Win2K-f | 61.253.11.190 (KRLINE.NET): KRNIC, KR. |
79.132.211.24:65520 | US:microsoft.com EU:proxim.ircgalaxy.pl US:download.microsoft.com US:204.160.126.126:80 US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc http 128 lines |
Yeah : 1.8 profile |
none | summary tarball |
24 of 33 32 of 33 0 of 32 |
074325ecbc [Firefox:10 hits: 07-02 to 09-21] 2a66fc87fa [Firefox:11 hits: 07-02 to 09-21] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:02:28:00 | WinXP | 92.46.9.248 (IKBCC.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:28:00 | WinXP | 61.20.172.4 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:29:00 | WinXP | 61.20.172.4 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:02:33:00 | Win2K-f | 4.249.42.136 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 263 lines |
Yeah : 1.3 profile |
none | summary tarball |
20 of 32 | 131351dd21 [Firefox:13 hits: 05-22 to 11-08] |
none[4] | none:none |
none|none | none | trace | |
| T:02:44:00 | Win2K-f | 116.0.229.68 (CATV02.ITSCOM.JP): ITS COMMUNICATIONS INC, JP. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
irc 16 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 02:50:00 | WinXP | 121.84.2.18 (EONET.NE.JP): K-OPTICOM CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | 26b398e92b [Firefox: 2 hits: 11-01 to 11-07] |
none[none] | none:none |
none|none | none | none | |
| 02:57:00 | WinXP | 118.171.114.144 (-): . |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http irc 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 3ad799f716 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:17:00 | WinXP | 84.181.220.247 (T-IPCONNECT.DE): DEUTSCHE TELEKOM AG, MUNICH, BAYERN, DE. |
n/a | EU:siliconfireware.ru US:searchportal.information.com RU:www.bbin.ru RU:www.binbank.ru :wpad US:spi.domainsponsor.com |
445 | pcap | raw alerts ruleset |
http http http http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:389 hits: 04-01 to 11-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 03:25:00 | WinXP | 78.53.144.212 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | :a.mx.mail.yahoo.com DE:msdirect.servicemail24.de US:mail.lebanon-online.com.lb US:gbrands.com.mail5.psmtp.com US:aspmx.l.google.com US:mail.synacklabs.net US:g.mx.mail.yahoo.com CA:mx.activestate.com US:doel.org EU:mx-cluster1.one.com US:thcuda.there.com CA:inbound.here.com.netsolmail.net US:spam02.affinitypath.com US:64.26.62.254:25 |
445 | pcap | raw alerts ruleset |
shell ftp 395 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none |
| 03:31:00 | WinXP | 24.83.119.221 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COQUITLAM, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 03:48:00 | WinXP | 217.201.211.230 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3b8b96d0db [Firefox: 2 hits: 11-09 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:03:48:00 | WinXP | 217.201.211.230 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3b8b96d0db [Firefox: 2 hits: 11-09 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:04:06:00 | WinXP | 218.164.39.232 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
28 of 36 | e754bcf940 NEW |
none[none] | none:none |
none|none | none | none | |
| T:04:26:00 | WinXP | 80.116.127.117 (POOL80116.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, MILANO, LOMBARDIA, IT. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 17 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 17606f84ff NEW |
none[none] | none:none |
none|none | none | none |
| 04:27:00 | WinXP | 189.113.228.47 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox:12 hits: 10-26 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 04:28:00 | WinXP | 85.85.246.209 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru :los-angeles.ca.us.undernet.org SE:ozbytes.dal.net :flanders.be.eu.undernet.org SE:coins.dal.net :gaspode.zanet.org.za US:lia.zanet.net SE:qis.md.us.dal.net SE:ced.dal.net |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:80 hits: 10-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:04:28:00 | WinXP | 85.85.246.209 (CLIENTES.EUSKALTEL.ES): EUSKALTEL, ES. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:80 hits: 10-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:04:40:00 | WinXP | 61.229.196.181 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:37 hits: 10-27 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 04:45:00 | WinXP | 66.72.68.2 (AMERITECH.NET): AT&T INTERNET SERVICES, BLOOMINGTON, INDIANA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 04:46:00 | Win2K-f | 210.117.92.186 (HAEDONGTEK.CO.KR): THRUNET CO. LTD, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | US:microsoft.com EU:proxima.ircgalaxy.pl US:download.microsoft.com US:192.221.99.124:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 159 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 35 33 of 35 |
09d6505627 [Firefox: 3 hits: 07-25 to 07-30] 7b1709ae4c [Firefox: 3 hits: 07-25 to 07-30] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:47:00 | WinXP | 78.34.11.33 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru NL:diemen.nl.eu.undernet.org RU:194.6.222.11:6667 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:15 hits: 10-06 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:04:53:00 | WinXP | 82.249.236.236 (PROXAD.NET): PROXAD / FREE SAS, FOURMIES, NORD-PAS-DE-CALAIS, FR. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox:12 hits: 10-26 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 04:58:00 | Win2K-f | 4.229.195.147 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LANSING, MICHIGAN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 05:35:00 | Win2K-f | 76.11.137.121 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:199.93.41.126:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 253 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox:10 hits: 09-12 to 11-01] d8cf9fc784 [Firefox:11 hits: 09-12 to 11-01] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:05:49:00 | Win2K-f | 68.189.150.96 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:198.78.201.126:80 US:205.128.70.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:05:52:00 | WinXP | 117.195.3.249 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | 28f541b1b3 [Firefox: 2 hits: 10-09 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:06:11:00 | Win2K-f | 76.89.18.176 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:205.128.73.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:17:00 | WinXP | 95.56.5.109 (-): . |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 15093b4cc0 [Firefox: 9 hits: 11-09 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:06:17:00 | WinXP | 95.56.5.109 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 15093b4cc0 [Firefox: 9 hits: 11-09 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:06:19:00 | WinXP | 78.156.219.104 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9967da6267 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:25:00 | WinXP | 190.246.187.10 (-): . |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru :brussels.be.eu.undernet.org :gaspode.zanet.org.za SE:ozbytes.dal.net :flanders.be.eu.undernet.org SE:vancouver.dal.net :caen.fr.eu.undernet.org SE:ced.dal.net AT:graz.at.eu.undernet.org :washington.dc.us.undernet.org :lulea.se.eu.undernet.org NL:diemen.nl.eu.undernet.org SE:qis.md.us.dal.net :los-angeles.ca.us.undernet.org EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 86ea4f19a4 NEW |
none[none] | none:none |
none|none | none | none |
| T:06:45:00 | WinXP | 117.96.77.178 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3febaa0612 NEW |
none[none] | none:none |
none|none | none | none |
| 07:00:00 | Win2K-f | 203.73.84.123 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.126.124:80 US:205.128.73.126:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 94 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 57ce4acac2 [Firefox:347 hits: 06-17 to 11-14] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:07:19:00 | WinXP | 85.138.187.102 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, AMORA, SETUBAL, PT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | f5ab9763ea [Firefox:24 hits: 10-03 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:07:26:00 | WinXP | 89.246.171.121 (VERSANETONLINE.DE): VERSATEL NORD-DEUTSCHLAND GMBH, DE. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:544 hits: 04-15 to 11-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:07:26:00 | WinXP | 122.125.92.76 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:30:00 | Win2K-f | 96.48.43.47 (-): . |
n/a | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com EU:79.132.211.24:80 |
135 | pcap | raw alerts ruleset |
http irc 1130 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 34 of 36 32 of 36 |
b5919931fe [Firefox:1129 hits: 06-20 to 11-14] b6fcb8300d NEW d45b7df48a NEW |
b5919931fe [1] none [none] none [none] |
ASM:Graph none:none none:none |
ASProtect| none|none none|none |
lines=90 none none |
trace none none |
| T:07:40:00 | WinXP | 118.232.105.229 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 07:42:00 | WinXP | 212.152.120.188 (-): TIM HELLAS TELECOMMUNICATIONS S.A, GR. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:37 hits: 10-27 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 07:48:00 | WinXP | 24.66.51.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:207.123.42.126:80 US:207.123.46.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 23 of 33 |
bca9e0fb5f [Firefox:44 hits: 06-18 to 11-08] e53a9ea82e [Firefox:43 hits: 06-18 to 11-08] |
none[4] e53a9ea82e[1] |
none:none ASM:Graph |
PolyEnE| Armadillo| |
none lines=81 |
trace trace |
| 07:52:00 | Win2K-f | 68.189.150.96 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 07:56:00 | WinXP | 82.248.241.89 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9dab636a01 [Firefox: 3 hits: 07-09 to 11-08] |
none[none] | none:none |
none|none | none | none |
| T:07:57:00 | WinXP | 82.248.241.89 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 9dab636a01 [Firefox: 3 hits: 07-09 to 11-08] |
none[none] | none:none |
none|none | none | none |
| T:08:01:00 | Win2K-f | 77.76.180.122 (-): OPTILINK, BG. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:08:10:00 | WinXP | 83.97.173.105 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | bf9f26628c [Firefox:16 hits: 10-11 to 11-12] |
none[none] | none:none |
none|none | none | none |
| 08:35:00 | WinXP | 75.143.201.124 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:39 hits: 10-01 to 11-14] |
none[none] | none:none |
none|none | none | none | |
| 08:40:00 | WinXP | 89.41.110.19 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:20 hits: 10-29 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:08:41:00 | WinXP | 92.99.231.230 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | d686ba9feb NEW |
none[none] | none:none |
none|none | none | none |
| 08:53:00 | WinXP | 190.188.37.160 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5b901e64d0 [Firefox: 2 hits: 11-13 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:08:54:00 | WinXP | 190.188.37.160 (NET.AR): PRIMA S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 5b901e64d0 [Firefox: 2 hits: 11-13 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 08:56:00 | WinXP | 67.0.37.238 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, OMAHA, NEBRASKA, US. (DIAL) |
n/a | DE:siliconfireware.ru SE:kavkazcenter.com SE:kavkazcenter.net FI:kavkazchat.com US:chechenpress.info GB:chechenpress.co.uk :shaheeds.org US:daymohk.info :chripress.org :marsho.dk US:www.jamaatshariat.com FI:imgs2.kavkazcenter.com :www.google.com FI:static.kavkazchat.com GB:www.chechenpress.co.uk :www.google-analytics.com US:video.google.com US:blip.tv US:www.youtube.com :www.islamicfinder.org :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 276 lines |
Yeah : 0.8 profile |
none | summary tarball |
0 of 36 29 of 29 |
0dba5e0142 NEW ab5e47bf8d [Firefox:39 hits: 04-02 to 10-14] |
none[none] none [3] |
none:none none:none |
none|none ASPack| |
none none |
none trace |
| T:08:59:00 | WinXP | 4.88.54.3 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:389 hits: 04-01 to 11-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:09:12:00 | Win2K-f | 4.228.240.5 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LAS VEGAS, NEVADA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.125:80 US:204.160.126.124:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:09:15:00 | WinXP | 82.53.90.55 (POOL8253.INTERBUSINESS.IT): TELECOM ITALIA S.P.A. TIN EASY LITE, NAPOLI, CAMPANIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox:13 hits: 11-03 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:09:18:00 | WinXP | 82.207.11.206 (UKRTEL.NET): UKRTELNET, UA. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb [Firefox: 7 hits: 10-25 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:09:25:00 | WinXP | 78.84.229.213 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9ad0f4de5f NEW |
none[none] | none:none |
none|none | none | none |
| 09:27:00 | WinXP | 94.191.166.35 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c3fd987b53 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:27:00 | WinXP | 94.191.166.35 (-): . |
n/a | UA:citi-bank.ru DE:kidos-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | c3fd987b53 NEW |
none[none] | none:none |
none|none | none | none |
| 09:29:00 | Win2K-f | 71.12.89.235 (CHARTER.COM): CHARTER COMMUNICATIONS, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:39:00 | WinXP | 75.80.95.224 (RR.COM): ROAD RUNNER HOLDCO LLC, BAKERSFIELD, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru SE:coins.dal.net SE:qis.md.us.dal.net SE:vancouver.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:02:00 | WinXP | 193.69.96.141 (BLUECOM.NO): CATCH COMMUNCIATIONS ASA, NO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4b440bbb53 [Firefox: 5 hits: 11-10 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 10:02:00 | WinXP | 81.84.236.59 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | RU:moscow-advokat.ru :flanders.be.eu.undernet.org SE:viking.dal.net SE:qis.md.us.dal.net SE:vancouver.dal.net SE:ced.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 10:07:00 | WinXP | 78.52.33.154 (ALICEDSL.DE): HANSENET TELEKOMMUNIKATION GMBH, HAMBURG, HAMBURG, DE. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 396d07de80 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:08:00 | WinXP | 78.84.31.62 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9ad0f4de5f NEW |
none[none] | none:none |
none|none | none | none |
| 10:15:00 | Win2K-f | 124.241.145.23 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:198.78.220.124:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 9 of 33 |
2851817490 [Firefox:10 hits: 06-27 to 11-14] 624c441842 [Firefox: 7 hits: 06-27 to 11-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:10:26:00 | WinXP | 195.174.140.87 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ANKARA, ANKARA, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a4b61fe43f NEW |
none[none] | none:none |
none|none | none | none |
| 10:26:00 | WinXP | 195.174.140.87 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ANKARA, ANKARA, TR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | a4b61fe43f NEW |
none[none] | none:none |
none|none | none | none |
| 10:38:00 | WinXP | 94.51.130.40 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:178 hits: 04-10 to 11-13] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:47:00 | WinXP | 87.246.21.47 (MOBIFONIKA.COM): MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN, SLIVEN, BURGAS, BG. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | afcc1ca373 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:47:00 | WinXP | 87.246.21.47 (MOBIFONIKA.COM): MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN, SLIVEN, BURGAS, BG. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | afcc1ca373 NEW |
none[none] | none:none |
none|none | none | none |
| T:10:52:00 | WinXP | 93.148.41.224 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 5818023061 [Firefox: 4 hits: 04-01 to 11-02] |
a227e5e49d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 11:00:00 | Win2K-f | 211.178.40.250 (HANANET.NET): HANARO TELECOM INC, SEOUL, KYONGGI-DO, KR. |
n/a | EU:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:204.160.126.126:80 US:4.23.60.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
http 87 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 0 of 32 2 of 36 |
8ec6129efe [Firefox:26 hits: 06-24 to 11-14] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] d9766a3162 [Firefox: 5 hits: 08-29 to 11-14] |
none[4] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
tElock| ASProtect| none|none |
none lines=90 none |
trace trace none |
| T:11:02:00 | WinXP | 24.209.221.233 (RR.COM): ROAD RUNNER HOLDCO LLC, FAIRFIELD, OHIO, US. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:389 hits: 04-01 to 11-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:11:15:00 | WinXP | 86.99.17.163 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 37 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 959f56f218 NEW |
none[none] | none:none |
none|none | none | none |
| T:11:24:00 | WinXP | 75.138.116.247 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:40 hits: 10-03 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 11:25:00 | WinXP | 75.138.116.247 (CHARTER.COM): CHARTER COMMUNICATIONS, HICKORY, NORTH CAROLINA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:40 hits: 10-03 to 11-10] |
none[none] | none:none |
none|none | none | none |
| 11:26:00 | WinXP | 190.188.114.4 (NET.AR): PRIMA S.A, AR. |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org :gaspode.zanet.org.za :flanders.be.eu.undernet.org SE:broadway.ny.us.dal.net SE:viking.dal.net US:lia.zanet.net SE:ozbytes.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:80 hits: 10-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 11:43:00 | WinXP | 79.163.52.149 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:33 hits: 10-21 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 11:47:00 | WinXP | 94.28.205.173 (-): . |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 04ed4d2967 [Firefox: 5 hits: 11-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:11:53:00 | WinXP | 114.58.67.101 (-): . |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:03:00 | WinXP | 119.240.65.147 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 40973a3480 NEW |
none[none] | none:none |
none|none | none | none | |
| T:12:05:00 | WinXP | 206.188.64.69 (CIA.COM): CYBERSURF INC, TORONTO, ONTARIO, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:206.33.45.125:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:10:00 | WinXP | 84.47.53.36 (T-COM.SK): DYNAMICALLY ASSIGNED IPS FOR THE CLUSTERS OF LNS2 CUSTOMERS, SK. (DSL) |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 04ed4d2967 [Firefox: 5 hits: 11-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 12:16:00 | WinXP | 89.166.147.210 (OSNANET.DE): OSNATEL-SUBNET FOR ADSL DIAL-UP, OSNABRUCK, NIEDERSACHSEN, DE. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:483 hits: 04-01 to 11-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:12:31:00 | WinXP | 41.214.161.5 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9ad0f4de5f NEW |
none[none] | none:none |
none|none | none | none |
| T:12:37:00 | WinXP | 85.186.141.97 (UPCNET.RO): ASTRAL-UPC, PLOIESTI, PRAHOVA, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b79a41d59a NEW |
none[none] | none:none |
none|none | none | none |
| T:12:44:00 | WinXP | 12.218.178.129 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, COLUMBUS, GEORGIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d175bad0e6 [Firefox: 9 hits: 04-05 to 11-05] |
dfb15f5463 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| 12:44:00 | WinXP | 12.218.178.129 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, COLUMBUS, GEORGIA, US. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | d175bad0e6 [Firefox: 9 hits: 04-05 to 11-05] |
dfb15f5463 [0] | ASM:Graph |
tElock| | lines=81 embedded dns |
trace |
| T:12:48:00 | WinXP | 70.64.24.152 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 09b95b77d7 NEW |
none[none] | none:none |
none|none | none | none |
| T:12:50:00 | WinXP | 62.169.118.236 (REV.OPTIMUS.PT): OPTIMUS PORTUGAL, LISBON, LISBOA, PT. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c1cb334d60 NEW |
none[none] | none:none |
none|none | none | none |
| 13:00:00 | WinXP | 24.238.138.180 (MINDSPRING.COM): EARTHLINK INC, THE WOODLANDS, TEXAS, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:01:00 | WinXP | 24.115.235.26 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:55 hits: 10-05 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 13:02:00 | WinXP | 76.178.247.25 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:178 hits: 04-10 to 11-13] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:04:00 | WinXP | 24.115.235.26 (PTD.NET): PENTELEDATA INC. - CABLE, MILFORD, PENNSYLVANIA, US. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:55 hits: 10-05 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:13:05:00 | WinXP | 78.34.6.92 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 10 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:20 hits: 10-29 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 13:06:00 | WinXP | 78.34.6.92 (NETCOLOGNE.DE): NETCOLOGNE GMBH, KOELN, NORDRHEIN-WESTFALEN, DE. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:20 hits: 10-29 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:13:10:00 | Win2K-f | 118.218.21.111 (-): . |
79.132.211.24:65520 | US:microsoft.com EU:proxim.ircgalaxy.pl US:download.microsoft.com US:192.221.110.125:80 US:199.93.53.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
irc http 124 lines |
Yeah : 1.8 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:44 hits: 06-21 to 11-14] 58c343a8d8 [Firefox:48 hits: 06-21 to 11-14] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 13:14:00 | Win2K-f | 130.13.34.176 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 15717cd327 [Firefox: 2 hits: 11-05 to 11-05] |
none[none] | none:none |
none|none | none | none | |
| 13:18:00 | WinXP | 82.225.82.48 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 017f3b2704 [Firefox: 4 hits: 10-26 to 10-31] |
none[none] | none:none |
none|none | none | none |
| T:13:18:00 | WinXP | 81.84.236.123 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:19:00 | WinXP | 82.225.82.48 (PROXAD.NET): PROXAD / FREE SAS, PARIS, ILE-DE-FRANCE, FR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 8 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | 017f3b2704 [Firefox: 4 hits: 10-26 to 10-31] |
none[none] | none:none |
none|none | none | none |
| 13:36:00 | WinXP | 200.100.204.76 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | b1c85cee4b [Firefox:37 hits: 10-27 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:13:50:00 | WinXP | 12.208.215.104 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, DES MOINES, IOWA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:53:00 | WinXP | 24.28.166.50 (RR.COM): ROAD RUNNER HOLDCO LLC, EL PASO, TEXAS, US. (100Mbps) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1fcc146d70 [Firefox:50 hits: 04-02 to 11-13] |
258fafe892 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 14:10:00 | Win2K-f | 67.121.157.84 (PACBELL.NET): VALLEY TRANS AUTH, SAN FRANCISCO, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.99.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:14:13:00 | WinXP | 91.145.196.240 (-): LIMITED LIABILITY COMPANY ASTELIT, AMSTERDAM, NOORD-HOLLAND, NL. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 8ccbeb6978 NEW |
none[none] | none:none |
none|none | none | none |
| 14:16:00 | WinXP | 83.27.115.38 (TPNET.PL): NEOSTRADA PLUS, POZNAN, WIELKOPOLSKIE, PL. (DSL) |
n/a | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:15 hits: 10-06 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:14:18:00 | WinXP | 200.140.116.130 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | e93f779791 NEW |
none[none] | none:none |
none|none | none | none |
| 14:34:00 | Win2K-f | 130.13.39.163 (QWEST.NET): QWEST BROADBAND SERVICES INC, PHOENIX, ARIZONA, US. |
n/a | 135 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 15717cd327 [Firefox: 2 hits: 11-05 to 11-05] |
none[none] | none:none |
none|none | none | none | |
| 14:35:00 | WinXP | 79.138.187.77 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1ed69f0ca4 NEW |
none[none] | none:none |
none|none | none | none |
| T:14:44:00 | WinXP | 24.86.15.102 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 289d74b4ce [Firefox:13 hits: 11-03 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:14:46:00 | WinXP | 41.214.186.10 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:14:49:00 | WinXP | 41.214.160.53 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:85 hits: 09-13 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:14:55:00 | WinXP | 69.106.144.191 (PACBELL.NET): NAS, CALIFORNIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 55fe9d9ade [Firefox:12 hits: 04-16 to 08-04] |
4bce6c4887 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:15:07:00 | WinXP | 217.202.61.67 (-): TELECOM ITALIA MOBILE, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
19 of 29 | 97e4d0d863 NEW |
none[none] | none:none |
none|none | none | none |
| T:15:15:00 | WinXP | 92.41.87.91 (IKBCC.COM): EU-ZZ, UK. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:15:29:00 | WinXP | 83.61.52.38 (RIMA-TDE.NET): TELEFONICA DE ESPANA, MADRID, MADRID, ES. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 33 | cccfe70b2e NEW |
none[none] | none:none |
none|none | none | none |
| 15:41:00 | WinXP | 98.174.0.4 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:15:43:00 | WinXP | 67.223.130.46 (-): . |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 7031b17fea NEW |
none[none] | none:none |
none|none | none | none |
| T:15:50:00 | WinXP | 213.22.204.224 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, LISBON, LISBOA, PT. |
194.54.90.246:80 | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:15:51:00 | WinXP | 190.190.129.114 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3c484a14db NEW |
none[none] | none:none |
none|none | none | none |
| 15:56:00 | WinXP | 212.27.19.199 (-): MLIFENET, RU. |
n/a | RU:moscow-advokat.ru SE:ozbytes.dal.net :brussels.be.eu.undernet.org :flanders.be.eu.undernet.org SE:ced.dal.net SE:broadway.ny.us.dal.net RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 15:58:00 | WinXP | 170.51.163.199 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | RU:moscow-advokat.ru :caen.fr.eu.undernet.org SE:viking.dal.net SE:ozbytes.dal.net AT:graz.at.eu.undernet.org US:lia.zanet.net SE:coins.dal.net SE:vancouver.dal.net NL:diemen.nl.eu.undernet.org :lulea.se.eu.undernet.org :gaspode.zanet.org.za :flanders.be.eu.undernet.org RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 3f32a2df76 NEW |
none[none] | none:none |
none|none | none | none |
| 16:00:00 | WinXP | 82.30.32.235 (NTL.COM): NTL INFRASTRUCTURE - NOTTINGHAM, NOTTINGHAM, ENGLAND, UK. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:01:00 | WinXP | 89.152.116.19 (-): TVCABO PORTUGAL S.A, LISBON, LISBOA, PT. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 516d70c889 NEW |
none[none] | none:none |
none|none | none | none |
| 16:13:00 | WinXP | 70.71.251.159 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, SURREY, BRITISH COLUMBIA, CA. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 15093b4cc0 [Firefox: 9 hits: 11-09 to 11-13] |
none[none] | none:none |
none|none | none | none |
| T:16:18:00 | WinXP | 98.141.160.13 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 19 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:16:18:00 | WinXP | 212.178.255.7 (CASEMATELECOM.NL): CASEMA, THE HAGUE, ZUID-HOLLAND, NL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:21 hits: 10-14 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 16:25:00 | Win2K-f | 71.109.9.105 (VERIZON.NET): VERIZON INTERNET SERVICES INC, COVINA, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 16:28:00 | WinXP | 186.0.12.218 (-): . |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:55 hits: 10-05 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:16:28:00 | WinXP | 186.0.12.218 (-): . |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:55 hits: 10-05 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:16:29:00 | Win2K-f | 76.11.137.121 (NEWWAVECOMM.NET): NEW WAVE COMMUNICATIONS, CORBIN, KENTUCKY, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 254 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 34 of 36 |
0b09052fb7 [Firefox:10 hits: 09-12 to 11-01] d8cf9fc784 [Firefox:11 hits: 09-12 to 11-01] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:38:00 | Win2K-f | 125.58.94.139 (-): . |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 100 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 0 of 32 33 of 36 |
3e21c32c49 NEW b5919931fe [Firefox:1129 hits: 06-20 to 11-14] f72c1db076 NEW |
none[none] b5919931fe[1] none [none] |
none:none ASM:Graph none:none |
none|none ASProtect| none|none |
none lines=90 none |
none trace none |
| 16:45:00 | Win2K-f | 70.182.172.13 (COX.NET): COX COMMUNICATIONS, ATLANTA, GEORGIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
http 77 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 16:51:00 | Win2K-f | 70.66.252.89 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.126:80 US:207.123.46.125:80 |
135 | pcap | raw alerts ruleset |
http 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 |
1fb1718d64 [Firefox: 2 hits: 10-28 to 11-13] 8c5ee6d275 [Firefox: 2 hits: 10-28 to 11-13] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[none] none [none] b5919931fe[1] |
none:none none:none ASM:Graph |
none|none none|none ASProtect| |
none none lines=90 |
none none trace |
| T:17:09:00 | WinXP | 122.134.103.10 (MESH.AD.JP): NEC BIGLOBE LTD, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 40973a3480 NEW |
none[none] | none:none |
none|none | none | none | |
| 17:10:00 | WinXP | 96.51.156.167 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 602 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 | 738eb92db2 [Firefox:10 hits: 10-06 to 11-12] |
none[none] | none:none |
none|none | none | none | |
| T:17:15:00 | Win2K-f | 172.129.61.241 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.126:80 US:204.160.126.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 82 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:23:00 | Win2K-f | 76.231.9.167 (SBCGLOBAL.NET): PPPOX POOL - BRAS16.LSAN, LOS ANGELES, CALIFORNIA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:207.123.37.124:80 US:207.123.37.125:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:28:00 | WinXP | 114.48.27.237 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 19db6af911 NEW |
none[none] | none:none |
none|none | none | none |
| 17:29:00 | WinXP | 117.104.177.11 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 17:35:00 | Win2K-f | 125.58.86.147 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] b7082104e4 [Firefox:267 hits: 06-18 to 11-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| T:17:42:00 | WinXP | 125.197.192.106 (MESH.AD.JP): NEC CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:483 hits: 04-01 to 11-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 17:45:00 | WinXP | 209.214.200.78 (BELLSOUTH.NET): BELLSOUTH.NET INC, GREENVILLE, SOUTH CAROLINA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com EU:ebookfinaltrash.ru US:spi.domainsponsor.com :wpad :www.proxy-socks.net |
445 | pcap | raw alerts ruleset |
http http http http 21 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:389 hits: 04-01 to 11-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 17:46:00 | WinXP | 170.51.30.10 (COM.AR): CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A, AR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 428ae15458 [Firefox:21 hits: 10-14 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 17:55:00 | WinXP | 200.100.195.240 (TELESP.NET.BR): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DIAL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:54 hits: 10-10 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 17:59:00 | WinXP | 98.30.112.109 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:206.33.45.125:80 US:207.123.37.123:80 US:207.123.37.124:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:04:00 | Win2K-f | 220.130.83.3 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
http 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 29 of 32 |
57ce4acac2 [Firefox:347 hits: 06-17 to 11-14] 83f26f5044 [Firefox:39 hits: 06-20 to 11-14] |
57ce4acac2 [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| T:18:06:00 | WinXP | 72.174.100.153 (BRESNAN.NET): BRESNAN COMMUNICATIONS LLC, DELTA, COLORADO, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 9dec9d0ddd NEW |
none[none] | none:none |
none|none | none | none |
| 18:08:00 | WinXP | 70.78.15.116 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1015 lines |
Yeah : 1.3 profile |
none | summary tarball |
10 of 36 | 3d645176f4 NEW |
none[none] | none:none |
none|none | none | none | |
| T:18:08:00 | WinXP | 76.93.252.228 (-): . |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:749 hits: 12-31 to 11-14] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:18:10:00 | Win2K-f | 96.51.155.245 (-): . |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:80 |
135 | pcap | raw alerts ruleset |
other 986 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 | 78b4c9999c NEW |
none[none] | none:none |
none|none | none | none |
| 18:22:00 | WinXP | 116.120.37.158 (-): HANARO TELECOM, SEOUL, KYONGGI-DO, KR. |
79.132.211.24:65520 | EU:proxima.ircgalaxy.pl US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http irc 169 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 24 of 33 |
6e2eaa0359 [Firefox:20 hits: 07-10 to 10-31] 740e3bffe0 [Firefox:20 hits: 06-25 to 10-28] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:18:36:00 | Win2K-f | 124.8.143.191 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com US:download.microsoft.com US:204.160.104.126:80 US:207.123.42.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 57ce4acac2 [Firefox:347 hits: 06-17 to 11-14] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:55:00 | WinXP | 61.20.128.53 (-): FAR EASTONE TELECOMMUNICATION CO. LTD, TW. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d1e12de0a3 NEW |
none[none] | none:none |
none|none | none | none |
| 19:06:00 | Win2K-f | 4.225.18.135 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, KOKOMO, INDIANA, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:206.33.45.125:80 US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:18:00 | Win2K-f | 4.159.5.24 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, CALEDONIA, MICHIGAN, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:205.128.70.126:80 US:207.123.42.126:80 |
135 | pcap | raw alerts ruleset |
http 162 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:22:00 | WinXP | 119.228.183.96 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:483 hits: 04-01 to 11-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 19:40:00 | Win2K-f | 4.166.159.15 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SAN ANTONIO, TEXAS, US. (DIAL) |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 |
135 | pcap | raw alerts ruleset |
other 119 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:19:41:00 | WinXP | 64.76.63.233 (IMPSAT.NET.EC): INTERACTIVE, QUITO, PICHINCHA, EC. |
79.132.211.24:65520 | EU:proxima.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | c392067a90 [Firefox:15 hits: 10-06 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 19:56:00 | Win2K-f | 61.215.250.120 (CATVNET.NE.JP): CATV NETWORK SERVICES(STNET INCROPORATE), HIMEJI, HYOGO, JP. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
other 1262 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | b218b805f0 NEW |
none[none] | none:none |
none|none | none | none |
| T:20:11:00 | WinXP | 24.79.142.40 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, RICHMOND, BRITISH COLUMBIA, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 63f13fe223 [Firefox: 2 hits: 10-28 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 20:12:00 | WinXP | 63.18.49.254 (UU.NET): UUNET TECHNOLOGIES INC, WESTMINSTER, COLORADO, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.110.126:80 US:204.160.126.124:80 US:207.123.47.126:80 |
135 | pcap | raw alerts ruleset |
other 109 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:20:18:00 | WinXP | 92.40.160.114 (IKBCC.COM): EU-ZZ, UK. |
n/a | EU:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com GB:new.egg.com :wpad |
445 | pcap | raw alerts ruleset |
http http http http 33 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:389 hits: 04-01 to 11-14] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:20:28:00 | WinXP | 124.241.145.23 (STARCAT.NE.JP): KMN CORPORATION, NAGOYA, AICHI, JP. |
n/a | US:microsoft.com US:download.microsoft.com |
135 | pcap | raw alerts ruleset |
http 79 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 9 of 33 |
2851817490 [Firefox:10 hits: 06-27 to 11-14] 624c441842 [Firefox: 7 hits: 06-27 to 11-14] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 20:37:00 | WinXP | 218.162.183.160 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:37:00 | WinXP | 218.162.183.160 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:20:50:00 | Win2K-f | 124.61.39.58 (-): POWERCOM, KR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com CN:fleshkatera.cn CN:lolika.cn CN:www.upononjob.cn :mulfika.cn US:do-power-scan.com :av-pro-2009.com US:8.12.202.125:80 |
135 | pcap | raw alerts ruleset |
irc http 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 34 of 36 0 of 32 9 of 36 18 of 36 11 of 36 |
09c3d90250 [Firefox:15 hits: 08-04 to 10-12] 8f34a39070 [Firefox:15 hits: 08-04 to 10-12] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] bc0f598ad6 NEW f990637b31 [Firefox: 3 hits: 11-13 to 11-14] fb8f82fcb3 [Firefox:33 hits: 10-24 to 11-14] |
none[none] none [none] b5919931fe[1] none [none] none [none] none [none] |
none:none none:none ASM:Graph none:none none:none none:none |
none|none none|none ASProtect| none|none none|none none|none |
none none lines=90 none none none |
none none trace none none none |
| T:20:58:00 | WinXP | 115.83.215.176 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:544 hits: 04-15 to 11-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 20:59:00 | WinXP | 202.233.235.54 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:483 hits: 04-01 to 11-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 21:13:00 | Win2K-f | 173.16.128.165 (-): . |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.201.126:80 US:198.78.220.124:80 US:207.123.37.123:80 |
135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] b7082104e4 [Firefox:267 hits: 06-18 to 11-13] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 21:39:00 | Win2K-f | 69.111.37.248 (PACBELL.NET): IRVNCA ADSL RBACK4 PPPOX, LOS ANGELES, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 21:43:00 | WinXP | 58.230.146.155 (-): THRUNET-INFRA-SEOUL02, SEOUL, KYONGGI-DO, KR. |
n/a | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
http 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
27 of 33 0 of 33 31 of 33 |
1951eee0cd [Firefox:18 hits: 06-18 to 11-13] e07c29c4ae [Firefox:840 hits: 06-19 to 11-14] e5e0dbde57 [Firefox:18 hits: 06-18 to 11-13] |
1951eee0cd [1] e07c29c4ae[1] none [4] |
ASM:Graph ASM:Graph none:none |
Armadillo| FSG| tElock| |
lines=82 lines=92 none |
trace trace trace |
| 21:53:00 | WinXP | 24.88.73.175 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:432 hits: 12-31 to 11-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:14:00 | WinXP | 76.174.251.69 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell shell shell ftp 20 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:432 hits: 12-31 to 11-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 22:18:00 | WinXP | 63.17.148.8 (UU.NET): UUNET TECHNOLOGIES INC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.108.126:80 |
135 | pcap | raw alerts ruleset |
http 185 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 0 of 33 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] e07c29c4ae [Firefox:840 hits: 06-19 to 11-14] |
none[4] 73f1082158[1] e07c29c4ae[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| FSG| |
none lines=81 lines=92 |
trace trace trace |
| T:22:21:00 | WinXP | 122.125.92.23 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1099 hits: 12-31 to 11-14] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 22:33:00 | WinXP | 64.139.110.70 (JCURRY): NCI DATA.COM INC, OROVILLE, WASHINGTON, US. |
n/a | US:microsoft.com US:download.microsoft.com US:198.78.220.124:80 US:204.160.104.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:38:00 | Win2K-f | 70.63.253.143 (RR.COM): ROAD RUNNER HOLDCO LLC, FLORENCE, SOUTH CAROLINA, US. |
n/a | US:microsoft.com US:download.microsoft.com US:192.221.96.126:80 US:204.160.104.126:80 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:46 hits: 06-20 to 11-02] e5c7bce70e [Firefox:44 hits: 06-20 to 11-02] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:38:00 | WinXP | 218.220.171.228 (ZAQ.NE.JP): TOYONAKA IKEDA CABLENET CO. LTD, TOYONAKA, OSAKA, JP. |
n/a | 135 | pcap | raw alerts ruleset |
other 242 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 32 | fbacdd87c0 [Firefox: 6 hits: 06-06 to 11-02] |
none[4] | none:none |
none|none | none | trace | |
| T:22:49:00 | WinXP | 220.219.250.111 (INFOWEB.NE.JP): INFOWEB(FUJITSU LTD.), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:544 hits: 04-15 to 11-13] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| T:22:51:00 | Win2K-f | 75.60.225.140 (SBCGLOBAL.NET): PPPOX POOL - SE1.WOTNOH, DALLAS, TEXAS, US. (DSL) |
n/a | US:microsoft.com US:download.microsoft.com US:4.23.60.126:80 |
135 | pcap | raw alerts ruleset |
http 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] a08f3b74a4 [Firefox:1418 hits: 06-18 to 11-14] b5919931fe [Firefox:1129 hits: 06-20 to 11-14] |
none[4] a08f3b74a4[1] b5919931fe[1] |
none:none ASM:Graph ASM:Graph |
tElock| Armadillo| ASProtect| |
none lines=81 lines=90 |
trace trace trace |
| 23:04:00 | WinXP | 222.144.74.245 (OCN.NE.JP): OPEN COMPUTER NETWORK, TOKYO, TOKYO, JP. |
n/a | 445 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:483 hits: 04-01 to 11-14] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:23:07:00 | Win2K-f | 63.78.122.45 (ALTER.NET): MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS, KANSAS CITY, MISSOURI, US. |
n/a | US:microsoft.com US:download.microsoft.com US:199.93.44.124:80 US:207.123.46.125:80 US:4.23.60.125:80 |
135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:3964 hits: 06-17 to 11-14] 73f1082158 [Firefox:1968 hits: 06-18 to 11-14] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:23:00 | Win2K-f | 58.237.132.31 (-): THRUNET-INFRA-DAEGU11, SEOUL, KYONGGI-DO, KR. |
n/a | EU:proxim.ircgalaxy.pl US:microsoft.com US:download.microsoft.com US:205.128.73.126:80 US:207.123.47.126:80 EU:79.132.211.24:65520 US:8.12.222.126:80 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 33 |
533d15b5ce [Firefox:44 hits: 06-21 to 11-14] 58c343a8d8 [Firefox:48 hits: 06-21 to 11-14] |
none[4] 58c343a8d8[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| T:23:30:00 | WinXP | 76.254.86.165 (PACBELL.NET): AT&T INTERNET SERVICES, US. |
n/a | 445 | pcap | raw alerts ruleset |
ftp shell 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:432 hits: 12-31 to 11-14] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 23:33:00 | WinXP | 70.66.203.64 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, COURTENAY, BRITISH COLUMBIA, CA. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 039c6a4bb7 NEW |
none[none] | none:none |
none|none | none | none |
| 23:41:00 | WinXP | 83.69.62.252 (SCNET.CZ): LOSAN S.R.O, CZ. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 96d089e522 [Firefox:80 hits: 10-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:23:49:00 | WinXP | 119.95.65.238 (-): . |
n/a | US:microsoft.com US:download.microsoft.com EU:proxim.ircgalaxy.pl US:198.78.220.124:80 US:199.93.44.126:80 US:204.160.104.126:80 EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
other 157 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 33 33 of 33 |
16874933ea [Firefox:62 hits: 06-18 to 11-12] 76ee340669 [Firefox:62 hits: 06-18 to 11-12] |
16874933ea [1] none [4] |
ASM:Graph none:none |
Armadillo| PolyEnE| |
lines=82 none |
trace trace |
| 23:50:00 | WinXP | 79.8.137.110 (RETAIL.TELECOMITALIA.IT): TELECOM ITALIA NET, ROME, LAZIO, IT. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
other 0 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | d1d4a8704d NEW |
none[none] | none:none |
none|none | none | none |
| 23:50:00 | Win2K-f | 119.95.65.238 (-): . |
n/a | 135 | pcap | raw alerts ruleset |
other 5 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 23:56:00 | WinXP | 89.116.135.241 (ERDVES.LT): SC LITHUANIAN RADIO AND TV CENTER, VILNIUS, VILNIAUS APSKRITIS, LT. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:54 hits: 10-10 to 11-13] |
none[none] | none:none |
none|none | none | none |