Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:16:00 WinXP 76.93.106.114 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:00:35:00 WinXP 218.236.215.108 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:198.78.220.124:80
US:199.93.53.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:30 hits: 06-20 to 08-25]
9276c8b36b
[Firefox:30 hits: 06-20 to 08-25] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:27:00 WinXP 117.96.118.106 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 22999be88c
[Firefox:14 hits: 04-05 to 08-21] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

01:31:00 WinXP 82.7.58.218 (NTL.COM):
NTL INFRASTRUCTURE - WALTHAM PARK,
UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b7a2b9be2a
NEW none[none] none:none
none|none none none

T:01:58:00 Win2K-f 61.222.6.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
57ce4acac2
[Firefox:153 hits: 06-17 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

02:16:00 WinXP 220.156.77.61 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:338 hits: 01-05 to 08-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

02:20:00 Win2K-f 219.49.130.55 (BBTEC.NET):
SOFTBANK BB CORP,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:23:00 Win2K-f 4.174.176.186 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CAMDEN, NEW JERSEY, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:209.84.20.126:80 135 pcap raw alerts
ruleset http
148 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:49:00 Win2K-f 211.47.232.89 (NEXG.NET):
VAAN-NOBLIAN,
SEOUL, KYONGGI-DO, KR. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:174 hits: 06-17 to 08-26]
53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:02:53:00 Win2K-f 65.68.44.124 (SWBELL.NET):
AT&T INTERNET SERVICES,
KANSAS CITY, MISSOURI, US. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
US:69.28.178.10:80 135 pcap raw alerts
ruleset http
117 lines Yeah : 1.3
profile none summary
tarball 32 of 33
28 of 32 3f0a5b2ebe
[Firefox:16 hits: 06-18 to 08-25]
c6bfb5f0f2
[Firefox:16 hits: 06-18 to 08-25] none[4]
c6bfb5f0f2[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

03:14:00 Win2K-f 210.233.205.69 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
89 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox:15 hits: 06-19 to 08-24]
79c01ec060
[Firefox:26 hits: 06-18 to 08-24] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

03:39:00 Win2K-f 210.126.212.149 (KRLINE.NET):
KRNIC,
KR. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:57:00 Win2K-f 75.82.136.44 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:04:03:00 Win2K-f 77.101.77.220 (BLUEYONDER.CO.UK):
CABLEINET,
UK. n/a 135 pcap raw alerts
ruleset other
116 lines Yeah : 1.3
profile none summary
tarball 35 of 36
29 of 33 0cfbeb0f6d
NEW
6f88847c49
[Firefox: 3 hits: 06-25 to 07-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

04:09:00 WinXP 60.238.81.49 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:338 hits: 01-05 to 08-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:04:12:00 WinXP 82.67.172.37 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a HK:proxima.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 46c0f62e56
NEW none[none] none:none
none|none none none

T:04:32:00 WinXP 86.56.73.105 (-):
INFOCITY,
DE. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:107 hits: 01-08 to 08-26] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

04:45:00 WinXP 66.65.188.140 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

04:49:00 WinXP 12.210.18.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
PECATONICA, ILLINOIS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
:www.proxy-socks.net
DE:212.227.111.29:80
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
http
16 lines Yeah : 0.8
profile none summary
tarball 29 of 29
0 of 36 a12cab51ef
[Firefox:492 hits: 01-01 to 08-26]
cc5c59d4df
NEW 40f7f463c4 [0]
none [none] ASM:Graph
none:none
ASPack|
none|none lines=281
embedded dns
none trace
none

T:04:57:00 WinXP 118.12.222.182 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:515 hits: 01-01 to 08-25] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:04:59:00 WinXP 60.254.233.14 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 df2f0e165e
[Firefox: 3 hits: 08-24 to 08-25] none[none] none:none
none|none none none

T:05:17:00 Win2K-f 24.87.45.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:06:11:00 Win2K-f 68.74.67.119 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

06:19:00 WinXP 218.211.207.37 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

06:52:00 Win2K-f 69.111.37.83 (PACBELL.NET):
IRVNCA ADSL RBACK4 PPPOX,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:209.84.20.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:06:55:00 WinXP 92.250.92.109 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 00b268f5a1
NEW none[none] none:none
none|none none none

06:56:00 WinXP 72.188.111.15 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
15 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:226 hits: 01-01 to 08-25] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:07:36:00 WinXP 201.252.53.249 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 67fe4d80c3
NEW none[none] none:none
none|none none none

07:42:00 Win2K-f 4.253.63.243 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ARLINGTON, TEXAS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

07:57:00 WinXP 60.248.17.88 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:207.123.42.126:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
57ce4acac2
[Firefox:153 hits: 06-17 to 08-26] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:03:00 WinXP 119.72.96.139 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:513 hits: 12-31 to 08-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:08:03:00 WinXP 119.72.96.139 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:513 hits: 12-31 to 08-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:08:25:00 Win2K-f 193.164.152.159 (-):
SC YANG SYSTEM SRL,
BACAU, BACAU, RO. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:08:27:00 WinXP 122.25.58.102 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 33 of 33 3b2958417b
[Firefox: 8 hits: 07-09 to 08-13] none[none] none:none
none|none none none

08:57:00 WinXP 41.214.181.29 (-):
. 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:28 hits: 07-28 to 08-25] none[none] none:none
none|none none none

T:08:57:00 WinXP 41.214.181.29 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:28 hits: 07-28 to 08-25] none[none] none:none
none|none none none

09:06:00 Win2K-f 68.184.109.17 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:20:00 WinXP 196.208.62.253 (TELKOM-IPNET.CO.ZA):
AFRINIC,
PRETORIA, GAUTENG, ZA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
208 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:09:23:00 WinXP 4.88.30.68 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
COLUMBIA, SOUTH CAROLINA, US. (DIAL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 50af665692
NEW none[4] none:none
PolyEnE| none trace

09:39:00 WinXP 77.20.200.120 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:513 hits: 12-31 to 08-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

09:53:00 WinXP 70.74.220.25 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:00:00 WinXP 92.96.98.127 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:107 hits: 01-08 to 08-26] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

10:03:00 WinXP 77.47.0.201 (CABLESURF.DE):
KABELFERNSEHEN MUENCHEN SERVICENTER GMBH & CO.KG,
MUNICH, BAYERN, DE. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 adb51c8017
NEW none[none] none:none
none|none none none

T:10:09:00 Win2K-f 61.219.126.92 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
55 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:153 hits: 06-17 to 08-26] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

10:49:00 Win2K-f 70.247.224.169 (SWBELL.NET):
JORGE RICHARDO GARCIA ,
DALLAS, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:207.123.46.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:18:00 WinXP 76.192.143.99 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:11:22:00 WinXP 75.28.108.87 (SBCGLOBAL.NET):
PPPOX POOL - RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:515 hits: 01-01 to 08-25] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:11:50:00 WinXP 195.29.100.118 (T-COM.HR):
T-COM CROATIA INTERNET NETWORK,
SPLIT, SPLITSKO-DALMATINSKA, HR. n/a 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:373 hits: 12-31 to 08-26] 048df78048 [0] ASM:Graph
none|none lines=61 trace

12:03:00 Win2K-f 70.72.71.33 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:03:00 WinXP 85.199.88.166 (EDISCOM.DE):
RFT BRANDENBURG,
BRANDENBURG, BRANDENBURG, DE. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7b1a3bf102
NEW none[none] none:none
none|none none none

12:11:00 Win2K-f 211.36.233.125 (BORA.NET):
BORANET-NET,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.115:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 135 pcap raw alerts
ruleset irc
100 lines Yeah : 1.8
profile none summary
tarball 0 of 33
30 of 32 4c3df24b32
[Firefox:174 hits: 06-17 to 08-26]
8390780c27
[Firefox:35 hits: 06-18 to 08-18] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:12:19:00 WinXP 69.239.147.235 (SBCGLOBAL.NET):
PPPOX POOL - BRAS1.RENOCS,
RENO, NEVADA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:127 hits: 01-01 to 08-22] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:12:26:00 WinXP 58.90.241.225 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:515 hits: 01-01 to 08-25] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

12:31:00 Win2K-f 71.126.58.12 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WORCESTER, MASSACHUSETTS, US. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
US:microsoft.com
US:download.microsoft.com
DE:85.114.141.207:80 445 pcap raw alerts
ruleset irc
33 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:37:00 WinXP 98.135.134.121 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 7a92de9194
NEW none[none] none:none
none|none none none

12:38:00 WinXP 77.20.213.50 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
SE:viking.dal.net
:los-angeles.ca.us.undernet.org
SE:vancouver.dal.net
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
US:lia.zanet.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 bfec7d0b0b
[Firefox:10 hits: 08-06 to 08-24] none[none] none:none
none|none none none

12:55:00 WinXP 196.208.89.187 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
171 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
57ce4acac2
[Firefox:153 hits: 06-17 to 08-26]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:13:15:00 WinXP 211.187.141.57 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.73.126:80
HK:210.245.211.11:65520
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:120 hits: 06-17 to 08-26]
4c3df24b32
[Firefox:174 hits: 06-17 to 08-26] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:17:00 Win2K-f 24.78.177.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:8.12.222.126:80
DE:85.114.141.207:80 135 pcap raw alerts
ruleset irc
125 lines Yeah : 1.8
profile none summary
tarball 31 of 32
32 of 36 607b60ad51
[Firefox:29 hits: 06-20 to 08-26]
9b6b16824e
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:13:32:00 WinXP 76.234.63.88 (SBCGLOBAL.NET):
PPPOX POOL - BRAS16.LSAN,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:209.84.20.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:35:00 WinXP 208.80.151.156 (-):
. n/a 135 pcap raw alerts
ruleset other
223 lines Yeah : 1.3
profile none summary
tarball 26 of 32 5aeb9abc92
[Firefox:11 hits: 07-15 to 08-24] none[none] none:none
none|none none none

13:50:00 Win2K-f 66.109.177.244 (-):
EZ LOCAL ACCESS,
PARKERSBURG, WEST VIRGINIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:207.123.42.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
b7082104e4
[Firefox:116 hits: 06-18 to 08-25] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

14:07:00 WinXP 220.157.218.116 (ASAHI-NET.OR.JP):
ASAHI NET INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 32 8ae058b2d0
[Firefox:11 hits: 05-01 to 08-21] e6a9383b75 [0] ASM:Graph
none|none lines=59 trace

14:52:00 WinXP 207.5.166.118 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:53:00 WinXP 206.169.142.204 (-):
TIME WARNER TELECOM INC,
ZIHUATANEJO, GUERRERO, MX. n/a 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 0 of 33 a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] a08f3b74a4 [1] ASM:Graph
Armadillo| lines=81 trace

15:01:00 WinXP 12.72.119.42 (ATT.NET):
AT&T WORLDNET SERVICES,
TUCSON, ARIZONA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1034 hits: 12-31 to 08-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:16:00 WinXP 24.171.54.182 (CHARTER.COM):
CHARTER COMMUNICATIONS,
WATERLOO, ILLINOIS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:30:00 WinXP 119.72.26.210 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 35 of 35 df2f0e165e
[Firefox: 3 hits: 08-24 to 08-25] none[none] none:none
none|none none none

15:59:00 WinXP 89.214.72.27 (-):
TMN - TELECOMUNICACOES MOVEIS NACIONAIS SA,
PT. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 35 00b268f5a1
NEW none[none] none:none
none|none none none

T:16:09:00 WinXP 88.214.171.245 (-):
GPRS COSTUMERS,
PT. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:169 hits: 01-01 to 08-26] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

16:10:00 WinXP 201.254.26.123 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:11:00 Win2K-f 89.252.42.33 (-):
FREENET,
UA. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:11:00 WinXP 83.213.158.166 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:12:00 Win2K-f 88.161.73.107 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:12:00 Win2K-f 190.132.187.234 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:12:00 WinXP 190.225.204.144 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:14:00 WinXP 190.174.22.130 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:15:00 Win2K-f 89.252.42.33 (-):
FREENET,
UA. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:16:00 Win2K-f 114.45.210.137 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:17:00 Win2K-f 92.226.91.63 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:18:00 Win2K-f 87.247.101.64 (-):
MIKROVISATA,
LT. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:18:00 WinXP 24.100.25.108 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:21:00 WinXP 190.174.22.130 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:26:00 Win2K-f 89.28.27.217 (89-28-0-10.STARNET.MD):
STARNET,
CHISINAU, CHISINAU, MD. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:26:00 WinXP 61.227.62.166 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:40:00 Win2K-f 220.136.4.73 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:41:00 Win2K-f 208.182.117.78 (K12TN.NET):
STATE OF TENNESSEE DEPARTMENT OFEDUCATION,
NASHVILLE, TENNESSEE, US. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 34 of 36 cbed160690
NEW none[none] none:none
none|none none none

16:41:00 Win2K-f 88.147.209.134 (-):
VTSARATOV,
RU. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:45:00 WinXP 92.226.91.63 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

16:47:00 Win2K-f 220.136.4.73 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:51:00 WinXP 24.100.25.108 (-):
. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:01:00 WinXP 61.227.62.166 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:01:00 WinXP 91.64.103.82 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:05:00 Win2K-f 200.42.210.93 (TRICOM.NET):
TRICOM,
SANTO DOMINGO, DISTRITO NACIONAL, DO. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:09:00 WinXP 114.120.6.239 (-):
. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 35 a12b896387
[Firefox: 4 hits: 07-29 to 08-18] none[none] none:none
none|none none none

T:17:17:00 WinXP 91.64.103.82 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:21:00 WinXP 122.121.127.116 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:22:00 WinXP 114.45.210.137 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:37:00 Win2K-f 68.74.67.119 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:209.84.20.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

17:47:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:18:01:00 Win2K-f 122.121.127.116 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:03:00 Win2K-f 190.174.17.103 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:03:00 WinXP 118.169.208.84 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:03:00 WinXP 217.114.224.165 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 25 of 36 57c01c2c84
NEW none[none] none:none
none|none none none

18:04:00 Win2K-f 89.137.75.8 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:04:00 Win2K-f 92.80.38.86 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:07:00 Win2K-f 122.195.222.149 (MAIL.NEDER.CN):
CNC GROUP JIANGSU PROVINCE NETWORK,
NANJING, JIANGSU, CN. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:09:00 Win2K-f 88.161.7.117 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:09:00 WinXP 125.230.100.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:09:00 Win2K-f 88.161.7.117 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:10:00 Win2K-f 92.125.41.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:11:00 WinXP 80.48.35.20 (-):
SPOLDZIELNIA MIESZKANIOWA SIARKOWIEC W TARNOBRZEGU,
PL. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:12:00 WinXP 78.96.239.186 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:13:00 WinXP 63.151.226.39 (-):
SAN ILDEONFONSO PUEBLO,
SANTA FE, NEW MEXICO, US. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:22:00 WinXP 92.82.62.90 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:27:00 WinXP 123.195.211.210 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 26 of 36 6b9d32677d
NEW none[none] none:none
none|none none none

18:31:00 Win2K-f 118.171.144.105 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:35:00 Win2K-f 118.167.199.113 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:38:00 WinXP 92.81.185.121 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:38:00 Win2K-f 125.230.100.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:39:00 Win2K-f 24.189.18.119 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:42:00 Win2K-f 92.125.41.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:44:00 Win2K-f 63.151.226.39 (-):
SAN ILDEONFONSO PUEBLO,
SANTA FE, NEW MEXICO, US. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:46:00 WinXP 92.80.38.86 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:54:00 WinXP 118.167.199.113 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

18:55:00 Win2K-f 92.82.62.90 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

19:00:00 WinXP 76.87.2.206 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org
SE:coins.dal.net
AT:graz.at.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:viking.dal.net
:caen.fr.eu.undernet.org
:brussels.be.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:vancouver.dal.net
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
SE:ced.dal.net
:gaspode.zanet.org.za
:washington.dc.us.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:513 hits: 12-31 to 08-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

19:03:00 WinXP 189.81.7.62 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:10:00 Win2K-f 123.195.211.210 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:10:00 Win2K-f 89.137.75.8 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
http
243 lines Yeah : 1.3
profile none summary
tarball 11 of 36
11 of 36
13 of 31 19b04193aa
NEW
d869c82fb8
NEW
e8d4d8cde1
[Firefox:528 hits: 03-31 to 08-26] none[none]
none [none]
fda109a6fd[0] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=583
embedded dns none
none
trace

T:19:18:00 WinXP 116.123.95.138 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33
0 of 33 168aab35a3
[Firefox:120 hits: 06-17 to 08-26]
667f0c59f3
[Firefox:20 hits: 07-04 to 08-25]
e07c29c4ae
[Firefox:376 hits: 06-19 to 08-26] none[4]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
none|none
FSG| none
none
lines=92 trace
none
trace

19:19:00 WinXP 75.143.201.63 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 210.245.211.11:65520 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 445 pcap raw alerts
ruleset http
irc
14 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:18 hits: 08-02 to 08-26] none[none] none:none
none|none none none

20:04:00 WinXP 75.39.192.106 (SBCGLOBAL.NET):
PPPOX POOL - RBACK4.SPFDMO,
SPRINGFIELD, MISSOURI, US. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d175bad0e6
[Firefox: 5 hits: 04-05 to 08-12] dfb15f5463 [0] ASM:Graph
tElock| lines=81
embedded dns trace

20:12:00 WinXP 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:17:00 WinXP 99.181.179.171 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:209.84.20.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:22:00 WinXP 203.106.183.5 (TM.NET.MY):
INFRA-TMNET,
TAIPING, PERAK, MY. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 3874ef05b8
[Firefox: 2 hits: 07-23 to 08-17] none[none] none:none
none|none none none

T:21:24:00 WinXP 86.96.91.17 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 4c27e2165f
NEW none[4] none:none
PolyEnE| none trace

T:21:41:00 WinXP 12.210.18.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
PECATONICA, ILLINOIS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
US:master-x.com
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
8 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:492 hits: 01-01 to 08-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:21:41:00 Win2K-f 71.100.161.168 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
VALRICO, FLORIDA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
a08f3b74a4
[Firefox:637 hits: 06-18 to 08-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:43:00 WinXP 66.61.16.150 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALEXANDRIA, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:43:00 WinXP 79.132.196.114 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox:28 hits: 04-18 to 08-26] none[3] none:none
tElock| none trace

21:50:00 WinXP 24.31.224.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
258 lines Yeah : 1.3
profile none summary
tarball 32 of 36 2bc347d52d
[Firefox: 4 hits: 08-04 to 08-19] none[none] none:none
none|none none none

22:10:00 Win2K-f 71.98.211.107 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW PORT RICHEY, FLORIDA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:14:00 WinXP 219.110.38.84 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:338 hits: 01-05 to 08-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

22:28:00 WinXP 209.198.17.3 (NAVACORE.NET):
MULTINET CONNECTION,
ROCK HILL, SOUTH CAROLINA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
16 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29 6d7cb00d2f
NEW
a12cab51ef
[Firefox:492 hits: 01-01 to 08-26] none[none]
40f7f463c4[0] none:none
ASM:Graph
none|none
ASPack| none
lines=281
embedded dns none
trace

T:22:33:00 Win2K-f 4.163.233.237 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AURORA, COLORADO, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
132 lines Yeah : 1.3
profile none summary
tarball 28 of 32 9bc67c754e
[Firefox: 4 hits: 06-28 to 08-23] none[none] none:none
none|none none none

T:22:44:00 Win2K-f 211.24.192.134 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a US:microsoft.com
US:download.microsoft.com
US:209.84.20.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
57ce4acac2
[Firefox:153 hits: 06-17 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:47:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1888 hits: 06-17 to 08-26]
73f1082158
[Firefox:945 hits: 06-18 to 08-26]
b5919931fe
[Firefox:482 hits: 06-20 to 08-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:22:53:00 Win2K-f 64.184.89.92 (SWAYZEE.COM):
SWAYZEE TELEPHONE CO,
SWAYZEE, INDIANA, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:06:00 WinXP 70.182.251.209 (MAXONCORP.COM):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. n/a CA:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset irc
641 lines Yeah : 1.3
profile none summary
tarball 30 of 32 54f5031c41
[Firefox: 3 hits: 03-03 to 08-05] 18557d626e [0] ASM:Graph
ASPack| lines=34 trace

T:23:06:00 WinXP 60.56.104.20 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:338 hits: 01-05 to 08-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:23:06:00 WinXP 60.250.201.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c8891a31bc
NEW none[none] none:none
none|none none none