Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 September 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:16:00 WinXP 202.132.182.207 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:33:00 WinXP 130.13.37.211 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:431 hits: 12-31 to 09-26] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:00:37:00 Win2K-f 69.218.232.141 (AMERITECH.NET):
PPPOX POOL - RBACK5 WOTNOH,
COLUMBUS, OHIO, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26]
b5919931fe
[Firefox:661 hits: 06-20 to 09-26] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:01:18:00 WinXP 59.124.207.25 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 cdf8cd94a9
[Firefox:13 hits: 09-14 to 09-26] none[none] none:none
none|none none none

T:01:20:00 Win2K-f 71.104.36.232 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
POMONA, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:26:00 Win2K-f 70.169.53.144 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:31:00 WinXP 74.67.48.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:36:00 WinXP 114.48.140.168 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:405 hits: 01-05 to 09-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

01:43:00 WinXP 221.235.50.138 (163DATA.COM.CN):
CHINANET HUBEI PROVINCE NETWORK,
WUHAN, HUBEI, CN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 6b1c6d0395
[Firefox: 2 hits: 09-18 to 09-21] none[none] none:none
none|none none none

01:45:00 Win2K-f 12.230.49.196 (ATT.NET):
AT&T WORLDNET SERVICES,
EDMONDS, WASHINGTON, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:56:00 WinXP 85.152.84.52 (CM-85-152-82-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4b2541d5f7
[Firefox: 9 hits: 08-19 to 09-24] none[none] none:none
none|none none none

01:56:00 WinXP 77.253.155.149 (COM.PL):
NETIA,
PL. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
6 lines Yeah : 1.3
profile none summary
tarball 34 of 36 26e3526604
[Firefox: 5 hits: 09-16 to 09-22] none[none] none:none
none|none none none

01:57:00 Win2K-f 202.125.61.237 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 202.125.61.237:1485 67.225.179.181:9991 US:adware.rxmods.net
:dd0sb0tz.msnplanet.org
US:208.73.210.32:80 139 pcap raw alerts
ruleset ftp
lanman
shell
shell
shell
shell
shell
shell
shell
irc
212 lines Yeah : 1.3
profile none summary
tarball 30 of 36 ecaea72984
NEW none[none] none:none
none|none none none

T:02:09:00 WinXP 208.125.77.239 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SYRACUSE, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.41:80
US:208.111.173.42:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:28:00 WinXP 85.84.120.110 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
GETXO, PAIS VASCO, ES. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

02:43:00 WinXP 203.73.84.38 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
57ce4acac2
[Firefox:206 hits: 06-17 to 09-26] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:52:00 WinXP 190.133.133.55 (-):
. 190.133.133.55:2980 67.225.179.181:9991 US:adware.rxmods.net
:dd0sb0tz.msnplanet.org
US:208.73.210.32:80 139 pcap raw alerts
ruleset ftp
lanman
shell
shell
shell
shell
shell
shell
irc
125 lines Yeah : 1.3
profile none summary
tarball 30 of 36 ecaea72984
NEW none[none] none:none
none|none none none

T:03:01:00 Win2K-f 202.125.61.237 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 202.125.61.237:4820 139 pcap raw alerts
ruleset ftp
lanman
shell
shell
shell
shell
shell
shell
103 lines Yeah : 1.3
profile none summary
tarball 30 of 36 ecaea72984
NEW none[none] none:none
none|none none none

03:41:00 WinXP 91.126.54.6 (RP80.SE):
WEBTECH NORD HELSINGBORG,
HELSINGBORG, SKANE, SE. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a9cfbd1b0c
[Firefox: 9 hits: 09-12 to 09-22] none[none] none:none
none|none none none

T:03:43:00 WinXP 151.33.65.157 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:23 hits: 09-13 to 09-26] none[none] none:none
none|none none none

03:43:00 WinXP 151.33.65.157 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:23 hits: 09-13 to 09-26] none[none] none:none
none|none none none

T:04:15:00 Win2K-f 71.85.124.166 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:16:00 Win2K-f 70.184.250.238 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset irc
http
129 lines Yeah : 1.8
profile none summary
tarball 6 of 36
15 of 36
32 of 36
35 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW
bea8cb1865
[Firefox:17 hits: 08-11 to 09-26]
fac78fde16
[Firefox: 3 hits: 09-13 to 09-20] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

04:30:00 Win2K-f 210.236.187.142 (ZTV.NE.JP):
ZTV-CIDR-BLK,
JP. 115.126.2.121:65520 IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com 139 pcap raw alerts
ruleset irc
http
24 lines Yeah : 0.8
profile none summary
tarball 6 of 36
15 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:40:00 WinXP 82.67.4.9 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

04:40:00 WinXP 82.67.4.9 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

04:50:00 Win2K-f 200.68.80.237 (IPLANNETWORKS.NET):
NSS S.A,
LA PLATA, BUENOS AIRES, AR. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

04:58:00 WinXP 118.237.123.68 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 27b945de66
[Firefox:24 hits: 06-20 to 09-26] none[4] none:none
none|none none trace

05:00:00 Win2K-f 87.12.150.187 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 213.239.192.125:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:05:08:00 WinXP 83.132.30.197 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
AMADORA, LISBOA, PT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox: 9 hits: 09-14 to 09-23] none[none] none:none
none|none none none

T:05:19:00 WinXP 80.191.115.222 (-):
REGIONAL LIBRARAY OF SCIENCE AND TECHNOLOGY,
SHIRAZ, FARS, IR. n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:254 hits: 01-01 to 09-25] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:05:50:00 WinXP 78.34.27.109 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 cdf8cd94a9
[Firefox:13 hits: 09-14 to 09-26] none[none] none:none
none|none none none

05:50:00 WinXP 78.34.27.109 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 cdf8cd94a9
[Firefox:13 hits: 09-14 to 09-26] none[none] none:none
none|none none none

T:05:59:00 WinXP 88.233.111.167 (TTNET.NET.TR):
TT ADSL-ALCATEL_GAY,
ISTANBUL, ISTANBUL, TR. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 75537c16ed
NEW none[none] none:none
none|none none none

T:06:05:00 WinXP 82.170.90.8 (TISCALI.NL):
WOL,
ROTTERDAM, ZUID-HOLLAND, NL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:120 hits: 01-03 to 09-26] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

06:09:00 Win2K-f 71.96.23.110 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
GARLAND, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

06:14:00 WinXP 211.135.170.88 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:564 hits: 01-01 to 09-26] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

06:15:00 WinXP 203.91.178.142 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
185 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 389cf0c860
[Firefox: 3 hits: 08-26 to 09-20]
ed7d5d9ce7
[Firefox: 4 hits: 08-26 to 09-20] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:38:00 WinXP 85.87.32.231 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5ab10310c8
NEW none[none] none:none
none|none none none

T:06:40:00 WinXP 41.214.169.180 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:23 hits: 09-13 to 09-26] none[none] none:none
none|none none none

06:40:00 WinXP 217.201.51.3 (-):
TELECOM ITALIA MOBILE,
IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:53:00 WinXP 189.48.27.220 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:57:00 Win2K-f 81.196.65.23 (RDSNET.RO):
RCS-RDS-CABLELINK,
TIMISOARA, TIMIS, RO. (100Mbps) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:24 hits: 07-13 to 09-26] none[none] none:none
none|none none none

07:03:00 WinXP 87.61.171.75 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 c05385e600
[Firefox:17 hits: 01-20 to 09-23] 6a383b021d [0] ASM:Graph
PolyEnE| lines=68 trace

07:07:00 WinXP 209.29.94.188 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:07:00 Win2K-f 218.53.85.116 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
US:b155.bundlext.com
IL:194.90.224.86:80 139 pcap raw alerts
ruleset irc
http
30 lines Yeah : 1.3
profile none summary
tarball 6 of 36
15 of 36
34 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW
7f97212593
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

07:08:00 WinXP 218.53.85.116 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
115.126.2.121:65520
IL:62.90.134.24:80 139 pcap raw alerts
ruleset irc
http
23 lines Yeah : 1.3
profile none summary
tarball 15 of 36
34 of 36 7085b2c2d6
NEW
7f97212593
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

07:14:00 WinXP 75.176.35.32 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GASTONIA, NORTH CAROLINA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
:wpad
EU:crutop.nu
RU:195.200.213.54:80
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:254 hits: 01-01 to 09-25] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

07:18:00 Win2K-f 99.224.84.91 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:21:00 WinXP 170.51.148.185 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 51a6d370b6
NEW none[none] none:none
none|none none none

07:24:00 WinXP 118.236.205.62 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 93385541f3
[Firefox:28 hits: 06-22 to 09-17] none[4] none:none
none|none none trace

T:07:44:00 WinXP 82.67.224.34 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

07:44:00 Win2K-f 78.56.203.103 (ZEBRA.LT):
LIETUVOS,
LT. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:44:00 Win2K-f 151.80.206.178 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:45:00 WinXP 87.12.150.195 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 213.239.192.125:5001 DE:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:49:00 WinXP 186.12.100.252 (-):
. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

07:49:00 Win2K-f 190.176.170.216 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:50:00 WinXP 170.51.124.10 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 DE:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:51:00 WinXP 170.51.124.10 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:52:00 Win2K-f 87.12.150.195 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:59:00 Win2K-f 170.51.117.195 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 :proxim.ircgalaxy.pl
DE:cookie.roltf.ws
115.126.2.121:65520
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 33 of 36 afa3d78300
NEW none[none] none:none
none|none none none

08:01:00 WinXP 78.82.192.142 (TELENOR.SE):
TELENOR BUSINESS SOLUTION AB,
SE. n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
:london.uk.eu.undernet.org
SE:coins.dal.net
:washington.dc.us.undernet.org
SE:viking.dal.net
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:broadway.ny.us.dal.net
SE:vancouver.dal.net
NL:diemen.nl.eu.undernet.org
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
AT:graz.at.eu.undernet.org
US:lia.zanet.net
:brussels.be.eu.undernet.org
:caen.fr.eu.undernet.org
:flanders.be.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 35 b9e6a0c882
[Firefox: 7 hits: 09-12 to 09-25] none[none] none:none
none|none none none

T:08:01:00 WinXP 78.82.192.142 (TELENOR.SE):
TELENOR BUSINESS SOLUTION AB,
SE. n/a RU:moscow-advokat.ru
NO:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
SE:coins.dal.net
SE:qis.md.us.dal.net
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
SE:ced.dal.net
SE:viking.dal.net
SE:ozbytes.dal.net
US:lia.zanet.net
SE:broadway.ny.us.dal.net
NL:diemen.nl.eu.undernet.org
:gaspode.zanet.org.za
SE:vancouver.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 b9e6a0c882
[Firefox: 7 hits: 09-12 to 09-25] none[none] none:none
none|none none none

08:10:00 Win2K-f 151.23.128.123 (-):
INFOSTRADA (IUNET),
IT. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:11:00 Win2K-f 151.23.128.123 (-):
INFOSTRADA (IUNET),
IT. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:18:00 WinXP 151.23.132.138 (-):
INFOSTRADA (IUNET),
IT. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:18:00 WinXP 151.23.132.138 (-):
INFOSTRADA (IUNET),
IT. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:18:00 Win2K-f 151.33.195.115 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:19:00 WinXP 151.33.195.115 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:25:00 WinXP 117.99.50.54 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
SE:ozbytes.dal.net
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net
SE:broadway.ny.us.dal.net
SE:ced.dal.net
SE:coins.dal.net
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:qis.md.us.dal.net
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

08:26:00 Win2K-f 170.51.140.158 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:30:00 Win2K-f 151.23.135.119 (-):
INFOSTRADA (IUNET),
IT. n/a DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
13 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:31:00 Win2K-f 151.23.135.119 (-):
INFOSTRADA (IUNET),
IT. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:33:00 Win2K-f 200.99.242.145 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:33:00 WinXP 200.99.242.145 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:35:00 Win2K-f 186.12.126.174 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 35 08c1ee9daf
NEW none[none] none:none
none|none none none

T:08:36:00 WinXP 186.12.126.174 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:36:00 WinXP 151.23.132.248 (-):
INFOSTRADA (IUNET),
IT. n/a DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:37:00 Win2K-f 91.22.253.176 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:39:00 WinXP 91.22.253.176 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:08:41:00 WinXP 117.99.50.54 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
SE:vancouver.dal.net
FI:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
:washington.dc.us.undernet.org
SE:viking.dal.net
:los-angeles.ca.us.undernet.org
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
:gaspode.zanet.org.za
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:08:47:00 WinXP 170.51.117.124 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:47:00 WinXP 170.51.117.124 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:51:00 WinXP 77.37.194.213 (NCNET.RU):
NCN-INFRA,
RU. n/a UA:citi-bank.ru
EU:kidos-bank.ru
US:master-x.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6063a9fbda
NEW none[none] none:none
none|none none none

09:10:00 Win2K-f 200.40.178.187 (ADINET.COM.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:16:00 WinXP 186.12.33.219 (-):
. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 22 of 36 5d07d132e5
NEW none[none] none:none
none|none none none

09:17:00 Win2K-f 190.64.197.169 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:18:00 WinXP 190.64.197.169 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:19:00 Win2K-f 170.51.81.151 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:23:00 WinXP 170.51.81.151 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:29:00 WinXP 151.23.133.114 (-):
INFOSTRADA (IUNET),
IT. 213.239.192.125:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:30:00 Win2K-f 200.40.73.163 (ADINET.COM.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 36 8112030b39
NEW none[none] none:none
none|none none none

T:09:31:00 Win2K-f 151.23.133.114 (-):
INFOSTRADA (IUNET),
IT. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:31:00 Win2K-f 186.12.118.99 (-):
. 115.126.2.121:65520 US:cookie.roltf.ws
:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
4 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:33:00 WinXP 83.91.61.98 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:gaspode.zanet.org.za
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
SE:qis.md.us.dal.net
SE:coins.dal.net
:los-angeles.ca.us.undernet.org
AT:graz.at.eu.undernet.org
SE:ced.dal.net
SE:broadway.ny.us.dal.net
:flanders.be.eu.undernet.org
US:lia.zanet.net
SE:ozbytes.dal.net
NL:diemen.nl.eu.undernet.org
SE:vancouver.dal.net
BE:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:viking.dal.net
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 83959d63ea
[Firefox: 3 hits: 09-15 to 09-25] none[none] none:none
none|none none none

09:41:00 WinXP 217.201.134.6 (-):
TELECOM ITALIA MOBILE,
FIRENZE, TOSCANA, IT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 cdf8cd94a9
[Firefox:13 hits: 09-14 to 09-26] none[none] none:none
none|none none none

09:42:00 WinXP 170.51.110.159 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:42:00 Win2K-f 186.12.22.62 (-):
. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

09:42:00 Win2K-f 151.80.14.211 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

09:44:00 Win2K-f 91.22.241.99 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

09:57:00 WinXP 72.178.22.195 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:57:00 WinXP 123.254.22.153 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:564 hits: 01-01 to 09-26] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:09:58:00 WinXP 190.189.96.71 (NET.AR):
PRIMA S.A,
AR. n/a UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 30d0fc64f8
NEW none[none] none:none
none|none none none

10:08:00 WinXP 89.41.89.160 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2322158770
NEW none[none] none:none
none|none none none

10:14:00 WinXP 186.12.19.109 (-):
. 213.239.192.125:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:10:15:00 Win2K-f 186.12.19.109 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 22 of 36 967893139d
NEW none[none] none:none
none|none none none

10:24:00 WinXP 4.225.169.253 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITNEY, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
89 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33
0 of 33 07fabc79ef
[Firefox:18 hits: 06-19 to 09-26]
53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] 07fabc79ef [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

T:10:24:00 Win2K-f 87.79.83.100 (NETCOLOGNE.DE):
NC-STATIC-IP-POOL,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

10:25:00 Win2K-f 87.79.83.100 (NETCOLOGNE.DE):
NC-STATIC-IP-POOL,
KOELN, NORDRHEIN-WESTFALEN, DE. 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

10:28:00 Win2K-f 91.22.253.221 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:10:29:00 WinXP 222.183.225.82 (163DATA.COM.CN):
CHINANET CHONGQING PROVINCE NETWORK,
CHONGQING, CHONGQING, CN. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

10:34:00 Win2K-f 186.12.62.12 (-):
. 213.239.192.125:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:10:40:00 Win2K-f 186.12.47.83 (-):
. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:43:00 WinXP 83.132.30.197 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
AMADORA, LISBOA, PT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox: 9 hits: 09-14 to 09-23] none[none] none:none
none|none none none

10:44:00 Win2K-f 78.56.203.103 (ZEBRA.LT):
LIETUVOS,
LT. n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:44:00 Win2K-f 78.56.203.103 (ZEBRA.LT):
LIETUVOS,
LT. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:47:00 Win2K-f 4.239.249.234 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITEHALL, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 135 pcap raw alerts
ruleset other
152 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:59:00 WinXP 70.184.216.4 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
115.126.2.121:65520
IL:194.90.224.86:80 135 pcap raw alerts
ruleset http
irc
128 lines Yeah : 1.8
profile none summary
tarball 6 of 36
15 of 36
32 of 36
0 of 33
35 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW
bea8cb1865
[Firefox:17 hits: 08-11 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26]
fac78fde16
[Firefox: 3 hits: 09-13 to 09-20] none[none]
none [none]
none [none]
e07c29c4ae[1]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none|none
none|none
none|none
FSG|
none|none none
none
none
lines=92
none none
none
none
trace
none

T:11:01:00 WinXP 186.12.40.27 (-):
. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 20 of 36 d1a025d62b
NEW none[none] none:none
none|none none none

T:11:14:00 Win2K-f 70.72.141.136 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.124:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:20:00 WinXP 151.33.192.170 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:23:00 WinXP 82.233.229.31 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:23 hits: 09-13 to 09-26] none[none] none:none
none|none none none

T:11:24:00 Win2K-f 4.224.195.178 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.126.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
145 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:24:00 WinXP 82.233.229.31 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:23 hits: 09-13 to 09-26] none[none] none:none
none|none none none

11:26:00 WinXP 151.80.141.149 (38-151.NET24.IT):
IUNET-BNET,
IT. 213.239.192.125:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:28:00 Win2K-f 189.51.226.236 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:11:28:00 WinXP 189.51.226.236 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:11:32:00 Win2K-f 151.80.197.42 (38-151.NET24.IT):
IUNET-BNET,
IT. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:34:00 Win2K-f 151.80.197.42 (38-151.NET24.IT):
IUNET-BNET,
IT. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:39:00 WinXP 88.233.105.16 (TTNET.NET.TR):
TT ADSL-ALCATEL_GAY,
ISTANBUL, ISTANBUL, TR. (DSL) n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
NL:london.uk.eu.undernet.org
:los-angeles.ca.us.undernet.org
US:lia.zanet.net
SE:broadway.ny.us.dal.net
:gaspode.zanet.org.za
SE:viking.dal.net
SE:vancouver.dal.net
SE:coins.dal.net
SE:ced.dal.net
:flanders.be.eu.undernet.org
AT:graz.at.eu.undernet.org
:caen.fr.eu.undernet.org
:lulea.se.eu.undernet.org
NL:diemen.nl.eu.undernet.org
:brussels.be.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 75537c16ed
NEW none[none] none:none
none|none none none

11:47:00 Win2K-f 186.12.106.202 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:47:00 WinXP 186.12.106.202 (-):
. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:48:00 WinXP 92.46.78.37 (IKBCC.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:49:00 WinXP 170.51.174.223 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 51a6d370b6
NEW none[none] none:none
none|none none none

11:53:00 WinXP 76.211.85.237 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
SOUTH FORK, MISSOURI, US. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 e5dd743ec0
NEW none[none] none:none
none|none none none

12:12:00 Win2K-f 99.181.182.173 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:205.128.73.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:38:00 Win2K-f 186.12.126.7 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:41:00 Win2K-f 70.112.102.82 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AUSTIN, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:46:00 Win2K-f 170.51.170.225 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 36 fbe93a8830
NEW none[none] none:none
none|none none none

T:12:53:00 WinXP 190.225.203.122 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 cc263a661d
[Firefox: 5 hits: 09-24 to 09-26] none[none] none:none
none|none none none

12:53:00 Win2K-f 140.239.43.104 (XO.NET):
XO COMMUNICATIONS,
HOPKINTON, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 73ce2b74da
[Firefox:14 hits: 06-18 to 09-23]
79c01ec060
[Firefox:43 hits: 06-18 to 09-26] 73ce2b74da [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:12:55:00 Win2K-f 170.51.123.199 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

12:55:00 WinXP 170.51.123.199 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

12:55:00 WinXP 69.225.202.152 (PACBELL.NET):
PPPOX POOL - RBACK5 IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:12:56:00 Win2K-f 186.12.44.120 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:58:00 Win2K-f 189.48.216.132 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:58:00 Win2K-f 189.48.216.132 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:06:00 WinXP 170.51.164.147 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 36 fbe93a8830
NEW none[none] none:none
none|none none none

T:13:08:00 Win2K-f 58.224.199.235 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 135 pcap raw alerts
ruleset other
68 lines Yeah : 1.3
profile none summary
tarball 23 of 36 7fe9944347
NEW none[none] none:none
none|none none none

13:22:00 Win2K-f 170.51.141.146 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:13:22:00 WinXP 170.51.141.146 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:13:26:00 WinXP 186.12.114.244 (-):
. 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:26:00 WinXP 186.12.114.244 (-):
. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:30:00 Win2K-f 70.169.52.82 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
115.126.2.121:65520
US:8.12.222.126:80 135 pcap raw alerts
ruleset irc
http
132 lines Yeah : 1.8
profile none summary
tarball 6 of 36
15 of 36
34 of 36
28 of 33 464a5bfd5b
NEW
7085b2c2d6
NEW
da00a8e7a1
[Firefox:20 hits: 08-05 to 09-26]
f685f8e027
[Firefox:24 hits: 06-18 to 09-26] none[none]
none [none]
none [none]
f685f8e027[1] none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
Armadillo| none
none
none
lines=82 none
none
none
trace

T:13:32:00 Win2K-f 186.12.14.238 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:175 hits: 05-22 to 09-26] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:48:00 Win2K-f 86.151.196.251 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 115.126.2.121:65520 :proxim.ircgalaxy.pl
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com 445 pcap raw alerts
ruleset irc
http
25 lines Yeah : 0.8
profile none summary
tarball 6 of 36
15 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:59:00 WinXP 92.1.39.55 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a :proxim.ircgalaxy.pl
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com 445 pcap raw alerts
ruleset ftp
irc
http
122 lines Yeah : 0.8
profile none summary
tarball 15 of 36
35 of 36 7085b2c2d6
NEW
b632266bbd
[Firefox: 2 hits: 09-21 to 09-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:04:00 WinXP 98.26.218.88 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:04:00 WinXP 98.26.218.88 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:09:00 WinXP 172.191.161.224 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
164 lines Yeah : 1.3
profile none summary
tarball 29 of 32 bfa18c4273
NEW bfa18c4273 [1] ASM:Graph
Armadillo| lines=82 trace

14:20:00 Win2K-f 68.146.99.214 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:34:00 WinXP 97.65.1.219 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox: 4 hits: 09-17 to 09-22] none[none] none:none
none|none none none

14:38:00 Win2K-f 65.68.19.187 (-):
POPLAR PCS,
JONESBORO, ARKANSAS, US. (100Mbps) 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
115.126.2.121:65520
US:198.78.201.126:80 135 pcap raw alerts
ruleset irc
http
134 lines Yeah : 1.8
profile none summary
tarball 32 of 33
6 of 36
15 of 36
28 of 32 3f0a5b2ebe
[Firefox:19 hits: 06-18 to 09-25]
464a5bfd5b
NEW
7085b2c2d6
NEW
c6bfb5f0f2
[Firefox:19 hits: 06-18 to 09-25] none[4]
none [none]
none [none]
c6bfb5f0f2[1] none:none
none:none
none:none
ASM:Graph
PolyEnE|
none|none
none|none
Armadillo| none
none
none
lines=81 trace
none
none
trace

14:49:00 WinXP 96.15.114.114 (-):
. n/a EU:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:208.73.210.32:80
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:539 hits: 01-01 to 09-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

15:02:00 WinXP 24.174.13.12 (CARRERACOMMUNICATIONS.NET):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:208.73.210.32:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
http
26 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:539 hits: 01-01 to 09-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

15:09:00 Win2K-f 190.16.43.191 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 115.126.2.121:65520 IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
IL:weba.freeprod.com
US:b161.bundlext.com
CA:prime.webhancer.com
US:208.111.148.54:80 445 pcap raw alerts
ruleset irc
http
http
http
316 lines Yeah : 1.3
profile none summary
tarball 6 of 36
22 of 36
15 of 36 464a5bfd5b
NEW
46671c0870
NEW
7085b2c2d6
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:15:11:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.8
profile none summary
tarball 33 of 33 e30fb27bda
[Firefox: 9 hits: 07-07 to 09-20] none[none] none:none
none|none none none

15:11:00 WinXP 92.1.39.55 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a :proxim.ircgalaxy.pl
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com 445 pcap raw alerts
ruleset ftp
irc
http
121 lines Yeah : 0.8
profile none summary
tarball 6 of 36
15 of 36
35 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW
b632266bbd
[Firefox: 2 hits: 09-21 to 09-25] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:15:16:00 WinXP 67.11.54.18 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:19:00 Win2K-f 70.68.186.230 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset irc
http
242 lines Yeah : 1.3
profile none summary
tarball 15 of 36
none
none 7085b2c2d6
NEW
e90f8b883b
[Firefox: 2 hits: 09-22 to 09-26]
f0e937602b
[Firefox: 2 hits: 09-22 to 09-26] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

15:22:00 WinXP 172.130.155.98 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
236 lines Yeah : 1.3
profile none summary
tarball 33 of 36 703944cf7c
[Firefox: 2 hits: 08-19 to 08-21] none[none] none:none
none|none none none

T:15:25:00 WinXP 66.184.20.9 (LDMI.COM):
TALK AMERICA,
RESTON, VIRGINIA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
IL:194.90.224.86:80
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset irc
http
146 lines Yeah : 1.8
profile none summary
tarball 6 of 36
15 of 36
32 of 36
35 of 36 464a5bfd5b
NEW
7085b2c2d6
NEW
d37d58322a
[Firefox: 2 hits: 09-15 to 09-21]
f4a5378d44
[Firefox: 2 hits: 09-15 to 09-21] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

15:27:00 WinXP 77.21.185.243 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
SE:ced.dal.net
SE:coins.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bfec7d0b0b
[Firefox:12 hits: 08-06 to 08-29] none[none] none:none
none|none none none

15:34:00 Win2K-f 76.10.3.121 (-):
VILLAGE AT BLUE GRASS,
SAGINAW, MICHIGAN, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26]
b5919931fe
[Firefox:661 hits: 06-20 to 09-26] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

15:37:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:38:00 Win2K-f 209.252.105.240 (MCLEODUSA.NET):
MDI ACCESS,
ROCHESTER, MINNESOTA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26]
b5919931fe
[Firefox:661 hits: 06-20 to 09-26] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

15:54:00 Win2K-f 209.252.105.240 (MCLEODUSA.NET):
MDI ACCESS,
ROCHESTER, MINNESOTA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.42.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:55:00 WinXP 190.137.253.109 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:07:00 WinXP 190.225.239.52 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:16:14:00 WinXP 70.70.51.27 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 0.8
profile none summary
tarball none 13003605cc
[Firefox: 2 hits: 09-15 to 09-26] none[none] none:none
none|none none none

16:15:00 WinXP 70.70.51.27 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 0.8
profile none summary
tarball none 13003605cc
[Firefox: 2 hits: 09-15 to 09-26] none[none] none:none
none|none none none

T:16:41:00 WinXP 98.132.164.131 (-):
ALLTEL SIP CUSTOMERS - CHARLOTTE,
MATTHEWS, NORTH CAROLINA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox: 9 hits: 09-14 to 09-23] none[none] none:none
none|none none none

16:58:00 WinXP 218.211.220.132 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 135 pcap raw alerts
ruleset other
394 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 35 3db2c812c0
[Firefox: 6 hits: 07-23 to 09-26]
797fdec34a
[Firefox: 6 hits: 07-23 to 09-26] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:17:00 WinXP 41.214.177.152 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1162 hits: 12-31 to 09-26] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

17:20:00 WinXP 121.84.159.38 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:141 hits: 01-08 to 09-26] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

17:33:00 WinXP 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
57ce4acac2
[Firefox:206 hits: 06-17 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

17:36:00 WinXP 96.15.112.73 (-):
. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 35 of 36 93d35be1d1
NEW none[none] none:none
none|none none none

T:17:36:00 WinXP 96.15.112.73 (-):
. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 93d35be1d1
NEW none[none] none:none
none|none none none

17:42:00 WinXP 67.150.53.68 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:50:00 Win2K-f 71.113.60.107 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
KIRKLAND, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.73.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:52:00 Win2K-f 76.213.151.176 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:12:00 WinXP 85.84.74.138 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
ES. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 92010e1c85
[Firefox: 3 hits: 09-19 to 09-22] none[none] none:none
none|none none none

18:17:00 WinXP 200.175.122.10 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:137 hits: 01-01 to 09-26] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

18:26:00 WinXP 58.98.135.73 (WAKWAK.NE.JP):
XEPHION(NTT-ME CORPORATION),
JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:405 hits: 01-05 to 09-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

18:39:00 WinXP 4.89.133.135 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WOLCOTTVILLE, INDIANA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:120 hits: 01-03 to 09-26] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:18:39:00 WinXP 4.89.133.135 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WOLCOTTVILLE, INDIANA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:120 hits: 01-03 to 09-26] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

18:44:00 WinXP 66.245.221.150 (DSLEXTREME.COM):
DSL EXTREME,
SAN JOSE, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:405 hits: 01-05 to 09-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

18:50:00 WinXP 76.78.49.236 (APOGEENET.NET):
APOGEE TELECOM INC,
AUSTIN, TEXAS, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 2d6c8c447f
[Firefox: 6 hits: 09-16 to 09-24] none[none] none:none
none|none none none

T:18:54:00 WinXP 85.87.233.87 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 36 ff81f71b01
NEW none[none] none:none
none|none none none

T:19:07:00 WinXP 4.244.186.226 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
UNION, MISSOURI, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox: 4 hits: 09-17 to 09-22] none[none] none:none
none|none none none

T:19:24:00 WinXP 4.154.239.70 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MARLBOROUGH, MASSACHUSETTS, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:630 hits: 12-31 to 09-26] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:19:30:00 WinXP 218.211.222.171 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

19:44:00 WinXP 218.211.222.171 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:48:00 WinXP 213.22.58.196 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 31 of 32 22999be88c
[Firefox:22 hits: 04-05 to 09-25] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

19:58:00 WinXP 85.204.99.149 (TEST.RO):
SC IQ-NET SRL,
BAIA MARE, MARAMURES, RO. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 5ed9c4adac
[Firefox: 2 hits: 09-25 to 09-26] none[none] none:none
none|none none none

20:03:00 Win2K-f 68.126.240.192 (PACBELL.NET):
PPPOX POOL - RBACK4 IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:24:00 WinXP 98.105.74.204 (-):
. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f353d4eed9
[Firefox:20 hits: 09-17 to 09-26] none[none] none:none
none|none none none

T:20:27:00 Win2K-f 220.130.194.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 57ce4acac2
[Firefox:206 hits: 06-17 to 09-26]
83f26f5044
[Firefox:20 hits: 06-20 to 08-20] 57ce4acac2 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:20:37:00 Win2K-f 71.129.62.186 (PACBELL.NET):
RBACK17.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
b7082104e4
[Firefox:149 hits: 06-18 to 09-25] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

20:40:00 WinXP 4.124.21.220 (CORE.COM):
LEVEL 3 COMMUNICATIONS INC,
CLEVELAND, OHIO, US. (DIAL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 9373130c42
[Firefox:32 hits: 01-24 to 08-01] 0945dbe41c [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:48:00 WinXP 208.126.28.103 (NETINS.NET):
FARMERS MUTUAL TELEPHONE CO JESUP,
JESUP, IOWA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.52:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:00:00 Win2K-f 218.50.159.212 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
US:b157.bundlext.com
:www.speed-runner.com
US:208.111.148.219:80
US:208.111.148.226:80
67.55.107.36:80 135 pcap raw alerts
ruleset irc
http
139 lines Yeah : 1.8
profile none summary
tarball 34 of 36
31 of 33
6 of 36
15 of 36 14d64882da
NEW
1509c8d024
[Firefox:31 hits: 06-17 to 09-23]
464a5bfd5b
NEW
7085b2c2d6
NEW none[none]
none [4]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
tElock|
none|none
none|none none
none
none
none none
trace
none
none

T:21:18:00 WinXP 4.247.122.182 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:431 hits: 12-31 to 09-26] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:21:20:00 Win2K-f 218.166.214.240 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 115.126.2.121:65520 :proxima.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b158.bundlext.com
:randomnewnames.com
:akmainsystech.com
:weeweewee.net
76.9.9.190:80 445 pcap raw alerts
ruleset irc
http
43 lines Yeah : 1.3
profile none summary
tarball 0 of 36
17 of 36
2 of 36
15 of 36
2 of 36
0 of 36 02c742e0ea
NEW
2e6dd69a78
NEW
814e19aeb3
NEW
91dc355a93
[Firefox:16 hits: 09-25 to 09-26]
b21ba08b9a
NEW
d9ac68f184
[Firefox: 3 hits: 09-25 to 09-26] none[none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none none
none
none
none
none
none

T:21:33:00 WinXP 122.26.105.55 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:405 hits: 01-05 to 09-26] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:36:00 WinXP 220.129.167.176 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4b2541d5f7
[Firefox: 9 hits: 08-19 to 09-24] none[none] none:none
none|none none none

T:21:36:00 WinXP 220.129.167.176 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:43:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:45:00 WinXP 24.86.243.14 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:47:00 Win2K-f 70.69.163.184 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
ABBOTSFORD, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 73f1082158
[Firefox:1243 hits: 06-18 to 09-26]
79c01ec060
[Firefox:43 hits: 06-18 to 09-26] 73f1082158 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:22:05:00 WinXP 211.128.174.189 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:120 hits: 01-03 to 09-26] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

22:30:00 Win2K-f 58.232.220.215 (-):
THRUNET-INFRA-BUSAN06,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
620 lines Yeah : 1.8
profile none summary
tarball 27 of 33
15 of 36
0 of 32
0 of 36
0 of 36
31 of 33
16 of 36 1951eee0cd
[Firefox: 9 hits: 06-18 to 09-24]
91dc355a93
[Firefox:16 hits: 09-25 to 09-26]
b5919931fe
[Firefox:661 hits: 06-20 to 09-26]
cc2f861b1c
[Firefox: 2 hits: 09-25 to 09-26]
d9ac68f184
[Firefox: 3 hits: 09-25 to 09-26]
e5e0dbde57
[Firefox: 9 hits: 06-18 to 09-24]
ec40802c4d
NEW 1951eee0cd [1]
none [none]
b5919931fe[1]
none [none]
none [none]
none [4]
none [none] ASM:Graph
none:none
ASM:Graph
none:none
none:none
none:none
none:none
Armadillo|
none|none
ASProtect|
none|none
none|none
tElock|
none|none lines=82
none
lines=90
none
none
none
none trace
none
trace
none
none
trace
none

22:33:00 Win2K-f 58.226.37.216 (HANANET.NET):
HANARO TELECOM INC,
KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:wrsavn.flutix.com
IL:bugreport.waverevenue.com
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:b152.bundlext.com
US:dl.targetsaver.com
US:a.targetsaver.com
US:208.111.173.53:80
US:216.133.246.149:80
US:216.133.246.157:80 135 pcap raw alerts
ruleset irc
http
http
http
http
130 lines Yeah : 1.8
profile none summary
tarball 31 of 33
6 of 36
0 of 33
19 of 36
15 of 36
0 of 32 168aab35a3
[Firefox:142 hits: 06-17 to 09-26]
464a5bfd5b
NEW
4c3df24b32
[Firefox:197 hits: 06-17 to 09-26]
500f073bbc
NEW
7085b2c2d6
NEW
b5919931fe
[Firefox:661 hits: 06-20 to 09-26] none[4]
none [none]
4c3df24b32[1]
none [none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
tElock|
none|none
Armadillo|
none|none
none|none
ASProtect| none
none
lines=81
none
none
lines=90 trace
none
trace
none
none
trace

T:22:51:00 WinXP 75.33.74.107 (SBCGLOBAL.NET):
PPPOX POOL - RBACK7 BCVLOH,
CLEVELAND, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:22:52:00 WinXP 70.233.230.28 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2 OKCYOK 070704,
EDMOND, OKLAHOMA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
a08f3b74a4
[Firefox:884 hits: 06-18 to 09-26]
e07c29c4ae
[Firefox:507 hits: 06-19 to 09-26] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

22:54:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:58:00 Win2K-f 72.139.125.220 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:205.128.73.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:08:00 Win2K-f 60.250.247.204 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
57ce4acac2
[Firefox:206 hits: 06-17 to 09-26] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:08:00 Win2K-f 218.211.217.215 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:2512 hits: 06-17 to 09-26]
73f1082158
[Firefox:1243 hits: 06-18 to 09-26] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:22:00 Win2K-f 192.160.7.142 (ALCATEL.COM):
ALCATEL NETWORK SERVICES,
PLANO, TEXAS, US. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:199.93.44.126:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
none 168aab35a3
[Firefox:142 hits: 06-17 to 09-26]
bba5ec5f4d
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

23:24:00 Win2K-f 71.126.58.160 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WORCESTER, MASSACHUSETTS, US. n/a :proxima.ircgalaxy.pl
IL:wrsavn.kastora.com
US:dl2.bundlext.com
US:csx.adservs.com
US:b104.bundlext.com
US:microsoft.com
US:download.microsoft.com
:b128.mcboo.com
115.126.2.121:65520
US:205.128.73.126:80
US:206.33.45.125:80 445 pcap raw alerts
ruleset http
7 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:28:00 Win2K-f 75.138.115.103 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.73.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 30 of 35
33 of 36 18369c36f5
[Firefox: 3 hits: 09-24 to 09-25]
e1cf89c22d
[Firefox: 3 hits: 09-24 to 09-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

23:41:00 WinXP 118.110.101.104 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:564 hits: 01-01 to 09-26] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

23:42:00 WinXP 81.12.54.74 (-):
FARHANG AZMA COMMUNICATIONS,
TEHRAN, TEHRAN, IR. n/a DE:siliconfireware.ru
UA:vit.ln.ua
:baner.vit
DE:ebookfinaltrash.ru
US:searchportal.information.com
:wpad
US:208.73.210.32:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
17 lines Yeah : 0.8
profile none summary
tarball 30 of 32 7dd1fe2970
[Firefox:19 hits: 02-03 to 09-17] dcc673c815 [0] ASM:Graph
ASPack| lines=374
embedded dns trace