Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

30 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:07:00 WinXP 220.221.126.25 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TAKAOKA, TOYAMA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:342 hits: 01-05 to 08-27] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:09:00 Win2K-f 63.18.48.162 (UU.NET):
UUNET TECHNOLOGIES INC,
WESTMINSTER, COLORADO, US. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
679 lines Yeah : 1.8
profile none summary
tarball 32 of 36
30 of 36
35 of 36 2263d117b1
NEW
5c6c664c09
[Firefox:13 hits: 08-29 to 08-29]
b6b225d886
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

00:21:00 Win2K-f 203.82.126.133 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a
115.126.2.110:80 135 pcap raw alerts
ruleset irc
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:00:25:00 WinXP 89.218.205.91 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 aa8b4c41e2
NEW none[none] none:none
none|none none none

00:27:00 WinXP 125.173.111.88 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:520 hits: 01-01 to 08-29] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

00:32:00 Win2K-f 222.216.119.177 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
BEIJING, BEIJING, CN. 210.245.211.11:65520 :fleshkatera.cn
HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.110:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
http
114 lines Yeah : 0.8
profile none summary
tarball 30 of 36 5c6c664c09
[Firefox:13 hits: 08-29 to 08-29] none[none] none:none
none|none none none

00:33:00 Win2K-f 72.183.48.212 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:41:00 WinXP 70.247.224.169 (SWBELL.NET):
JORGE RICHARDO GARCIA ,
DALLAS, TEXAS, US. (100Mbps) n/a 135 pcap raw alerts
ruleset other
37 lines Yeah : 1.3
profile none summary
tarball 1 of 36 a1ae461b68
NEW none[none] none:none
none|none none none

00:42:00 WinXP 219.162.115.142 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
FUKUOKA, FUKUOKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:342 hits: 01-05 to 08-27] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:48:00 Win2K-f 61.32.176.103 (BORA.NET):
DACOM CORP,
KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:20:00 Win2K-f 61.220.116.19 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
57ce4acac2
[Firefox:165 hits: 06-17 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:23:00 WinXP 121.254.78.219 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:30:00 WinXP 98.174.201.147 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:01:37:00 WinXP 58.188.57.156 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:521 hits: 12-31 to 08-29] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

01:46:00 Win2K-f 203.91.181.194 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 67.43.236.66:8080 CA:xx.ka3ek.com
CA:alwayssam.com
:zonetech.info
CA:ns.ircstyle.net
CA:ns.enterhere.biz
US:130.107.166.166:26969 135 pcap raw alerts
ruleset irc
http
286 lines Yeah : 1.8
profile none summary
tarball 16 of 36
31 of 33
14 of 36
22 of 36
23 of 36 2180dd939c
NEW
954a98c971
[Firefox: 9 hits: 06-09 to 08-17]
9b09258622
[Firefox:12 hits: 08-05 to 08-29]
9f6d05a60b
NEW
f922fdc9fd
NEW none[none]
none [4]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
FSG|
none|none
none|none
none|none none
none
none
none
none none
trace
none
none
none

T:01:50:00 WinXP 124.155.92.73 (ASAHI-NET.OR.JP):
ASAHI-NET-CIDR-BLK,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 32 8ae058b2d0
[Firefox:12 hits: 05-01 to 08-27] e6a9383b75 [0] ASM:Graph
none|none lines=59 trace

01:50:00 WinXP 125.203.100.152 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:520 hits: 01-01 to 08-29] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

01:57:00 WinXP 78.96.178.119 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:01:57:00 Win2K-f 78.96.241.143 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

01:57:00 WinXP 78.96.241.143 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:01:57:00 WinXP 193.188.83.68 (JOHUD.ORG.JO):
LOCAL INTERNET PROVIDER REGISTRY,
AMMAN, 'AMMAN, JO. n/a
JO:193.188.83.68:15059 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:58:00 Win2K-f 92.83.78.159 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

01:58:00 Win2K-f 118.166.54.51 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

01:58:00 WinXP 85.206.172.75 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a 445 pcap raw alerts
ruleset other
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:59:00 Win2K-f 78.159.132.137 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:01:00 Win2K-f 92.226.89.219 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:02:00 WinXP 85.186.160.150 (-):
ASTRAL-BZ-CPE,
BUZAU, BUZAU, RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:04:00 WinXP 85.186.210.241 (UPCNET.RO):
ASTRAL-UPC,
PLOIESTI, PRAHOVA, RO. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
109 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:09:00 Win2K-f 124.105.72.123 (PLDT.NET):
IPG,
PH. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:11:00 WinXP 78.96.178.119 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:12:00 Win2K-f 91.66.201.119 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:12:00 Win2K-f 78.51.83.229 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:15:00 Win2K-f 94.28.154.180 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:19:00 Win2K-f 92.83.78.159 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:20:00 WinXP 89.137.132.60 (-):
ASTRAL BISTRITA DOCSIS NETWORK,
RO. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:21:00 WinXP 217.114.226.43 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:23:00 Win2K-f 89.137.132.60 (-):
ASTRAL BISTRITA DOCSIS NETWORK,
RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:25:00 Win2K-f 78.97.105.11 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:26:00 WinXP 92.80.19.149 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:27:00 Win2K-f 78.96.245.196 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 24 of 35 3db95ff5ed
NEW none[none] none:none
none|none none none

T:02:30:00 WinXP 172.129.237.7 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 3373948767
[Firefox:20 hits: 07-03 to 08-29]
c73f738c30
[Firefox:20 hits: 07-03 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

02:37:00 WinXP 78.54.96.72 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 31 of 36 50f889782d
[Firefox: 3 hits: 08-26 to 08-29] none[none] none:none
none|none none none

02:37:00 WinXP 87.119.229.227 (SARANSK.RU):
BRANCH IN MORDOVIAN REPUBLIC OJSC VOLGATELECOM,
RU. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:40:00 Win2K-f 87.67.195.76 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BE. (DSL) n/a :f.unicat.org 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

02:44:00 Win2K-f 78.96.245.196 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 24 of 35 3db95ff5ed
NEW none[none] none:none
none|none none none

02:48:00 Win2K-f 78.96.240.24 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:50:00 WinXP 78.54.96.72 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 31 of 36 50f889782d
[Firefox: 3 hits: 08-26 to 08-29] none[none] none:none
none|none none none

T:02:52:00 Win2K-f 92.83.142.153 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:55:00 Win2K-f 125.230.9.207 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:02:58:00 WinXP 87.67.195.76 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BE. (DSL) 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:01:00 Win2K-f 78.96.216.61 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
32 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:02:00 WinXP 217.114.226.43 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:06:00 WinXP 118.166.54.51 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:06:00 WinXP 125.230.9.207 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:07:00 Win2K-f 83.103.222.105 (-):
ASTRAL-ALBA-DOCSIS,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:03:13:00 Win2K-f 92.80.19.149 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:15:00 WinXP 94.28.202.95 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:03:16:00 Win2K-f 91.66.201.119 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:03:27:00 WinXP 85.206.172.75 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:03:31:00 WinXP 81.191.203.148 (BLUECOM.NO):
CATCH COMMUNCIATIONS ASA,
OSLO, OSLO, NO. n/a :www.proxy-socks.net
DE:siliconfireware.ru
:wpad
GB:new.egg.com
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:228 hits: 01-01 to 08-29] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:03:32:00 WinXP 83.103.222.105 (-):
ASTRAL-ALBA-DOCSIS,
RO. 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
FR:www.members.lycos.co.uk
FR:213.193.4.11:80
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
77 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:35:00 WinXP 83.135.36.97 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
BERLIN, BERLIN, DE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:38:00 WinXP 92.80.111.69 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:41:00 Win2K-f 85.186.137.12 (UPCNET.RO):
ASTRAL-UPC,
TIMISOARA, TIMIS, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

03:41:00 WinXP 24.173.86.109 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CORPUS CHRISTI, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:45:00 Win2K-f 208.127.8.163 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:03:59:00 Win2K-f 87.119.229.227 (SARANSK.RU):
BRANCH IN MORDOVIAN REPUBLIC OJSC VOLGATELECOM,
RU. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:03:00 Win2K-f 85.103.51.47 (-):
TURK TELEKOM ADSL-ALCATEL DYNAMIC,
BURSA, BURSA, TR. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:04:00 Win2K-f 77.222.236.61 (NET.PL):
SPRAY-NET-WARSZAWA,
PL. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:04:00 WinXP 114.45.210.111 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:05:00 WinXP 93.108.25.50 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:05:00 Win2K-f 203.217.107.183 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:05:00 Win2K-f 93.124.74.240 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:06:00 WinXP 91.67.96.166 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:06:00 Win2K-f 89.137.58.210 (UPCNET.RO):
ASTRAL-UPC ROMAN,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:07:00 WinXP 89.136.1.35 (-):
ASTRAL GALATI,
GALATI, GALATI, RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:13:00 Win2K-f 89.218.30.116 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:15:00 Win2K-f 89.137.217.14 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:18:00 Win2K-f 83.103.135.197 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:19:00 Win2K-f 81.247.86.196 (ISP.BELGACOM.BE):
SKYNET-ADSL,
CHARLEROI, HAINAUT, BE. (DSL) n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:19:00 WinXP 89.136.31.166 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:21:00 Win2K-f 92.81.89.49 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:24:00 WinXP 62.87.214.207 (NET.PL):
DYNAMIC BROADBAND SERVICES,
WROCLAW, DOLNOSLASKIE, PL. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:28:00 WinXP 89.136.31.166 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:35:00 Win2K-f 81.247.86.196 (ISP.BELGACOM.BE):
SKYNET-ADSL,
CHARLEROI, HAINAUT, BE. (DSL) n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:41:00 WinXP 82.240.208.113 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
130 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:42:00 WinXP 118.166.54.87 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:43:00 Win2K-f 89.137.217.14 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:44:00 Win2K-f 89.136.19.103 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:44:00 Win2K-f 87.247.75.31 (INTURBO.LT):
OPTICAL RESIDENT CLIENT POOL,
LT. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:45:00 WinXP 24.189.18.119 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:04:47:00 WinXP 89.137.61.217 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:48:00 Win2K-f 92.80.112.208 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
240 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

04:48:00 Win2K-f 78.59.180.27 (ZEBRA.LT):
LIETUVOS,
LT. 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
231 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:04:53:00 WinXP 82.240.208.113 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:07:00 WinXP 93.124.74.240 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 69.42.216.110:2112 :f.unicat.org
FR:www.members.lycos.co.uk
JP:X.leetcrew.info 445 pcap raw alerts
ruleset ftp
irc
http
103 lines Yeah : 1.3
profile none summary
tarball 5 of 36
13 of 31 0fe5f1c811
NEW
e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

05:10:00 Win2K-f 89.136.19.103 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. 69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 445 pcap raw alerts
ruleset ftp
irc
http
115 lines Yeah : 1.3
profile none summary
tarball 5 of 36
13 of 31 0fe5f1c811
NEW
e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

T:05:10:00 Win2K-f 122.195.228.47 (MAIL.NEDER.CN):
CNC GROUP JIANGSU PROVINCE NETWORK,
NANJING, JIANGSU, CN. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:11:00 Win2K-f 89.137.61.217 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:11:00 WinXP 211.214.115.13 (-):
HANANET-LLINE-SAHACABLE,
KR. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:05:13:00 WinXP 89.43.121.70 (PLATINIUMNET.RO):
SC PLATINIUM ANDREEA NET SRL,
RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:14:00 Win2K-f 62.142.195.155 (SAUNALAHTI.FI):
VOAS-NET,
VAASA, LANSI-SUOMEN LAANI, FI. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:25:00 Win2K-f 222.70.167.64 (163DATA.COM.CN):
CHINANET SHANGHAI PROVINCE NETWORK,
SHANGHAI, SHANDONG, CN. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
113 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:32:00 WinXP 92.80.112.208 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:36:00 Win2K-f 85.101.139.222 (TTNET.NET.TR):
TURKTELEKOM,
ISTANBUL, ISTANBUL, TR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:38:00 WinXP 87.247.75.31 (INTURBO.LT):
OPTICAL RESIDENT CLIENT POOL,
LT. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:49:00 WinXP 72.251.44.145 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 32 d370fa2826
[Firefox: 5 hits: 04-24 to 07-03] d4427d3b1e [0] ASM:Graph
PolyEnE| lines=68 trace

06:06:00 WinXP 61.91.163.12 (ASIANET.CO.TH):
FIX IP FOR COPORATE CUSTOMER,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1038 hits: 12-31 to 08-29] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:22:00 WinXP 69.221.70.72 (AMERITECH.NET):
PPPOX POOL - RBACK8 SFLDMI,
ALLEN PARK, MICHIGAN, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1038 hits: 12-31 to 08-29] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

06:24:00 Win2K-f 219.115.212.188 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
OSAKA, OSAKA, JP. 194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset other
191 lines Yeah : 1.8
profile none summary
tarball 36 of 36 0c01728b7e
NEW none[none] none:none
none|none none none

T:06:30:00 WinXP 118.86.29.199 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:96 hits: 01-03 to 08-29] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:31:00 WinXP 211.203.31.22 (HANANET.NET):
HANARO TELECOM INC,
KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
1440 lines Yeah : 1.8
profile none summary
tarball 14 of 36
29 of 33
30 of 33
30 of 36
0 of 33 02c3f4a6f5
NEW
3b6cda60f6
NEW
4c9db01aba
NEW
5c6c664c09
[Firefox:13 hits: 08-29 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[none]
3b6cda60f6[1]
none [4]
none [none]
e07c29c4ae[1] none:none
ASM:Graph
none:none
none:none
ASM:Graph
none|none
Armadillo|
tElock|
none|none
FSG| none
lines=81
none
none
lines=92 none
trace
trace
none
trace

06:32:00 WinXP 85.206.172.75 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 69.42.216.108:9890 69.42.216.108:2010 :f.unicat.org
FR:members.lycos.co.uk
:adware.rxmods.net 445 pcap raw alerts
ruleset ftp
irc
http
477 lines Yeah : 1.3
profile none summary
tarball 18 of 35
13 of 31 cd75030ece
[Firefox:19 hits: 07-29 to 08-26]
e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

T:06:34:00 WinXP 201.5.24.119 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
:wpad 445 pcap raw alerts
ruleset http
http
http
http
21 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29
0 of 35 4f317cdb58
NEW
a12cab51ef
[Firefox:496 hits: 01-01 to 08-29]
f8deae8a30
NEW none[none]
40f7f463c4[0]
none [none] none:none
ASM:Graph
none:none
none|none
ASPack|
none|none none
lines=281
embedded dns
none none
trace
none

06:41:00 WinXP 204.215.200.41 (SPRINTLINK.NET):
SPRINT,
PITTSBURGH, PENNSYLVANIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
DE:ebookfinaltrash.ru
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
22 lines Yeah : 0.8
profile none summary
tarball 0 of 36
0 of 36
29 of 29
0 of 36
0 of 36 562b826815
NEW
6dfdf3d693
NEW
a12cab51ef
[Firefox:496 hits: 01-01 to 08-29]
aebea13d48
NEW
d0448bd874
NEW none[none]
none [none]
40f7f463c4[0]
none [none]
none [none] none:none
none:none
ASM:Graph
none:none
none:none
none|none
none|none
ASPack|
none|none
none|none none
none
lines=281
embedded dns
none
none none
none
trace
none
none

06:46:00 WinXP 209.91.150.106 (VIANET.CA):
VIANET INTERNET SOLUTIONS,
SUDBURY, ONTARIO, CA. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:374 hits: 12-31 to 08-27] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:50:00 WinXP 117.99.11.94 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:20 hits: 07-13 to 08-13] none[none] none:none
none|none none none

T:06:58:00 WinXP 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
b7082104e4
[Firefox:119 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

07:20:00 Win2K-f 75.136.135.233 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
181 lines Yeah : 1.3
profile none summary
tarball 29 of 33
0 of 32
29 of 32 ae4bed1aa9
[Firefox: 7 hits: 06-21 to 07-23]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29]
bc51bd8226
[Firefox: 7 hits: 06-21 to 07-23] ae4bed1aa9 [1]
b5919931fe[1]
none [4] ASM:Graph
ASM:Graph
none:none
Armadillo|
ASProtect|
PolyEnE| lines=81
lines=90
none trace
trace
trace

07:34:00 Win2K-f 12.226.103.153 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
DEERFIELD, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

07:36:00 WinXP 24.189.18.119 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

07:38:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:8.12.202.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
57ce4acac2
[Firefox:165 hits: 06-17 to 08-29] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:42:00 Win2K-f 219.49.130.33 (BBTEC.NET):
SOFTBANK BB CORP,
NAGOYA, AICHI, JP. n/a 135 pcap raw alerts
ruleset other
941 lines Yeah : 1.3
profile none summary
tarball 2 of 36 381e3033c0
[Firefox: 2 hits: 08-25 to 08-25] none[none] none:none
none|none none none

07:44:00 WinXP 117.99.8.99 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:washington.dc.us.undernet.org
:flanders.be.eu.undernet.org
SE:qis.md.us.dal.net
SE:vancouver.dal.net
SE:coins.dal.net
SE:ced.dal.net
:brussels.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
AT:graz.at.eu.undernet.org
US:lia.zanet.net
SE:ozbytes.dal.net 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:521 hits: 12-31 to 08-29] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:08:03:00 Win2K-f 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:08:15:00 Win2K-f 71.107.210.4 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:27:00 Win2K-f 69.89.102.70 (ACD.NET):
ACD.NET,
US. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:32:00 Win2K-f 208.105.186.90 (-):
. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:34:00 WinXP 41.214.184.154 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox: 6 hits: 08-06 to 08-24] none[none] none:none
none|none none none

08:43:00 WinXP 24.210.238.24 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEVADA, OHIO, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 ca47a36342
[Firefox: 4 hits: 02-16 to 08-06] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

08:57:00 WinXP 76.244.150.184 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:08:58:00 Win2K-f 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:03:00 WinXP 98.141.161.158 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:11:00 WinXP 98.135.195.113 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:14:00 WinXP 62.11.144.135 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
ROME, LAZIO, IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
8 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29 158e5fdb15
NEW
df17a625ee
[Firefox:228 hits: 01-01 to 08-29] none[none]
9bbdd086c5[0] none:none
ASM:Graph
none|none
ASPack| none
lines=186
embedded dns none
trace

09:25:00 WinXP 60.249.198.98 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
57ce4acac2
[Firefox:165 hits: 06-17 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:35:00 Win2K-f 68.149.138.251 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:07:00 WinXP 89.136.30.123 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:07:00 Win2K-f 92.84.128.199 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:07:00 WinXP 92.84.71.221 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 69.42.216.108:2010 :f.unicat.org
FR:members.lycos.co.uk
:adware.rxmods.net
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
http
864 lines Yeah : 1.3
profile none summary
tarball 18 of 35
13 of 31 cd75030ece
[Firefox:19 hits: 07-29 to 08-26]
e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

T:10:07:00 WinXP 89.137.102.227 (-):
ASTRAL CLUJ-NAPOCA DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:08:00 Win2K-f 206.72.13.41 (LVCTA.COM):
WEBSTER CALHOUN TELEPHONE CO,
FT. DODGE, IOWA, US. (DSL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:08:00 WinXP 76.182.2.6 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a GB:new.egg.com
:wpad
EU:siliconfireware.ru
:www.proxy-socks.net
RU:www.vtb.ru
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
24 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:496 hits: 01-01 to 08-29] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

10:08:00 WinXP 87.116.197.239 (TNP.PL):
NETWORK OF INTERNET SERVICE PROVIDER,
PL. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:14:00 WinXP 92.80.91.204 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:14:00 Win2K-f 78.97.38.161 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
FR:213.193.4.11:80 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:19:00 WinXP 85.87.84.19 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 11bd87fadb
NEW none[none] none:none
none|none none none

10:19:00 Win2K-f 89.123.4.245 (PLATINUMGROUP.RO):
ARTELECOM,
BUCHAREST, BUCURESTI, RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:20:00 WinXP 85.87.84.19 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 11bd87fadb
NEW none[none] none:none
none|none none none

T:10:22:00 Win2K-f 92.84.71.221 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:22:00 Win2K-f 88.134.26.84 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:22:00 Win2K-f 89.137.190.169 (-):
ASTRAL ROMAN DOCSIS NETWORK,
RO. 69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:25:00 WinXP 82.240.12.98 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:29:00 Win2K-f 92.112.170.135 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:29:00 WinXP 78.96.13.31 (-):
ASTRAL BUZAU DOCSIS,
BUZAU, BUZAU, RO. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:56:00 WinXP 76.182.2.6 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29 5ee0619bf1
NEW
a12cab51ef
[Firefox:496 hits: 01-01 to 08-29] none[none]
40f7f463c4[0] none:none
ASM:Graph
none|none
ASPack| none
lines=281
embedded dns none
trace

11:02:00 WinXP 69.205.31.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GLENS FALLS, NEW YORK, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:521 hits: 12-31 to 08-29] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

11:42:00 Win2K-f 206.188.64.70 (CIA.COM):
CYBERSURF INC,
TORONTO, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:52:00 WinXP 118.219.236.35 (-):
. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
irc
1095 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33
28 of 35
0 of 33 168aab35a3
[Firefox:123 hits: 06-17 to 08-29]
667f0c59f3
[Firefox:21 hits: 07-04 to 08-27]
76284cc80d
NEW
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
none [none]
none [none]
e07c29c4ae[1] none:none
none:none
none:none
ASM:Graph
tElock|
none|none
none|none
FSG| none
none
none
lines=92 trace
none
none
trace

T:12:09:00 WinXP 75.137.152.95 (CHARTER.COM):
CHARTER COMMUNICATIONS,
CARROLLTON, GEORGIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 a29a91a2bf
NEW none[none] none:none
none|none none none

12:25:00 WinXP 24.79.210.156 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SHERWOOD PARK, ALBERTA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
2 of 32 607b60ad51
[Firefox:30 hits: 06-20 to 08-27]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29]
e5c7bce70e
[Firefox:28 hits: 06-20 to 08-26] none[4]
e07c29c4ae[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

T:12:37:00 Win2K-f 124.241.183.38 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:48:00 Win2K-f 4.236.126.194 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOKLYN, NEW YORK, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:08:00 WinXP 66.61.16.150 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALEXANDRIA, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:11:00 WinXP 122.146.241.93 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:30:00 WinXP 62.248.24.136 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
GAZIANTEP, GAZIANTEP, TR. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:22 hits: 08-02 to 08-29] none[none] none:none
none|none none none

14:06:00 Win2K-f 61.34.194.118 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. (100Mbps) 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
1067 lines Yeah : 1.8
profile none summary
tarball 14 of 36
32 of 33
28 of 35
30 of 33
0 of 32 170bd28bd5
NEW
3690b64ca2
[Firefox: 6 hits: 06-18 to 08-19]
76284cc80d
NEW
a6fb77fd26
[Firefox: 6 hits: 06-18 to 08-19]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[none]
none [4]
none [none]
a6fb77fd26[1]
b5919931fe[1] none:none
none:none
none:none
ASM:Graph
ASM:Graph
none|none
PolyEnE|
none|none
Armadillo|
ASProtect| none
none
none
lines=82
lines=90 none
trace
none
trace
trace

14:10:00 WinXP 78.84.11.162 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 141012d570
NEW none[none] none:none
none|none none none

T:14:12:00 Win2K-f 75.79.36.233 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:12:00 WinXP 114.120.22.130 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1038 hits: 12-31 to 08-29] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:29:00 WinXP 203.97.117.110 (TELSTRACLEAR.NET):
TELSTRACLEAR CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn 445 pcap raw alerts
ruleset http
irc
186 lines Yeah : 1.3
profile none summary
tarball 10 of 33
35 of 36
28 of 35 40a4fd1ff2
NEW
6e91805d97
NEW
76284cc80d
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

14:39:00 WinXP 24.84.193.17 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:520 hits: 01-01 to 08-29] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

15:04:00 Win2K-f 206.171.178.11 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:26:00 WinXP 70.119.118.155 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:15:27:00 Win2K-f 71.104.53.216 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ONTARIO, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

15:38:00 Win2K-f 70.248.127.208 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:45:00 WinXP 75.138.123.65 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:22 hits: 08-02 to 08-29] none[none] none:none
none|none none none

T:16:21:00 WinXP 41.214.165.15 (-):
. 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 36 of 36 41065f98ee
[Firefox: 2 hits: 08-04 to 08-11] none[none] none:none
none|none none none

T:16:22:00 Win2K-f 98.105.107.77 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
989 lines Yeah : 1.8
profile none summary
tarball 28 of 35
34 of 36 76284cc80d
NEW
ab74e24581
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:26:00 WinXP 4.232.255.34 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TORRANCE, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ae77764fc7
NEW none[none] none:none
none|none none none

16:28:00 WinXP 99.170.21.97 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:16:36:00 Win2K-f 66.16.14.111 (CAVTEL.NET):
CAVALIER TELEPHONE,
FALLS CHURCH, VIRGINIA, US. 210.245.211.11:65520 :fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
102 lines Yeah : 0.8
profile none summary
tarball 28 of 35 76284cc80d
NEW none[none] none:none
none|none none none

T:16:38:00 WinXP 67.128.191.103 (SIDLINGER.COM):
EASTEX TELEPHONE COOPERATIVE INC,
LIVINGSTON, TEXAS, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 8a4c9446ac
NEW none[none] none:none
none|none none none

T:16:40:00 Win2K-f 116.126.249.246 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset irc
http
584 lines Yeah : 1.8
profile none summary
tarball 30 of 33
28 of 35
2 of 35 6ec2a8994b
[Firefox:19 hits: 06-18 to 08-25]
76284cc80d
NEW
bcf66a38c8
[Firefox: 6 hits: 07-30 to 08-25] none[4]
none [none]
none [none] none:none
none:none
none:none
tElock|
none|none
none|none none
none
none trace
none
none

16:48:00 WinXP 4.252.17.30 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BLAINE, MINNESOTA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

16:59:00 WinXP 91.65.214.229 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:16:59:00 WinXP 88.134.166.255 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DRESDEN, SACHSEN, DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:02:00 Win2K-f 218.163.153.27 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:02:00 Win2K-f 190.49.206.191 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:03:00 WinXP 78.54.103.123 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 31 of 36 50f889782d
[Firefox: 3 hits: 08-26 to 08-29] none[none] none:none
none|none none none

T:17:04:00 WinXP 88.134.232.150 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:04:00 Win2K-f 201.221.5.106 (DEDICADO.COM.UY):
TECNOWIND S.A,
BUENOS AIRES, BUENOS AIRES, AR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:06:00 Win2K-f 81.9.185.220 (CM-81-9-185-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:07:00 WinXP 201.87.25.225 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:08:00 WinXP 81.247.46.204 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BRUSSELS, BRUSSELS, BE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:08:00 Win2K-f 201.254.42.211 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:11:00 WinXP 92.47.252.208 (IKBCC.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:15:00 WinXP 91.178.70.220 (ISP.BELGACOM.BE):
BELGACOM,
BE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:19:00 WinXP 59.112.228.172 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:25:00 WinXP 190.49.206.191 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:32:00 Win2K-f 70.120.224.189 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

17:34:00 Win2K-f 77.20.200.217 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:37:00 Win2K-f 78.96.178.184 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:37:00 Win2K-f 70.74.65.218 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
DAWSON CREEK, BRITISH COLUMBIA, CA. (DSL) 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
60 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:43:00 WinXP 81.247.46.204 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BRUSSELS, BRUSSELS, BE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:44:00 Win2K-f 61.216.168.184 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:17:45:00 Win2K-f 78.53.2.34 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:03:00 WinXP 41.214.174.174 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 41065f98ee
[Firefox: 2 hits: 08-04 to 08-11] none[none] none:none
none|none none none

18:04:00 WinXP 123.195.216.157 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:04:00 WinXP 59.112.228.172 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:06:00 WinXP 91.178.70.220 (ISP.BELGACOM.BE):
BELGACOM,
BE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:605 hits: 03-31 to 08-29] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:18:08:00 Win2K-f 88.214.166.112 (-):
GPRS COSTUMERS,
PT. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:12:00 Win2K-f 88.214.166.112 (-):
GPRS COSTUMERS,
PT. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:15:00 WinXP 92.227.32.5 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:17:00 Win2K-f 90.150.146.193 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:19:00 WinXP 122.123.130.111 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:25:00 Win2K-f 123.195.216.157 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:36:00 Win2K-f 78.96.178.184 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:38:00 Win2K-f 81.9.185.220 (CM-81-9-185-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:41:00 WinXP 66.75.198.30 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BAKERSFIELD, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:374 hits: 12-31 to 08-27] 048df78048 [0] ASM:Graph
none|none lines=61 trace

18:52:00 Win2K-f 125.58.120.191 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:54:00 WinXP 208.84.203.85 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.104.126:80
US:207.123.37.123:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:00:00 Win2K-f 70.120.224.189 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:03:00 WinXP 70.241.114.6 (SWBELL.NET):
PPPOX POOL - RBACK21 HSTNTX,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:17:00 Win2K-f 122.123.130.111 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:25:00 WinXP 24.67.37.186 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
118 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
23 of 33 bca9e0fb5f
[Firefox:25 hits: 06-18 to 08-26]
e07c29c4ae
[Firefox:396 hits: 06-19 to 08-29]
e53a9ea82e
[Firefox:25 hits: 06-18 to 08-26] none[4]
e07c29c4ae[1]
e53a9ea82e[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

T:19:37:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:47:00 WinXP 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:54:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
682 lines Yeah : 1.3
profile none summary
tarball 32 of 36
28 of 35 3ce03798f4
NEW
76284cc80d
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:59:00 Win2K-f 88.134.54.195 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:59:00 WinXP 125.101.54.39 (UCOM.NE.JP):
G-MG0001N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 32 of 33 3e209ce796
[Firefox: 2 hits: 06-19 to 07-04] none[4] none:none
none|none none trace

19:59:00 WinXP 219.109.123.92 (CATVNET.NE.JP):
CATV NETWORK SERVICES(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:520 hits: 01-01 to 08-29] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

20:26:00 WinXP 4.234.36.163 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:35:00 WinXP 12.78.7.31 (ATT.NET):
AT&T WORLDNET SERVICES,
MIAMI, FLORIDA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:374 hits: 12-31 to 08-27] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:20:42:00 WinXP 121.84.188.3 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:109 hits: 01-08 to 08-27] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

21:01:00 Win2K-f 204.116.74.97 (-):
INTERNET PUBLISHING COMPANY,
MT. AIRY, NORTH CAROLINA, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
948 lines Yeah : 1.8
profile none summary
tarball 28 of 35
0 of 32
31 of 33
29 of 33 76284cc80d
NEW
b5919931fe
[Firefox:518 hits: 06-20 to 08-29]
dfbaaf577c
[Firefox: 9 hits: 06-18 to 08-20]
f504b4af20
[Firefox: 9 hits: 06-18 to 08-20] none[none]
b5919931fe[1]
none [4]
f504b4af20[1] none:none
ASM:Graph
none:none
ASM:Graph
none|none
ASProtect|
tElock|
Armadillo| none
lines=90
none
lines=82 none
trace
trace
trace

21:02:00 WinXP 66.53.219.38 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 28 of 36 33db90e243
NEW none[none] none:none
none|none none none

21:12:00 WinXP 4.162.165.225 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:14:00 WinXP 117.99.55.4 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

21:24:00 Win2K-f 58.232.220.214 (-):
THRUNET-INFRA-BUSAN06,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
857 lines Yeah : 1.8
profile none summary
tarball 27 of 33
28 of 35
0 of 32
31 of 33 1951eee0cd
[Firefox: 4 hits: 06-18 to 08-24]
76284cc80d
NEW
b5919931fe
[Firefox:518 hits: 06-20 to 08-29]
e5e0dbde57
[Firefox: 4 hits: 06-18 to 08-24] 1951eee0cd [1]
none [none]
b5919931fe[1]
none [4] ASM:Graph
none:none
ASM:Graph
none:none
Armadillo|
none|none
ASProtect|
tElock| lines=82
none
lines=90
none trace
none
trace
trace

21:30:00 Win2K-f 71.179.148.177 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BALTIMORE, MARYLAND, US. 210.245.211.11:65520 :fleshkatera.cn
HK:proxim.ircgalaxy.pl
115.126.2.110:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
http
105 lines Yeah : 0.8
profile none summary
tarball 28 of 35 76284cc80d
NEW none[none] none:none
none|none none none

21:35:00 WinXP 65.189.151.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
73f1082158
[Firefox:977 hits: 06-18 to 08-29] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:46:00 Win2K-f 116.127.144.171 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset http
irc
879 lines Yeah : 1.8
profile none summary
tarball 32 of 36
28 of 35
34 of 36
0 of 32 0c3d1ec2df
[Firefox: 3 hits: 08-11 to 08-26]
76284cc80d
NEW
8de905030e
[Firefox: 3 hits: 08-11 to 08-26]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[none]
none [none]
none [none]
b5919931fe[1] none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
ASProtect| none
none
none
lines=90 none
none
none
trace

21:47:00 Win2K-f 116.127.144.171 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
115.126.2.110:80 135 pcap raw alerts
ruleset irc
http
428 lines Yeah : 1.8
profile none summary
tarball 32 of 36
28 of 35
34 of 36 0c3d1ec2df
[Firefox: 3 hits: 08-11 to 08-26]
76284cc80d
NEW
8de905030e
[Firefox: 3 hits: 08-11 to 08-26] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

21:55:00 WinXP 122.146.82.67 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:56:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com 135 pcap raw alerts
ruleset other
122 lines Yeah : 1.8
profile none summary
tarball 33 of 33 e30fb27bda
[Firefox: 6 hits: 07-07 to 08-29] none[none] none:none
none|none none none

22:00:00 Win2K-f 208.82.42.92 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:04:00 Win2K-f 92.97.101.169 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.110:80 445 pcap raw alerts
ruleset irc
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:14:00 WinXP 200.234.14.127 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com
:parex-bank.ru 445 pcap raw alerts
ruleset http
irc
26 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:30 hits: 07-28 to 08-27] none[none] none:none
none|none none none

T:22:17:00 Win2K-f 200.234.14.127 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
115.126.2.110:80 445 pcap raw alerts
ruleset irc
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:29:00 Win2K-f 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
57ce4acac2
[Firefox:165 hits: 06-17 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:33:00 WinXP 76.254.85.180 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:109 hits: 01-08 to 08-27] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

22:36:00 Win2K-f 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1954 hits: 06-17 to 08-29]
a08f3b74a4
[Firefox:657 hits: 06-18 to 08-29]
b5919931fe
[Firefox:518 hits: 06-20 to 08-29] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:22:43:00 Win2K-f 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:165 hits: 06-17 to 08-29] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

T:23:54:00 WinXP 124.83.17.75 (PLDT.NET):
BNKC7300I01_CONSUMER,
PH. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none