|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:00:09:00 | Win2K-f | 218.113.72.58 (BBTEC.NET): JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP, OSAKA, OSAKA, JP. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:16:00 | Win2K-f | 68.146.209.203 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:00:21:00 | WinXP | 117.99.5.204 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:00:27:00 | WinXP | 121.73.117.16 (TELSTRACLEAR.NET): TELECOMMUNICATIONS COMPANY, NZ. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 348 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 34 of 36 |
7f89b38665 [Firefox:39 hits: 08-02 to 11-15] a51a50404e [Firefox:39 hits: 08-02 to 11-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:32:00 | WinXP | 82.207.41.7 (UKRTEL.NET): UKRTELECOM IP ACCESS NETWORK, UA. |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 00:48:00 | Win2K-f | 64.127.0.163 (-): CITY OF PHILIPPI, ACWORTH, GEORGIA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 387 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 34 of 36 |
235d9f7aba NEW 28d72b163a NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 00:59:00 | WinXP | 203.196.65.116 (KAGACABLE.NE.JP): KAGA CABLE TELEVISION CO.LTD, JP. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:758 hits: 12-31 to 11-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 01:06:00 | Win2K-f | 211.22.95.84 (JEANCO.COM.TW): CHTD CHUNGHWA TELECOM CO. LTD, TAIPEI, T'AI-PEI, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:20:00 | WinXP | 24.189.30.113 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), BROOKLYN, NEW YORK, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 01:33:00 | Win2K-f | 61.218.192.234 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:01:34:00 | Win2K-f | 85.95.210.118 (CALIXO.NET): VIALIS - REGIE MUNICIPALE DE COLMAR, FR. |
63.173.172.98:6668 | US:63.173.172.98:6668 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
23 of 36 | 995f3b198b NEW |
none[none] | none:none |
none|none | none | none |
| T:01:46:00 | WinXP | 24.83.218.254 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 36 33 of 36 |
02fc26757d NEW 9f5880bc0f NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 01:52:00 | Win2K-f | 76.189.27.207 (RR.COM): ROAD RUNNER HOLDCO LLC, WESTLAKE, OHIO, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:02:12:00 | WinXP | 93.102.5.115 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 02:25:00 | Win2K-f | 202.161.189.43 (ALAPCOM.COM): ALAP COMMUNICATION LTD. DATA/INTERNET SERVICE, BD. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl | 135 | pcap | raw alerts ruleset |
irc 403 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 | 3ea3e1ad41 NEW |
none[none] | none:none |
none|none | none | none |
| 02:40:00 | WinXP | 74.46.92.236 (FRONTIERNET.NET): FRONTIER COMMUNICATIONS OF AMERICA INC, US. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl CN:fleshkatera.cn CN:lolika.cn CN:www.upononjob.cn CN:mulfika.cn US:do-power-scan.com US:av-pro-2009.com :wpad |
445 | pcap | raw alerts ruleset |
http irc 44 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 11 of 36 16 of 36 11 of 36 |
017f3b2704 [Firefox: 6 hits: 10-26 to 11-15] 752d7e4cf2 NEW 9ffd4ae260 NEW fb8f82fcb3 [Firefox:34 hits: 10-24 to 11-15] |
none[none] none [none] none [none] none [none] |
none:none none:none none:none none:none |
none|none none|none none|none none|none |
none none none none |
none none none none |
| 02:44:00 | WinXP | 218.173.13.195 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
25 of 36 | 7c2b50c774 [Firefox:53 hits: 08-01 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:03:15:00 | Win2K-f | 67.63.113.69 (SPEAKEASY.NET): US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:03:18:00 | WinXP | 201.49.205.164 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox:18 hits: 10-26 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:03:33:00 | Win2K-f | 60.250.30.117 (HINET.NET): CHTD CHUNGHWA TELECOM CO. LTD, TW. |
67.43.236.98:5190 | CA:xx.sqlteam.info CA:alwayssam.com CA:zonetech.info |
135 | pcap | raw alerts ruleset |
irc http 282 lines |
Yeah : 1.8 profile |
none | summary tarball |
21 of 36 31 of 33 15 of 36 |
41b9df60db [Firefox:11 hits: 11-03 to 11-18] 954a98c971 [Firefox:12 hits: 06-09 to 11-03] cada8d5adf [Firefox:10 hits: 11-03 to 11-18] |
none[none] none [4] none [none] |
none:none none:none none:none |
none|none FSG| none|none |
none none none |
none trace none |
| 03:37:00 | WinXP | 87.116.205.94 (TNP.PL): BROADBAND_SERVICES, PL. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 5818023061 [Firefox: 6 hits: 04-01 to 11-18] |
a227e5e49d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:03:38:00 | WinXP | 87.116.205.94 (TNP.PL): BROADBAND_SERVICES, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
32 of 32 | 5818023061 [Firefox: 6 hits: 04-01 to 11-18] |
a227e5e49d [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 03:39:00 | WinXP | 88.28.100.93 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:89 hits: 09-13 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:03:41:00 | WinXP | 88.28.100.93 (RIMA-TDE.NET): TELEFONICA MOVILES ESPANA (NCC#2007041930), ES. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:89 hits: 09-13 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:03:48:00 | WinXP | 80.104.98.119 (BUSINESS.TELECOMITALIA.IT): TELECOM ITALIA S.P.A, BOLOGNA, EMILIA-ROMAGNA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 4ed6926c35 NEW |
none[none] | none:none |
none|none | none | none |
| T:03:55:00 | WinXP | 89.45.34.81 (-): SC OPTIC ZONE SRL, RO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 35 | 24e4c28fdb [Firefox:11 hits: 10-25 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:03:57:00 | Win2K-f | 98.175.153.98 (-): . |
n/a | US:microsoft.com EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
other 114 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 32 of 36 |
430b442da3 [Firefox: 4 hits: 10-10 to 10-30] bea8cb1865 [Firefox:41 hits: 08-11 to 11-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 04:13:00 | WinXP | 117.99.55.74 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 15093b4cc0 [Firefox:12 hits: 11-09 to 11-15] |
none[none] | none:none |
none|none | none | none |
| T:04:19:00 | WinXP | 218.227.187.83 (MESH.AD.JP): BIGLOBE-CIDR-BLK, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:490 hits: 04-01 to 11-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 04:26:00 | Win2K-f | 216.209.109.22 (BELL.CA): SYMPATICO (BELL NEXXIA), BARRIE, ONTARIO, CA. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 176 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 04:33:00 | WinXP | 76.93.252.173 (-): . |
n/a | EU:siliconfireware.ru DE:ebookfinaltrash.ru :wpad DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:398 hits: 04-01 to 11-18] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:04:43:00 | WinXP | 59.104.251.188 (SEED.NET.TW): DIGITAL UNITED I, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:758 hits: 12-31 to 11-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:04:54:00 | WinXP | 61.59.151.57 (SEED.NET.TW): DIGITAL UNITED INC, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | cbaf7255c4 NEW |
none[none] | none:none |
none|none | none | none |
| 05:02:00 | WinXP | 41.214.160.168 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 05:03:00 | WinXP | 220.221.147.104 (OCN.NE.JP): NTT COMMUNICATIONS CORPORATION, JP. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 16 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 35 | e604210b1a [Firefox: 3 hits: 11-13 to 11-16] |
none[none] | none:none |
none|none | none | none | |
| 05:11:00 | Win2K-f | 64.24.17.221 (USLEC.NET): USLEC CORP, PHILADELPHIA, PENNSYLVANIA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 140 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 05:17:00 | WinXP | 217.151.135.142 (GAZSVYAZ.RU): GAZSVYAZ-MSK, RU. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http http 13 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:398 hits: 04-01 to 11-18] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| 05:37:00 | WinXP | 87.228.51.67 (-): INFOLINE ZAO, TROITSK, MOSKOVSKAYA OBLAST', RU. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:60 hits: 10-10 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 05:39:00 | WinXP | 86.155.86.240 (BTCENTRALPLUS.COM): BT-CENTRAL-PLUS, SWANSEA, WALES, UK. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 831f4ee0a7 [Firefox:490 hits: 04-01 to 11-18] |
eb7546c600 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 05:42:00 | WinXP | 213.55.73.169 (TELECOM.NET.ET): ETHIOPIAN TELECOMMUNICATION CORPORATION, ET. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | d4eed7b000 [Firefox: 9 hits: 11-03 to 11-16] |
none[none] | none:none |
none|none | none | none |
| 05:52:00 | WinXP | 89.41.89.131 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
n/a | RU:moscow-advokat.ru :washington.dc.us.undernet.org :flanders.be.eu.undernet.org SE:ced.dal.net NO:london.uk.eu.undernet.org NL:diemen.nl.eu.undernet.org :los-angeles.ca.us.undernet.org SE:vancouver.dal.net :caen.fr.eu.undernet.org AT:graz.at.eu.undernet.org |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a5fb35c9fd [Firefox: 2 hits: 11-08 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:05:56:00 | WinXP | 79.163.226.20 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:37 hits: 10-21 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 05:57:00 | WinXP | 196.208.46.7 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 06:01:00 | WinXP | 160.218.74.213 (EUROTEL.CZ): ADDRESS BLOCK OF EUROTEL PRAHA, CZ. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 [Firefox:551 hits: 04-15 to 11-18] |
e0197e8a64 [0] | ASM:Graph |
none|none | lines=62 | trace | |
| 06:04:00 | WinXP | 79.163.228.171 (-): IDEA, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:37 hits: 10-21 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 06:29:00 | WinXP | 222.147.254.118 (OCN.NE.JP): OPEN COMPUTER NETWORK, JP. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:mx1.hotmail.com US:mailin-04.mx.aol.com US:ftp.newaol.com US:yutunrz.1dumb.com US:mailin-01.mx.aol.com CN:fleshkatera.cn SE:ftp.icq.com :http.icq.com.edgesuite.net :wpad |
445 | pcap | raw alerts ruleset |
shell ftp http http irc http 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 0 of 36 11 of 36 |
78e0e5546a NEW bd4f870a47 NEW fb8f82fcb3 [Firefox:34 hits: 10-24 to 11-15] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| T:06:29:00 | WinXP | 69.85.106.129 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:14:00 | WinXP | 84.140.210.157 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, HAMBURG, HAMBURG, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:202 hits: 04-16 to 11-14] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| T:07:19:00 | WinXP | 4.225.99.164 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, COLUMBUS, OHIO, US. (DIAL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 07:24:00 | WinXP | 93.148.202.125 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:24:00 | WinXP | 93.148.202.125 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:07:25:00 | WinXP | 88.172.213.144 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru US:lia.zanet.net NL:diemen.nl.eu.undernet.org :flanders.be.eu.undernet.org :caen.fr.eu.undernet.org :brussels.be.eu.undernet.org SE:ozbytes.dal.net EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | a8d74af6d5 [Firefox: 6 hits: 10-04 to 11-14] |
none[none] | none:none |
none|none | none | none |
| 07:27:00 | WinXP | 84.140.210.157 (T-DIALIN.NET): DEUTSCHE TELEKOM AG, HAMBURG, HAMBURG, DE. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 32 | 03f912899b [Firefox:202 hits: 04-16 to 11-14] |
83893bd25d [0] | ASM:Graph |
none|none | lines=65 | trace | |
| 07:42:00 | Win2K-f | 125.58.79.10 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 33 of 36 |
76882741df NEW 9eaad40916 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:07:46:00 | WinXP | 93.105.88.137 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | df1392205b NEW |
none[none] | none:none |
none|none | none | none |
| T:07:50:00 | WinXP | 83.97.172.129 (CM-83-97-128-10.TELECABLE.ES): TELECABLE, GIJON, ASTURIAS, ES. (DSL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 6d7baa9138 [Firefox: 6 hits: 10-29 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 07:55:00 | WinXP | 78.84.153.178 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:437 hits: 12-31 to 11-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| T:08:02:00 | WinXP | 65.23.125.245 (NUVOX.NET): NEWSOUTH COMMUNICATIONS, NORCROSS, GEORGIA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 81 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 08:07:00 | WinXP | 208.126.2.102 (NETINS.NET): HEART OF IOWA COMMUNICATIONS, MARENGO, IOWA, US. (DSL) |
n/a | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:08:12:00 | WinXP | 82.250.73.245 (PROXAD.NET): PROXAD / FREE SAS, NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox:18 hits: 10-26 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:08:20:00 | WinXP | 96.10.207.159 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 08:38:00 | WinXP | 83.253.28.26 (COMHEM.SE): COM HEM CUSTOMER BROADBAND ACCESS, UPPSALA, UPPSALA, SE. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | ec470f944a NEW |
none[none] | none:none |
none|none | none | none |
| 08:44:00 | Win2K-f | 70.184.102.222 (COX.NET): COX COMMUNICATIONS, CHANDLER, ARIZONA, US. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 120 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 35 of 36 |
bea8cb1865 [Firefox:41 hits: 08-11 to 11-13] fac78fde16 [Firefox:20 hits: 09-13 to 11-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:08:45:00 | WinXP | 212.171.128.238 (POOL212171.INTERBUSINESS.IT): TELECOM ITALIA S.P.A, BRESCIA, LOMBARDIA, IT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 09:04:00 | WinXP | 70.184.250.238 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
irc 133 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 36 35 of 36 |
bea8cb1865 [Firefox:41 hits: 08-11 to 11-13] fac78fde16 [Firefox:20 hits: 09-13 to 11-13] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 09:10:00 | WinXP | 117.99.27.190 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | afcc1ca373 [Firefox: 2 hits: 11-15 to 11-15] |
none[none] | none:none |
none|none | none | none |
| T:09:10:00 | WinXP | 117.99.27.190 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | afcc1ca373 [Firefox: 2 hits: 11-15 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 09:28:00 | WinXP | 89.231.195.73 (MM.PL): SZEL-SAT, PL. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | fcd4bae1af [Firefox: 6 hits: 10-27 to 11-18] |
none[none] | none:none |
none|none | none | none |
| T:09:29:00 | WinXP | 83.132.192.174 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, OEIRAS, LISBOA, PT. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 0a351b0b88 [Firefox: 2 hits: 11-14 to 11-14] |
none[none] | none:none |
none|none | none | none |
| T:09:46:00 | WinXP | 81.198.224.149 (-): ADDRESS POOL FOR LTC-HOME CUSTOMERS, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6d30ad4b30 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:48:00 | WinXP | 12.72.93.15 (ATT.NET): AT&T WORLDNET SERVICES, MESA, ARIZONA, US. (DIAL) |
n/a | US:www.yahoo.com :www.google.com.au :jbeegvia.ru US:www.worldbank.org EU:crutop.nu :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru :kfwfceki.ru :nhuwxyuw.ru RU:alfabank.ru :udluzuq.ru US:crime-research.ru :fiazpvnne.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 393f45ca33 NEW |
none[none] | none:none |
none|none | none | none |
| T:09:54:00 | WinXP | 200.225.174.244 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | :www.google.com.au US:www.yahoo.com :jbeegvia.ru US:www.worldbank.org US:prodexteam.net :yoiayoi.ru :wcqahzhzn.ru :iirpryry.ru :rihafvu.ru :ryryodokm.ru :wpad :uvjiis.ru :gwvwka.ru :jqsbnyzkp.ru :pvygdo.ru :fxkyagpnw.ru :knclvdz.ru :trsqeigw.ru :odokeqy.ru :kelmpsjp.ru :edjiesp.ru :vllcdvv.ru :nuksdln.ru :tmmeno.ru :zoxdgqx.ru :pwvbfz.ru :nuzbcp.ru :bqpuqt.ru :okskyyn.ru :pnlkria.ru :kargai.ru DE:kavkaz.co.uk :kfwfceki.ru :nhuwxyuw.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:59 hits: 04-18 to 11-18] |
none[3] | none:none |
tElock| | none | trace |
| 09:57:00 | Win2K-f | 61.222.240.150 (HINET.NET): DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 09:58:00 | WinXP | 208.105.110.84 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 03ef8570ff NEW |
none[none] | none:none |
none|none | none | none |
| T:10:02:00 | Win2K-f | 66.95.108.68 (DSL.NET): DSL.NET INC, ASTORIA, NEW YORK, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:10:02:00 | WinXP | 66.50.113.53 (PRTC.NET): PUERTO RICO TELEPHONE COMPANY, SAN JUAN, PUERTO RICO, PR. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | e3ce8985e6 [Firefox: 2 hits: 07-14 to 09-19] |
3762d19d64 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:07:00 | Win2K-f | 69.198.129.61 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 89 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 32 of 36 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 6d499bc718 NEW |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 10:12:00 | WinXP | 213.22.217.29 (CPE.NETCABO.PT): TVCABO-PORTUGAL CABLE MODEM NETWORK, ALMADA, SETUBAL, PT. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 10:18:00 | Win2K-f | 24.213.224.230 (RR.COM): ROAD RUNNER HOLDCO LLC, AMSTERDAM, NEW YORK, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 10:27:00 | WinXP | 78.63.252.180 (ZEBRA.LT): LIETUVOS, LT. |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | a917b38976 [Firefox:10 hits: 10-14 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 10:27:00 | WinXP | 86.96.32.59 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 7 lines |
Yeah : 1.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:37 hits: 10-21 to 11-18] |
none[none] | none:none |
none|none | none | none |
| T:10:28:00 | WinXP | 86.96.32.59 (NET.AE): EMIRATES TELECOMMUNICATIONS CORPORATION, DUBAI, DUBAI, AE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 6b3beaea1a [Firefox:37 hits: 10-21 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 10:59:00 | WinXP | 41.214.164.173 (-): . |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
http irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | 17606f84ff [Firefox: 2 hits: 11-15 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:11:00:00 | WinXP | 41.214.164.173 (-): . |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 17606f84ff [Firefox: 2 hits: 11-15 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:11:10:00 | Win2K-f | 71.136.17.68 (-): MILANO DESIGN, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 85 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 33 33 of 33 |
73ce2b74da [Firefox:37 hits: 06-18 to 11-16] 79c01ec060 [Firefox:81 hits: 06-18 to 11-16] |
73ce2b74da [1] none [4] |
ASM:Graph none:none |
Armadillo| tElock| |
lines=81 none |
trace trace |
| 11:29:00 | Win2K-f | 173.16.128.165 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] b7082104e4 [Firefox:271 hits: 06-18 to 11-16] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 11:43:00 | WinXP | 4.231.95.251 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:11:53:00 | WinXP | 86.2.81.50 (NTL.COM): NTLI, UK. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 4a4dd1c72f NEW |
none[none] | none:none |
none|none | none | none |
| T:11:57:00 | WinXP | 200.225.169.22 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:12:11:00 | WinXP | 75.80.95.35 (RR.COM): ROAD RUNNER HOLDCO LLC, BAKERSFIELD, CALIFORNIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:758 hits: 12-31 to 11-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| T:12:15:00 | WinXP | 67.204.192.9 (-): . |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b23ffca78e [Firefox: 8 hits: 10-24 to 11-08] |
none[none] | none:none |
none|none | none | none |
| 12:31:00 | WinXP | 190.18.80.225 (-): . |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:60 hits: 10-10 to 11-18] |
none[none] | none:none |
none|none | none | none |
| T:12:32:00 | WinXP | 85.243.203.239 (DSL.TELEPAC.PT): PT.COM - COMUNICACOES INTERACTIVAS S.A, PT. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 632e315db2 [Firefox:42 hits: 10-03 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 12:42:00 | Win2K-f | 195.144.104.166 (NEXTRA.CZ): NEXTRA, PRAGUE, HLAVNI MESTO PRAHA, CZ. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
139 | pcap | raw alerts ruleset |
irc 5 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 3af3cf0742 NEW |
none[none] | none:none |
none|none | none | none |
| 12:46:00 | Win2K-f | 65.190.3.248 (RR.COM): ROAD RUNNER HOLDCO LLC, MIAMI, FLORIDA, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 12:50:00 | WinXP | 78.84.60.223 (MICROLINK.LV): TELEKOM, RIGA, RIGA, LV. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:60 hits: 10-10 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 12:54:00 | Win2K-f | 94.180.241.242 (-): . |
79.132.211.24:65520 | 445 | pcap | raw alerts ruleset |
irc 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:12:57:00 | WinXP | 4.236.204.205 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BROOKLYN, NEW YORK, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:09:00 | Win2K-f | 69.85.108.41 (ELLIJAY.COM): ELLIJAY COMMUNITY TELEVISION, BLUE RIDGE, GEORGIA, US. |
79.132.211.24:65520 | CN:fleshkatera.cn CN:lolika.cn CN:www.upononjob.cn |
445 | pcap | raw alerts ruleset |
irc http 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 36 11 of 36 |
9b56e15e90 NEW fb8f82fcb3 [Firefox:34 hits: 10-24 to 11-15] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:13:11:00 | WinXP | 189.118.217.244 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:13:17:00 | WinXP | 216.78.12.72 (BELLSOUTH.NET): BELLSOUTH.NET INC, NEW IBERIA, LOUISIANA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 7e8bfa9b49 [Firefox:40 hits: 10-01 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 13:29:00 | WinXP | 76.211.24.28 (AMERITECH.NET): RBACK3.AKRNOH, CANTON, OHIO, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:13:34:00 | WinXP | 63.17.145.225 (UU.NET): UUNET TECHNOLOGIES INC, NEW YORK, NEW YORK, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:40:00 | WinXP | 72.131.81.202 (RR.COM): ROAD RUNNER HOLDCO LLC, BROOKFIELD, WISCONSIN, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| 13:43:00 | WinXP | 71.189.119.92 (-): LINDA LIU, ONTARIO, CALIFORNIA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 13:43:00 | WinXP | 67.150.125.235 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | DE:siliconfireware.ru :wpad US:searchportal.information.com US:spi.domainsponsor.com DE:212.227.111.29:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 9 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | df17a625ee [Firefox:231 hits: 04-06 to 11-16] |
9bbdd086c5 [0] | ASM:Graph |
ASPack| | lines=186 embedded dns |
trace |
| 13:45:00 | WinXP | 82.66.49.103 (PROXAD.NET): PROXAD / FREE SAS, VERSAILLES, ILE-DE-FRANCE, FR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 24 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 36 | c702a34315 NEW |
none[none] | none:none |
none|none | none | none |
| 13:53:00 | Win2K-f | 88.165.87.123 (PROXAD.NET): PROXAD / FREE SAS, FR. |
n/a | 139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 0.8 profile |
none | summary tarball |
33 of 36 | 413c9ac28b [Firefox:20 hits: 09-26 to 11-16] |
none[none] | none:none |
none|none | none | none | |
| 14:05:00 | WinXP | 64.130.150.14 (SCRTC.COM): SOUTH CENTRAL RURAL TELEPHONE CO, SAN JOSE, CALIFORNIA, US. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:89 hits: 09-13 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:14:07:00 | WinXP | 77.56.146.231 (HISPEED.CH): CABLECOM, CH. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | ebdd3dbbb8 NEW |
none[none] | none:none |
none|none | none | none | |
| 14:12:00 | Win2K-f | 209.226.103.1 (BELL.CA): BELL CANADA, OWEN SOUND, ONTARIO, CA. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 120 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 32 | 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
73f1082158 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 14:41:00 | WinXP | 85.239.125.191 (EASTLINK.DE): HL KOMM TELEKOMMUNIKATIONS GMBH, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:42:00 | WinXP | 85.239.125.191 (EASTLINK.DE): HL KOMM TELEKOMMUNIKATIONS GMBH, DE. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a0139d7ad8 [Firefox:181 hits: 04-10 to 11-18] |
d9e9662db1 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:14:44:00 | Win2K-f | 4.248.227.159 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 125 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 14:45:00 | WinXP | 70.15.196.27 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b52d214d08 [Firefox:61 hits: 10-05 to 11-18] |
none[none] | none:none |
none|none | none | none |
| T:14:50:00 | WinXP | 87.246.21.47 (MOBIFONIKA.COM): MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN, SLIVEN, BURGAS, BG. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | afcc1ca373 [Firefox: 2 hits: 11-15 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 14:51:00 | WinXP | 87.246.62.152 (-): CMTS CLIENTS IN SOFIA, SOFIA, SOFIYA, BG. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 06a5e31b47 [Firefox:16 hits: 10-28 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 15:09:00 | WinXP | 96.13.123.109 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:89 hits: 09-13 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:15:20:00 | Win2K-f | 70.58.164.200 (QWEST.NET): QWEST COMMUNICATIONS CORPORATION, BOISE, IDAHO, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:15:20:00 | WinXP | 88.214.161.174 (-): GPRS COSTUMERS, PT. |
n/a | EU:proxim.ircgalaxy.pl | 445 | pcap | raw alerts ruleset |
shell ftp irc 22 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 76a3db32a0 NEW |
none[none] | none:none |
none|none | none | none |
| 15:21:00 | WinXP | 63.27.20.192 (UU.NET): UUNET TECHNOLOGIES INC, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 177 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 15:23:00 | WinXP | 69.63.35.56 (EXECULINK.COM): EXECULINK, KITCHENER, ONTARIO, CA. (DSL) |
n/a | CA:xx.ka3ek.com CA:zonetech.info CA:alwayssam.com |
135 | pcap | raw alerts ruleset |
irc http 522 lines |
Yeah : 1.3 profile |
none | summary tarball |
21 of 36 33 of 36 15 of 36 |
41b9df60db [Firefox:11 hits: 11-03 to 11-18] 9172512894 NEW cada8d5adf [Firefox:10 hits: 11-03 to 11-18] |
none[none] none [none] none [none] |
none:none none:none none:none |
none|none none|none none|none |
none none none |
none none none |
| 15:26:00 | WinXP | 74.214.47.11 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
194.109.11.65:6556 | :0x80.my-secure.name NL:0x80.my1x1.com NL:0x80.martiansong.com NL:0x80.goingformars.com :0xff.memzero.info |
135 | pcap | raw alerts ruleset |
other 217 lines |
Yeah : 1.8 profile |
none | summary tarball |
32 of 33 | fe22b8315f [Firefox:15 hits: 06-19 to 11-18] |
none[4] | none:none |
StarForce| | none | trace |
| T:15:29:00 | WinXP | 200.114.22.149 (INTERCABLE.NET.CO): TV CABLE PROMISION S.A, BUCARAMANGA, SANTANDER, CO. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 163daa6b71 [Firefox: 2 hits: 10-26 to 11-04] |
none[none] | none:none |
none|none | none | none |
| 15:31:00 | WinXP | 87.60.103.123 (BROADBAND.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | ff109f2a5f NEW |
none[none] | none:none |
none|none | none | none |
| T:15:31:00 | WinXP | 87.60.103.123 (BROADBAND.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | ff109f2a5f NEW |
none[none] | none:none |
none|none | none | none |
| 15:56:00 | Win2K-f | 218.211.83.179 (SPARQNET.NET): NEW CENTURY INFOCOMM TECH. CO. LTD, TW. |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 16:03:00 | WinXP | 4.255.220.57 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, SODDY DAISY, TENNESSEE, US. (DIAL) |
n/a | EU:siliconfireware.ru :www.proxy-socks.net :wpad US:searchportal.information.com US:spi.domainsponsor.com DE:212.227.111.29:80 DE:217.11.54.126:80 EU:78.47.200.154:80 |
445 | pcap | raw alerts ruleset |
http http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:398 hits: 04-01 to 11-18] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:16:05:00 | Win2K-f | 63.78.122.110 (ALTER.NET): MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS, KANSAS CITY, MISSOURI, US. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl US:microsoft.com |
135 | pcap | raw alerts ruleset |
irc 127 lines |
Yeah : 1.8 profile |
none | summary tarball |
33 of 36 34 of 36 |
79ea93560b NEW 992801cfb9 NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| 16:20:00 | WinXP | 65.240.138.133 (-): WS/HART TELEPHONE CO, HARTWELL, GEORGIA, US. |
n/a | RU:moscow-advokat.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
25 of 25 | 7f60162c2c [Firefox:758 hits: 12-31 to 11-18] |
1aad8e4632 [0] | ASM:Graph |
PolyEnE| | lines=93 embedded dns |
trace |
| 16:27:00 | WinXP | 125.215.205.184 (IMSBIZ.COM): PCCW BUSINESS INTERNET ACCESS, HONG KONG, HONG KONG (SAR), HK. (100Mbps) |
n/a | 135 | pcap | raw alerts ruleset |
other 52 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| T:16:32:00 | WinXP | 190.208.108.3 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 2d815d2be3 [Firefox: 8 hits: 09-25 to 11-13] |
none[none] | none:none |
none|none | none | none |
| 16:41:00 | WinXP | 8.15.177.204 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb [Firefox:60 hits: 10-10 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 16:58:00 | Win2K-f | 24.187.160.243 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), MEDFORD, NEW YORK, US. |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
6 of 36 7 of 36 |
2c0902a088 [Firefox: 4 hits: 11-12 to 11-18] 435638f87d [Firefox: 4 hits: 11-12 to 11-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 17:00:00 | WinXP | 72.251.92.2 (1DIAL.COM): AD-BASE SYSTEMS INC. (DBA GLOBALPOPS), PITTSBURGH, PENNSYLVANIA, US. (DIAL) |
n/a | RU:moscow-advokat.ru RU:194.6.222.11:6667 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
26 of 28 | ca47a36342 [Firefox:34 hits: 05-29 to 11-14] |
c3a58f69c6 [0] | ASM:Graph |
PolyEnE| | lines=89 embedded dns |
trace |
| T:17:01:00 | Win2K-f | 70.182.94.50 (COX.NET): COX COMMUNICATIONS, OKLAHOMA CITY, OKLAHOMA, US. |
n/a | EU:proxim.ircgalaxy.pl US:microsoft.com EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
other 113 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 33 29 of 33 |
87e1117f2a [Firefox:34 hits: 07-18 to 11-18] b4fe4581c3 [Firefox:34 hits: 07-18 to 11-18] |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
| T:17:11:00 | WinXP | 119.95.231.1 (-): . |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 15093b4cc0 [Firefox:12 hits: 11-09 to 11-15] |
none[none] | none:none |
none|none | none | none |
| T:17:15:00 | WinXP | 70.64.18.24 (GASOC.COM): SHAW COMMUNICATIONS INC, SASKATOON, SASKATCHEWAN, CA. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 09b95b77d7 [Firefox: 2 hits: 10-27 to 11-15] |
none[none] | none:none |
none|none | none | none |
| T:17:19:00 | Win2K-f | 67.211.156.228 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:20:00 | WinXP | 67.150.175.192 (MDSG-PACWEST.COM): PAC-WEST MANAGED MODEM NAS POOL, LOS ANGELES, CALIFORNIA, US. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
26 of 28 | 7d99b0e910 [Firefox:1121 hits: 12-31 to 11-18] |
7a70e1b592 [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:25:00 | WinXP | 93.156.106.165 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | cb6f0707a6 NEW |
none[none] | none:none |
none|none | none | none |
| 17:32:00 | WinXP | 69.125.168.222 (OPTONLINE.NET): OPTIMUM ONLINE (CABLEVISION SYSTEMS), TOTOWA, NEW JERSEY, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 17:33:00 | Win2K-f | 75.51.249.145 (-): HASSAN MAHFOOD, PLANO, TEXAS, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:38:00 | WinXP | 208.105.172.35 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 78 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:17:43:00 | WinXP | 24.174.13.12 (CARRERACOMMUNICATIONS.NET): ROAD RUNNER HOLDCO LLC, HOUSTON, TEXAS, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com :www.proxy-socks.net :wpad |
445 | pcap | raw alerts ruleset |
http http http 14 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:398 hits: 04-01 to 11-18] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:18:23:00 | WinXP | 156.17.232.89 (WROC.PL): THE NETWORK COVERS WHOLE WROCLAW AREA, WROCLAW, DOLNOSLASKIE, PL. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | 9bb68450cd [Firefox:18 hits: 10-26 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:18:31:00 | Win2K-f | 4.160.39.25 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, EVANSVILLE, INDIANA, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 65 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] b7082104e4 [Firefox:271 hits: 06-18 to 11-16] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 18:31:00 | WinXP | 70.44.34.109 (PTD.NET): PENTELEDATA INC. - CABLE, DINGMANS FERRY, PENNSYLVANIA, US. |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b3a9397884 NEW |
none[none] | none:none |
none|none | none | none |
| T:18:33:00 | Win2K-f | 71.102.239.169 (VERIZON.NET): VERIZON INTERNET SERVICES INC, LOMPOC, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:18:40:00 | WinXP | 209.240.240.83 (CPTELECOM.NET): CP INTERNET, DULUTH, MINNESOTA, US. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | ed3d72ab3c NEW |
none[none] | none:none |
none|none | none | none |
| 18:49:00 | WinXP | 99.164.39.252 (-): . |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 13 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 18:51:00 | WinXP | 74.214.38.165 (METROCAST.NET): GMP CABLE TV, BERWICK, PENNSYLVANIA, US. |
n/a | :www.google.com.au US:www.yahoo.com :jbeegvia.ru |
135 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:59 hits: 04-18 to 11-18] |
none[3] | none:none |
tElock| | none | trace |
| T:18:57:00 | WinXP | 124.8.129.74 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 19:44:00 | Win2K-f | 24.69.187.101 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1010 lines |
Yeah : 1.3 profile |
none | summary tarball |
32 of 36 9 of 36 |
2a69469df0 NEW 3811e2648d NEW |
none[none] none [none] |
none:none none:none |
none|none none|none |
none none |
none none |
|
| 19:46:00 | WinXP | 75.42.85.160 (SBCGLOBAL.NET): PPPOX POOL - BRAS5.SCRMCA 090106-1000, US. (DSL) |
n/a | US:www.yahoo.com :jbeegvia.ru |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
31 of 32 | 17028f1eda [Firefox:59 hits: 04-18 to 11-18] |
none[3] | none:none |
tElock| | none | trace |
| 19:48:00 | Win2K-f | 70.78.39.29 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. |
n/a | 135 | pcap | raw alerts ruleset |
other 37 lines |
Yeah : 1.3 profile |
none | summary tarball |
8 of 33 | b7082104e4 [Firefox:271 hits: 06-18 to 11-16] |
none[4] | none:none |
tElock| | none | trace | |
| T:19:54:00 | WinXP | 24.31.107.223 (RR.COM): ROAD RUNNER HOLDCO LLC, COLUMBIA, SOUTH CAROLINA, US. |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | 1a2c0e6130 [Firefox:437 hits: 12-31 to 11-18] |
048df78048 [0] | ASM:Graph |
none|none | lines=61 | trace | |
| 20:12:00 | WinXP | 64.21.224.55 (GONDTC.COM): GONDTC.COM, HARVEY, NORTH DAKOTA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 145 lines |
Yeah : 1.3 profile |
none | summary tarball |
24 of 36 | e9ee0d4d34 [Firefox: 6 hits: 09-15 to 11-12] |
none[none] | none:none |
none|none | none | none | |
| 20:21:00 | WinXP | 24.71.170.66 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
194.54.90.246:80 | EU:proxim.ircgalaxy.pl UA:citi-bank.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1e3cef226f [Firefox:16 hits: 11-04 to 11-18] |
none[none] | none:none |
none|none | none | none |
| T:20:21:00 | WinXP | 24.71.170.66 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, CALGARY, ALBERTA, CA. (DSL) |
n/a | EU:proxim.ircgalaxy.pl UA:citi-bank.ru UA:194.54.90.246:80 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 1e3cef226f [Firefox:16 hits: 11-04 to 11-18] |
none[none] | none:none |
none|none | none | none |
| 20:30:00 | WinXP | 190.137.199.251 (NET.AR): TELECOM ARGENTINA S.A, AR. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru |
445 | pcap | raw alerts ruleset |
http irc 3 lines |
Yeah : 1.8 profile |
none | summary tarball |
34 of 36 | b23ffca78e [Firefox: 8 hits: 10-24 to 11-08] |
none[none] | none:none |
none|none | none | none |
| T:20:31:00 | WinXP | 190.137.199.251 (NET.AR): TELECOM ARGENTINA S.A, AR. |
n/a | EU:proxim.ircgalaxy.pl RU:moscow-advokat.ru RU:194.6.222.11:6667 EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
34 of 36 | b23ffca78e [Firefox: 8 hits: 10-24 to 11-08] |
none[none] | none:none |
none|none | none | none |
| 20:35:00 | Win2K-f | 99.170.21.97 (-): . |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 73f1082158 [Firefox:2004 hits: 06-18 to 11-18] |
none[4] 73f1082158[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 20:37:00 | WinXP | 65.25.107.66 (RR.COM): ROAD RUNNER HOLDCO LLC, CANTON, OHIO, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 59 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] b7082104e4 [Firefox:271 hits: 06-18 to 11-16] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 20:53:00 | Win2K-f | 88.165.87.123 (PROXAD.NET): PROXAD / FREE SAS, FR. |
63.173.172.98:6667 | US:63.173.172.98:6667 |
139 | pcap | raw alerts ruleset |
ftp 12 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 36 | 413c9ac28b [Firefox:20 hits: 09-26 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:21:00:00 | WinXP | 96.13.19.46 (-): . |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
36 of 36 | b872c76081 [Firefox:89 hits: 09-13 to 11-16] |
none[none] | none:none |
none|none | none | none |
| T:21:10:00 | Win2K-f | 4.191.79.159 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:10:00 | WinXP | 76.87.110.152 (G-M-I.NET): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. |
n/a | DE:siliconfireware.ru US:searchportal.information.com US:spi.domainsponsor.com DE:ebookfinaltrash.ru :wpad |
445 | pcap | raw alerts ruleset |
http http http http 22 lines |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | a12cab51ef [Firefox:398 hits: 04-01 to 11-18] |
40f7f463c4 [0] | ASM:Graph |
ASPack| | lines=281 embedded dns |
trace |
| T:21:22:00 | Win2K-f | 24.79.73.240 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, VANCOUVER, BRITISH COLUMBIA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 95 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 2 of 32 |
607b60ad51 [Firefox:47 hits: 06-20 to 11-15] e5c7bce70e [Firefox:45 hits: 06-20 to 11-15] |
none[4] e5c7bce70e[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:21:29:00 | WinXP | 118.218.115.190 (-): . |
n/a | EU:proxima.ircgalaxy.pl US:microsoft.com EU:79.132.211.24:65520 |
135 | pcap | raw alerts ruleset |
other 97 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 33 31 of 33 |
168aab35a3 [Firefox:192 hits: 06-17 to 11-16] 667f0c59f3 [Firefox:34 hits: 07-04 to 11-16] |
none[4] none [none] |
none:none none:none |
tElock| none|none |
none none |
trace none |
| 21:36:00 | WinXP | 117.99.27.111 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 3 lines |
Yeah : 1.3 profile |
none | summary tarball |
34 of 34 | d20f157117 NEW |
none[none] | none:none |
none|none | none | none |
| T:21:39:00 | WinXP | 117.99.27.111 (XLRI.AC.IN): BHARTI AIRTEL LTD, DELHI, DELHI, IN. |
n/a | 445 | pcap | raw alerts ruleset |
other 0 lines |
Argh : 0.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:21:45:00 | WinXP | 92.97.9.229 (APEXCOVANTAGE.COM): EU-ZZ, UK. |
n/a | EU:proxim.ircgalaxy.pl EU:79.132.211.24:80 |
445 | pcap | raw alerts ruleset |
shell ftp 14 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 959f56f218 [Firefox: 2 hits: 11-10 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 22:14:00 | Win2K-f | 211.24.192.134 (TIME.NET.MY): TIME TELECOMMUNICATIONS SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:16:00 | WinXP | 124.8.129.74 (TFN.NET.TW): TAIWAN FIXED NETWORK CO. LTD, KAOHSIUNG, KAO-HSIUNG, TW. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 80 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
none[4] 57ce4acac2[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| 22:41:00 | WinXP | 89.41.110.19 (HOST-89-41-64-10.MOLDTELECOM.MD): JSC MOLDTELECOM SA, CHISINAU, CHISINAU, MD. |
79.132.211.24:65520 | EU:proxim.ircgalaxy.pl EU:79.132.211.24:65520 |
445 | pcap | raw alerts ruleset |
http irc 25 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 7fd7475c63 [Firefox:23 hits: 10-29 to 11-15] |
none[none] | none:none |
none|none | none | none |
| 22:41:00 | WinXP | 216.198.174.70 (INTELLEQCOM.NET): INTELLEQ COMMUNICATIONS CORPORATION, US. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 116 lines |
Yeah : 1.3 profile |
none | summary tarball |
30 of 33 28 of 32 |
3cd7958258 [Firefox:38 hits: 06-17 to 11-13] 41efedf70f [Firefox:36 hits: 06-19 to 11-05] |
none[4] 41efedf70f[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=82 |
trace trace |
| 23:01:00 | Win2K-f | 144.139.91.45 (TMNS.NET.AU): TELSTRAINTERNET32, BERWICK, VICTORIA, AU. |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 107 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 8 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] b7082104e4 [Firefox:271 hits: 06-18 to 11-16] |
none[4] none [4] |
none:none none:none |
tElock| tElock| |
none none |
trace trace |
| 23:10:00 | WinXP | 85.179.147.94 (ALICEDSL.DE): HANSENET-ADSL, DE. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | 1cc50efd1f [Firefox: 3 hits: 11-12 to 11-16] |
none[none] | none:none |
none|none | none | none |
| 23:21:00 | Win2K-f | 4.229.195.24 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, LANSING, MICHIGAN, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 93 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 [Firefox:4037 hits: 06-17 to 11-18] a08f3b74a4 [Firefox:1447 hits: 06-18 to 11-18] |
none[4] a08f3b74a4[1] |
none:none ASM:Graph |
tElock| Armadillo| |
none lines=81 |
trace trace |
| T:23:48:00 | WinXP | 87.59.204.65 (IP.TELE.DK): TDC-TELEDANMARK-BREDBAANDSADSL-NET, DK. |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
35 of 36 | 18be09780e NEW |
none[none] | none:none |
none|none | none | none |
| 23:49:00 | Win2K-f | 196.208.46.41 (TELKOM-IPNET.CO.ZA): AFRINIC, ZA. |
n/a | 135 | pcap | raw alerts ruleset |
other 165 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 [Firefox:356 hits: 06-17 to 11-18] |
57ce4acac2 [1] | ASM:Graph |
Armadillo| | lines=81 | trace | |
| 23:58:00 | WinXP | 195.174.45.207 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
194.54.90.246:80 | UA:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 8 hits: 10-26 to 11-09] |
none[none] | none:none |
none|none | none | none |
| T:23:58:00 | WinXP | 195.174.45.207 (KABLONET.COM.TR): CABLE OPERATOR NETWORK OF TURK TELEKOM, ISTANBUL, ISTANBUL, TR. (DSL) |
n/a | UA:citi-bank.ru UA:194.54.90.246:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
33 of 35 | 93a84a5dba [Firefox: 8 hits: 10-26 to 11-09] |
none[none] | none:none |
none|none | none | none |