Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

22 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:36:00 Win2K-f 122.146.226.155 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
255 lines Yeah : 1.3
profile none summary
tarball 32 of 36
0 of 32
34 of 36 23b8303ff2
NEW
b5919931fe
[Firefox:880 hits: 06-20 to 10-21]
c2a32d549b
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

00:38:00 WinXP 208.100.195.156 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 f75c383301
NEW none[none] none:none
none|none none none

T:00:46:00 WinXP 83.12.132.228 (TPNET.PL):
CUSTOMER-IDSL,
PL. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:01:06:00 Win2K-f 118.216.47.41 (-):
. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset irc
116 lines Yeah : 1.8
profile none summary
tarball 30 of 32
30 of 32 475d9a7753
[Firefox: 9 hits: 06-22 to 10-09]
e9a7fa27d5
[Firefox: 9 hits: 06-22 to 10-09] none[4]
e9a7fa27d5[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:01:07:00 Win2K-f 98.174.0.4 (-):
. n/a 135 pcap raw alerts
ruleset other
53 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:1621 hits: 06-18 to 10-21] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

01:07:00 WinXP 82.247.35.211 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:769 hits: 12-31 to 10-21] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:01:20:00 WinXP 117.97.7.246 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 428ae15458
[Firefox: 2 hits: 10-14 to 10-14] none[none] none:none
none|none none none

01:27:00 WinXP 96.52.187.104 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.247:80 135 pcap raw alerts
ruleset irc
128 lines Yeah : 1.3
profile none summary
tarball 34 of 36
27 of 32 b4397cd867
[Firefox: 2 hits: 09-14 to 09-25]
b455f223d6
[Firefox: 3 hits: 06-20 to 09-25] none[none]
b455f223d6[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=81 none
trace

T:01:40:00 WinXP 71.36.10.251 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
BOISE, IDAHO, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:01:44:00 WinXP 165.29.122.25 (AR.US):
ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK,
MONTICELLO, ARKANSAS, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

01:48:00 WinXP 121.73.119.182 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
349 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 33 7f89b38665
[Firefox:28 hits: 08-02 to 10-21]
a51a50404e
[Firefox:28 hits: 08-02 to 10-21]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

01:58:00 Win2K-f 196.208.70.123 (TELKOM-IPNET.CO.ZA):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:00:00 WinXP 66.153.180.33 (SCCOAST.NET):
HTC COMMUNICATIONS LLC,
CONWAY, SOUTH CAROLINA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 135 pcap raw alerts
ruleset http
126 lines Yeah : 1.3
profile none summary
tarball 34 of 36
0 of 33
34 of 36 8000ef2da0
NEW
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21]
fe125e6415
NEW none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

02:12:00 Win2K-f 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:198.78.201.126:80
US:206.33.45.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset irc
124 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33 87e1117f2a
[Firefox:18 hits: 07-18 to 10-21]
b4fe4581c3
[Firefox:18 hits: 07-18 to 10-21] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:16:00 WinXP 82.207.39.172 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
UA. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox: 2 hits: 10-14 to 10-14] none[none] none:none
none|none none none

02:18:00 Win2K-f 123.213.254.114 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset irc
http
106 lines Yeah : 1.8
profile none summary
tarball 31 of 33
29 of 32
0 of 32 168aab35a3
[Firefox:170 hits: 06-17 to 10-20]
61426996c3
[Firefox:13 hits: 06-20 to 10-11]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
61426996c3[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=82
lines=90 trace
trace
trace

T:02:18:00 Win2K-f 123.213.254.114 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
irc
113 lines Yeah : 1.8
profile none summary
tarball 31 of 33
29 of 32
0 of 32 168aab35a3
[Firefox:170 hits: 06-17 to 10-20]
61426996c3
[Firefox:13 hits: 06-20 to 10-11]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
61426996c3[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=82
lines=90 trace
trace
trace

02:31:00 Win2K-f 208.100.230.154 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset irc
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:33:00 WinXP 70.64.159.163 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 fa97468a59
NEW none[none] none:none
none|none none none

02:35:00 Win2K-f 70.64.159.163 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.37.123:80 445 pcap raw alerts
ruleset irc
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:35:00 WinXP 70.183.161.118 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.37.123:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:18:00 WinXP 217.185.113.172 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
NüRNBERG, BAYERN, DE. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

03:26:00 WinXP 89.40.72.142 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
RO. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 8eb6340f6e
NEW none[none] none:none
none|none none none

T:03:28:00 Win2K-f 71.107.77.176 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

03:34:00 Win2K-f 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:03:40:00 WinXP 87.110.205.148 (-):
NETWORK OF SIA TECHNONET,
RIGA, RIGA, LV. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 75e61b8c41
NEW none[none] none:none
none|none none none

T:03:54:00 WinXP 151.118.212.72 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:199.93.41.126:80
US:8.12.202.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset irc
144 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 32 7f66e51c85
[Firefox:15 hits: 07-11 to 10-20]
9d12fe9d3b
[Firefox:16 hits: 07-11 to 10-20] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

03:59:00 WinXP 220.209.196.110 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 23 of 32 48bb2e4866
NEW none[none] none:none
none|none none none

T:04:17:00 WinXP 96.48.149.231 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:80 135 pcap raw alerts
ruleset irc
http
1032 lines Yeah : 1.3
profile none summary
tarball 34 of 36
27 of 32
0 of 33 b4397cd867
[Firefox: 2 hits: 09-14 to 09-25]
b455f223d6
[Firefox: 3 hits: 06-20 to 09-25]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
b455f223d6[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
none|none
Armadillo|
FSG| none
lines=81
lines=92 none
trace
trace

T:04:19:00 WinXP 219.97.168.222 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:490 hits: 01-05 to 10-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

04:30:00 Win2K-f 24.79.209.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:41 hits: 06-20 to 10-05]
e5c7bce70e
[Firefox:39 hits: 06-20 to 10-03] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:34:00 WinXP 82.240.4.113 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 22a60578a9
NEW none[none] none:none
none|none none none

04:35:00 Win2K-f 24.76.172.201 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 0115338c8b
[Firefox:19 hits: 09-12 to 10-21]
321f4fc27d
[Firefox:19 hits: 09-12 to 10-21] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:39:00 WinXP 77.37.135.220 (NCNET.RU):
NCN-INFRA,
RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 2d6c8c447f
[Firefox:23 hits: 09-16 to 10-21] none[none] none:none
none|none none none

T:04:39:00 WinXP 208.22.9.137 (-):
AAFES/BARRACKS,
VIRGINIA BEACH, VIRGINIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 01-03 to 10-21] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:43:00 Win2K-f 172.130.174.165 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
117 lines Yeah : 1.3
profile none summary
tarball 30 of 33
0 of 32
29 of 33 3373948767
[Firefox:32 hits: 07-03 to 10-10]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21]
c73f738c30
[Firefox:32 hits: 07-03 to 10-10] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

T:05:02:00 WinXP 207.5.188.178 (GWI.NET):
GREAT WORKS INTERNET,
SHAPLEIGH, MAINE, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:8.12.202.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:13:00 WinXP 61.224.134.20 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 17820f0d69
NEW none[none] none:none
none|none none none

05:14:00 WinXP 124.86.218.149 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:05:20:00 WinXP 118.86.72.36 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 32 of 36
0 of 33
34 of 36 0b951c2832
[Firefox: 6 hits: 08-19 to 10-12]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21]
e4ed4df0f0
[Firefox: 6 hits: 08-19 to 10-12] none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

T:05:21:00 WinXP 83.29.99.138 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

05:23:00 WinXP 189.67.226.222 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 01-03 to 10-21] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

05:54:00 WinXP 78.156.217.225 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

05:55:00 WinXP 97.89.116.151 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:142 hits: 01-01 to 10-15] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

06:02:00 Win2K-f 61.253.223.126 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 018066960e
NEW none[none] none:none
none|none none none

06:02:00 Win2K-f 218.191.92.37 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 114d93b412
NEW none[none] none:none
none|none none none

T:06:02:00 WinXP 211.186.232.4 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 3 hits: 09-26 to 09-26] none[none] none:none
none|none none none

06:03:00 WinXP 211.208.198.177 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
NEW none[none] none:none
none|none none none

T:06:03:00 Win2K-f 89.137.58.116 (UPCNET.RO):
ASTRAL-UPC ROMAN,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 35 ddb8dcfe6a
NEW none[none] none:none
none|none none none

T:06:04:00 WinXP 116.120.8.30 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:06:04:00 WinXP 85.107.144.60 (TTNET.NET.TR):
PROVIDER LOCAL REGISTRY,
ISTANBUL, ISTANBUL, TR. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
NEW none[none] none:none
none|none none none

06:04:00 WinXP 119.149.120.63 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 000e599b02
NEW none[none] none:none
none|none none none

06:09:00 WinXP 84.112.127.64 (SURFER.AT):
PROVIDER LOCAL REGISTRY,
VIENNA, WIEN, AT. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox: 3 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:06:10:00 Win2K-f 123.18.38.171 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 27 of 36 895fc368ac
NEW none[none] none:none
none|none none none

T:06:10:00 Win2K-f 211.213.162.134 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 3 hits: 09-26 to 10-21] none[none] none:none
none|none none none

T:06:15:00 WinXP 58.122.200.133 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox: 8 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:06:16:00 WinXP 151.54.125.59 (38-151.NET24.IT):
IUNET-BNET,
VENICE, VENETO, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 18c7040ea0
[Firefox: 6 hits: 09-15 to 10-20] none[none] none:none
none|none none none

06:25:00 Win2K-f 89.137.183.238 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
NEW none[none] none:none
none|none none none

06:25:00 Win2K-f 89.136.16.81 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 e7801a316b
NEW none[none] none:none
none|none none none

06:33:00 WinXP 211.177.143.183 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox: 5 hits: 08-01 to 09-26] none[none] none:none
none|none none none

T:06:38:00 Win2K-f 218.167.248.183 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:06:39:00 Win2K-f 211.108.9.111 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 3eeb212cb1
NEW none[none] none:none
none|none none none

06:39:00 Win2K-f 86.105.21.205 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

06:40:00 Win2K-f 211.207.45.167 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

06:43:00 WinXP 89.137.194.34 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ca172c3868
NEW none[none] none:none
none|none none none

T:06:48:00 WinXP 117.58.141.241 (-):
TAEGU CABLE NETWORK CO. LTD,
TAEGU, KYONGSANG-BUKTO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 4054b98033
NEW none[none] none:none
none|none none none

06:49:00 Win2K-f 116.127.5.7 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 54611d6722
NEW none[none] none:none
none|none none none

06:50:00 WinXP 211.187.25.131 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 24 of 35 a94f8fd4c2
[Firefox:15 hits: 07-29 to 09-26] none[none] none:none
none|none none none

06:54:00 WinXP 221.126.224.96 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:56:00 WinXP 221.138.197.76 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ca172c3868
NEW none[none] none:none
none|none none none

T:07:03:00 Win2K-f 77.28.41.212 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:07:07:00 WinXP 211.187.104.196 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox: 5 hits: 08-01 to 09-26] none[none] none:none
none|none none none

07:14:00 WinXP 123.18.38.171 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 27 of 36 895fc368ac
NEW none[none] none:none
none|none none none

T:07:15:00 Win2K-f 82.242.16.80 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

07:15:00 Win2K-f 84.43.36.80 (ONETEL.NET.UK):
ONETEL DSL PIPE ALLOCATIONS,
LONDON, ENGLAND, UK. (DIAL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
NEW none[none] none:none
none|none none none

07:19:00 WinXP 211.189.198.4 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:07:19:00 Win2K-f 218.51.14.188 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 49c4551858
NEW none[none] none:none
none|none none none

T:07:20:00 WinXP 75.177.14.196 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENSBORO, NORTH CAROLINA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:22:00 WinXP 82.241.62.140 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
:makemegood24.com
:50cd8.makemegood24.com
:aaakemegood24.com
:perfectchoice1.com
:560d4.perfectchoice1.com
:bparfectchoice1.com
DE:cash-ddt.net
DE:5b453.cash-ddt.net
:ccaah-ddt.net
:ddr-cash.net
:65372.ddr-cash.net
:dddracash.net
:trn-cash.net
:6ae53.trn-cash.net
:etrn-aash.net
:money-frn.net
:6c064.money-frn.net
:fmoneyafrn.net
:clr-cash.net
:71cad.clr-cash.net
:galr-cash.net
:xxxl-cash.net
:777ed.xxxl-cash.net
:hxaxl-cash.net
:www.kjwre77638dfqwieuoi.info
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 e850bbe374
NEW none[none] none:none
none|none none none

07:27:00 Win2K-f 88.31.212.45 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox: 8 hits: 09-26 to 10-21] none[none] none:none
none|none none none

07:29:00 Win2K-f 121.53.16.168 (-):
DREAMX,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox: 8 hits: 08-15 to 10-21] none[none] none:none
none|none none none

07:33:00 WinXP 221.124.42.74 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 3 hits: 09-26 to 09-26] none[none] none:none
none|none none none

T:07:44:00 WinXP 79.163.160.198 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 2 hits: 10-21 to 10-21] none[none] none:none
none|none none none

07:45:00 Win2K-f 88.173.232.224 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

T:07:47:00 WinXP 58.233.200.77 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:50:00 WinXP 86.106.51.155 (UPCNET.RO):
SC UPC ROMANIA SA,
CLUJ-NAPOCA, CLUJ, RO. n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
US:lia.zanet.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 2785aaadc6
NEW none[none] none:none
none|none none none

T:07:51:00 WinXP 83.143.116.46 (BSN.NO):
BSN NYDALEN STUDENT NETWORK,
NYDALEN, OSLO, NO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

07:52:00 WinXP 218.51.14.188 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 36 49c4551858
NEW none[none] none:none
none|none none none

07:56:00 Win2K-f 58.126.18.143 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 99797e2b75
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:07:57:00 Win2K-f 222.232.221.70 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 c24cc6acf2
NEW none[none] none:none
none|none none none

07:59:00 WinXP 4.154.42.100 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NASHVILLE, TENNESSEE, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:02:00 Win2K-f 80.82.94.232 (-):
JOINT STOCK COMPANY INFONET,
RU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

08:07:00 Win2K-f 60.56.60.51 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:11 hits: 07-29 to 10-20] none[none] none:none
none|none none none

08:10:00 WinXP 89.137.109.68 (-):
ASTRAL CLUJ-NAPOCA DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
NEW none[none] none:none
none|none none none

T:08:10:00 WinXP 218.48.148.112 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox: 7 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:08:12:00 WinXP 218.51.53.219 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 72c08ed557
NEW none[none] none:none
none|none none none

T:08:14:00 WinXP 211.33.50.35 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:12 hits: 08-15 to 10-21] none[none] none:none
none|none none none

08:15:00 WinXP 58.77.97.100 (-):
POW-HFC-KANGNAM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxima.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5a0e0370ce
NEW none[none] none:none
none|none none none

08:21:00 Win2K-f 221.124.153.40 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
NEW none[none] none:none
none|none none none

T:08:28:00 WinXP 88.173.235.156 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

08:30:00 WinXP 121.6.125.90 (SINGNET.COM.SG):
SINGNET PTE LTD,
QUEENSTOWN, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 d64290d3d5
NEW none[none] none:none
none|none none none

08:33:00 Win2K-f 218.191.130.205 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 edd41bea6e
NEW none[none] none:none
none|none none none

T:08:36:00 WinXP 86.52.135.138 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
TAASTRUP, VESTSJALLAND, DK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:12 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:08:39:00 Win2K-f 211.207.45.167 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:08:39:00 Win2K-f 83.215.26.75 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:42:00 WinXP 71.113.167.57 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BLOOMINGTON, ILLINOIS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.201.126:80
US:199.93.44.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:08:45:00 WinXP 58.126.18.143 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 32 of 36 99797e2b75
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

08:51:00 Win2K-f 212.10.115.163 (REV.STOFANET.DK):
TELIA STOFA A/S,
COPENHAGEN, COPENHAGEN, DK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 31 of 36 7fc1b1c246
NEW none[none] none:none
none|none none none

T:08:52:00 WinXP 201.253.145.70 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
8 lines Yeah : 1.3
profile none summary
tarball 34 of 36 58716ff889
NEW none[none] none:none
none|none none none

T:08:54:00 Win2K-f 82.194.151.176 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

08:55:00 WinXP 86.52.135.138 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
TAASTRUP, VESTSJALLAND, DK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox: 7 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:09:00:00 Win2K-f 61.105.125.161 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

09:02:00 WinXP 219.99.114.19 (YOURNET.NE.JP):
FREEBIT CO. LTD,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:490 hits: 01-05 to 10-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

09:10:00 WinXP 79.163.172.203 (-):
IDEA,
PL. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 2 hits: 10-21 to 10-21] none[none] none:none
none|none none none

09:11:00 Win2K-f 61.105.125.161 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

09:12:00 WinXP 202.40.179.22 (RANKSITT.NET):
INTERNET AND WAN SERVICE PROVIDER,
DHAKA, DHAKA, BD. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
102 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:09:12:00 WinXP 62.178.32.56 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox: 8 hits: 08-15 to 10-21] none[none] none:none
none|none none none

09:15:00 Win2K-f 58.233.18.182 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 5 hits: 09-26 to 10-21] none[none] none:none
none|none none none

T:09:21:00 WinXP 124.100.194.211 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:490 hits: 01-05 to 10-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:09:22:00 Win2K-f 78.155.142.34 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 99797e2b75
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

09:28:00 Win2K-f 211.20.96.142 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
572 lines Yeah : 1.3
profile none summary
tarball 33 of 36
34 of 36 55d816f3e9
[Firefox: 5 hits: 09-20 to 10-13]
84a24d85f7
[Firefox: 5 hits: 09-20 to 10-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:09:30:00 Win2K-f 88.173.232.224 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

09:37:00 WinXP 117.99.42.108 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 2d6c8c447f
[Firefox:23 hits: 09-16 to 10-21] none[none] none:none
none|none none none

T:09:43:00 WinXP 83.195.233.97 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 89e894a838
NEW none[none] none:none
none|none none none

09:43:00 WinXP 89.49.83.66 (PPPOOL.DE):
FREENET CITYLINE GMBH,
STUTTGART, BADEN-WURTTEMBERG, DE. (DIAL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox: 5 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:09:52:00 Win2K-f 211.189.198.4 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

09:58:00 Win2K-f 79.78.231.248 (AS9105.COM):
TELINCO,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
NEW none[none] none:none
none|none none none

09:59:00 WinXP 62.178.32.56 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox: 8 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:10:03:00 WinXP 24.79.85.118 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2e09ccc0c3
NEW none[none] none:none
none|none none none

T:10:12:00 Win2K-f 218.238.165.254 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

10:31:00 Win2K-f 125.224.228.72 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:10:44:00 WinXP 85.186.126.154 (ASTRAL.RO):
ASTRAL-BR-AIPA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

T:10:57:00 WinXP 86.105.49.85 (-):
SC MARTE SOLUTIONS SRL,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox: 5 hits: 08-01 to 09-26] none[none] none:none
none|none none none

T:11:03:00 Win2K-f 221.124.49.42 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 3 hits: 09-26 to 09-26] none[none] none:none
none|none none none

11:08:00 Win2K-f 83.143.116.46 (BSN.NO):
BSN NYDALEN STUDENT NETWORK,
NYDALEN, OSLO, NO. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:11:14:00 WinXP 68.147.151.75 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 31 of 36
33 of 36
0 of 33 7ae9a33e68
NEW
9eb1d09f7c
NEW
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:11:24:00 WinXP 85.67.101.174 (-):
FIBERNET,
HU. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

11:29:00 WinXP 76.173.240.235 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f502585714
[Firefox:47 hits: 01-02 to 10-20] ae590430c5 [0] ASM:Graph
PolyEnE| lines=63 trace

11:39:00 WinXP 218.48.148.112 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox: 7 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:11:40:00 WinXP 89.246.49.144 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
KALTENKIRCHEN, SCHLESWIG-HOLSTEIN, DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 20c8b5e19f
NEW none[none] none:none
none|none none none

T:11:46:00 Win2K-f 58.226.18.79 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:46:00 Win2K-f 68.146.106.186 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 34 of 36
0 of 32
22 of 36 1eacab1cc9
[Firefox: 3 hits: 09-28 to 10-15]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21]
d43f7bdb88
[Firefox: 3 hits: 09-28 to 10-15] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

11:55:00 WinXP 88.170.176.41 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bf9f26628c
NEW none[none] none:none
none|none none none

T:11:56:00 WinXP 217.201.91.16 (-):
TELECOM ITALIA MOBILE,
IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:32 hits: 09-17 to 10-21] none[none] none:none
none|none none none

T:12:03:00 WinXP 89.136.88.38 (-):
ASTRAL MIERCUREA CIUC DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
NEW none[none] none:none
none|none none none

12:04:00 Win2K-f 221.124.33.172 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:05:00 Win2K-f 98.140.228.220 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:06:00 WinXP 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
57ce4acac2
[Firefox:284 hits: 06-17 to 10-21] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:11:00 WinXP 4.152.222.50 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
RICHMOND, VIRGINIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

12:18:00 WinXP 125.4.209.71 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. n/a 135 pcap raw alerts
ruleset other
279 lines Yeah : 1.3
profile none summary
tarball 33 of 36 b6c32a3cef
NEW none[none] none:none
none|none none none

12:25:00 WinXP 190.30.205.95 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:769 hits: 12-31 to 10-21] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:12:26:00 WinXP 190.30.205.95 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a RU:moscow-advokat.ru
SE:viking.dal.net
:washington.dc.us.undernet.org
SE:coins.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:769 hits: 12-31 to 10-21] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:30:00 Win2K-f 86.105.215.151 (XANDRANET.RO):
SC XANDRA SOLUTIONS SRL,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox: 5 hits: 08-01 to 09-26] none[none] none:none
none|none none none

T:12:32:00 WinXP 88.246.42.11 (TTNET.NET.TR):
TT ADSL-METEKSAN DINAMIK_ACI,
IZMIR, IZMIR, TR. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:16 hits: 07-29 to 10-21] none[none] none:none
none|none none none

12:34:00 Win2K-f 172.130.174.165 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
0 of 32
29 of 33 3373948767
[Firefox:32 hits: 07-03 to 10-10]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21]
c73f738c30
[Firefox:32 hits: 07-03 to 10-10] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

12:38:00 WinXP 24.85.166.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 121b9db36f
NEW none[none] none:none
none|none none none

T:12:40:00 WinXP 93.102.47.182 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 32 6f89425f8a
[Firefox:14 hits: 02-08 to 05-13] 6480c2f949 [0] ASM:Graph
PolyEnE| lines=73 trace

T:12:46:00 Win2K-f 4.180.96.204 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TULSA, OKLAHOMA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:51:00 WinXP 86.97.174.76 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
ABU DHABI, ABU DHABI, AE. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

12:56:00 Win2K-f 88.173.235.156 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

T:13:01:00 WinXP 88.222.181.174 (-):
KAUNAS MEGANET AREA16 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox: 5 hits: 08-01 to 09-26] none[none] none:none
none|none none none

13:01:00 Win2K-f 4.225.139.144 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAWRENCEBURG, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

13:04:00 WinXP 81.84.223.224 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
AMADORA, LISBOA, PT. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
:lulea.se.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:21 hits: 10-08 to 10-21] none[none] none:none
none|none none none

13:10:00 WinXP 85.85.59.9 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7098b3eebf
NEW none[none] none:none
none|none none none

T:13:12:00 WinXP 218.191.195.19 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 25 of 36 114d93b412
NEW none[none] none:none
none|none none none

13:16:00 WinXP 70.68.102.241 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:80
US:208.111.173.47:80 135 pcap raw alerts
ruleset http
irc
1027 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36
0 of 33 6ea2758c07
[Firefox: 4 hits: 10-07 to 10-17]
d4406c307b
[Firefox: 4 hits: 10-07 to 10-17]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:13:23:00 WinXP 24.161.196.125 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BAKERSFIELD, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

13:28:00 WinXP 86.55.82.31 (OPTINET.RO):
SC OPTINET SRL,
RO. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 3 hits: 10-07 to 10-20] none[none] none:none
none|none none none

T:13:28:00 WinXP 86.55.82.31 (OPTINET.RO):
SC OPTINET SRL,
RO. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
6 lines Yeah : 1.3
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 3 hits: 10-07 to 10-20] none[none] none:none
none|none none none

13:34:00 WinXP 208.188.16.159 (SWBELL.NET):
AS101 RCSNTX DIAL POOL,
DALLAS, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:479 hits: 12-31 to 10-21] 048df78048 [0] ASM:Graph
none|none lines=61 trace

13:40:00 Win2K-f 218.220.174.163 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
TOYONAKA, OSAKA, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:43:00 WinXP 24.86.86.37 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 e98b0aa219
NEW none[none] none:none
none|none none none

T:13:45:00 WinXP 92.40.169.31 (IKBCC.COM):
EU-ZZ,
UK. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5230322052
NEW none[none] none:none
none|none none none

13:48:00 WinXP 83.132.137.21 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
MASSAMA, LISBOA, PT. n/a RU:moscow-advokat.ru
SE:broadway.ny.us.dal.net
US:lia.zanet.net
AT:graz.at.eu.undernet.org
SE:qis.md.us.dal.net
:washington.dc.us.undernet.org
:gaspode.zanet.org.za
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 31945e4d33
NEW none[none] none:none
none|none none none

T:13:58:00 WinXP 123.252.135.118 (RDPLGLOBAL.COM):
TATA TELESERVICES MAHARASHTRA LTD,
MUMBAI, MAHARASHTRA, IN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 8fa85f3aeb
NEW none[none] none:none
none|none none none

14:01:00 Win2K-f 61.192.32.66 (ZAQ.NE.JP):
J-COM KANSAI CO. LTD,
TOKYO, TOKYO, JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
NEW none[none] none:none
none|none none none

T:14:03:00 WinXP 86.144.108.230 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:618 hits: 01-01 to 10-21] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:14:03:00 WinXP 190.137.170.198 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:10:00 Win2K-f 210.19.83.37 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
MY. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox: 7 hits: 08-15 to 10-21] none[none] none:none
none|none none none

14:11:00 WinXP 68.148.123.27 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36
0 of 33 45d49b1dac
NEW
6089a3fcf8
NEW
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

14:26:00 Win2K-f 4.225.23.44 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 135 pcap raw alerts
ruleset other
90 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:30:00 WinXP 94.191.248.39 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:16 hits: 10-05 to 10-21] none[none] none:none
none|none none none

14:40:00 WinXP 85.96.144.63 (TTNET.NET.TR):
ADSL-ALC-ULUS-DYNAMIC POOL,
ANKARA, ANKARA, TR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 f63e70fa11
NEW none[none] none:none
none|none none none

14:45:00 WinXP 190.226.184.157 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
15 lines Yeah : 1.3
profile none summary
tarball 35 of 36 eb3cf5b1c5
NEW none[none] none:none
none|none none none

T:14:46:00 WinXP 190.226.184.157 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
:kidfitnesstv.com
:www.google.com
:clients1.google.com 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 6 of 36
8 of 36
35 of 36 0b82addbc4
[Firefox: 3 hits: 10-20 to 10-21]
ac9e444ce0
[Firefox:17 hits: 10-13 to 10-21]
eb3cf5b1c5
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:14:52:00 WinXP 98.140.228.220 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:54:00 Win2K-f 82.194.151.176 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

14:58:00 WinXP 71.79.78.37 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTERVILLE, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:204.160.104.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:59:00 Win2K-f 75.16.254.18 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:08:00 Win2K-f 24.85.166.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 121b9db36f
NEW none[none] none:none
none|none none none

T:15:11:00 WinXP 74.141.72.130 (INSIGHTBB.COM):
INSIGHT COMMUNICATIONS COMPANY L.P,
LOUISVILLE, KENTUCKY, US. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
AT:graz.at.eu.undernet.org
NL:london.uk.eu.undernet.org
SE:qis.md.us.dal.net
SE:ced.dal.net
US:lia.zanet.net
:caen.fr.eu.undernet.org
:lulea.se.eu.undernet.org
NL:diemen.nl.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:769 hits: 12-31 to 10-21] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:14:00 WinXP 83.221.68.232 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
25 lines Yeah : 1.3
profile none summary
tarball 34 of 36 703ad78900
NEW none[none] none:none
none|none none none

15:14:00 WinXP 83.221.68.232 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
115.126.2.110:80
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
15 lines Yeah : 1.3
profile none summary
tarball 34 of 36 703ad78900
NEW none[none] none:none
none|none none none

15:18:00 WinXP 218.191.195.19 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 25 of 36 114d93b412
NEW none[none] none:none
none|none none none

15:21:00 Win2K-f 218.238.165.254 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
13 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:15 hits: 08-01 to 10-21] none[none] none:none
none|none none none

T:15:22:00 WinXP 64.183.180.122 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GARLAND, TEXAS, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
irc
106 lines Yeah : 1.8
profile none summary
tarball 32 of 36
34 of 35
0 of 33 40f73d7feb
NEW
4a7580c787
NEW
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

15:27:00 Win2K-f 218.235.133.148 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

15:33:00 WinXP 125.224.228.72 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 4 hits: 08-15 to 10-21] none[none] none:none
none|none none none

15:38:00 WinXP 130.13.74.212 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 4d9fda377d
NEW none[none] none:none
none|none none none

T:15:40:00 WinXP 217.202.108.101 (-):
TELECOM ITALIA MOBILE,
IT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 def19f706a
NEW none[none] none:none
none|none none none

15:52:00 WinXP 41.214.185.205 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 1c8b439ba5
[Firefox: 3 hits: 10-20 to 10-21] none[none] none:none
none|none none none

T:15:53:00 WinXP 41.214.185.205 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 1c8b439ba5
[Firefox: 3 hits: 10-20 to 10-21] none[none] none:none
none|none none none

15:57:00 WinXP 76.171.90.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:01:00 Win2K-f 70.128.1.245 (PARAGOULD.NET):
PARAGOULD CITY LIGHT & WATER,
PARAGOULD, ARKANSAS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
189 lines Yeah : 1.3
profile none summary
tarball 24 of 36 a98417e0fd
NEW none[none] none:none
none|none none none

16:01:00 Win2K-f 70.183.165.173 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset irc
126 lines Yeah : 1.8
profile none summary
tarball 34 of 36
28 of 33 da00a8e7a1
[Firefox:29 hits: 08-05 to 10-14]
f685f8e027
[Firefox:33 hits: 06-18 to 10-14] none[none]
f685f8e027[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=82 none
trace

16:06:00 WinXP 72.0.181.234 (BENDBROADBAND.COM):
BEND CABLE COMMUNICATIONS LLC,
BEND, OREGON, US. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 74c6c141d8
[Firefox: 9 hits: 08-02 to 09-26] none[none] none:none
none|none none none

T:16:07:00 WinXP 79.138.199.20 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:16 hits: 10-05 to 10-21] none[none] none:none
none|none none none

16:07:00 WinXP 79.138.199.20 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:16 hits: 10-05 to 10-21] none[none] none:none
none|none none none

16:08:00 WinXP 125.31.105.90 (KITAKYUSHU03.BBIQ.JP):
KYUSHU TELECOMMUNICATION NETWORK CO. INC,
FUKUOKA, FUKUOKA, JP. (DIAL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 3 hits: 09-26 to 10-21] none[none] none:none
none|none none none

T:16:24:00 Win2K-f 4.166.153.4 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset other
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
b7082104e4
[Firefox:218 hits: 06-18 to 10-21] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

16:36:00 Win2K-f 4.190.220.158 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BILLINGS, MONTANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:54:00 WinXP 204.193.219.143 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c198ee4e94
[Firefox: 2 hits: 10-20 to 10-20] none[none] none:none
none|none none none

16:57:00 Win2K-f 63.23.14.103 (UU.NET):
UUNET TECHNOLOGIES INC,
SAN FRANCISCO, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:207.123.37.123:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 1aaea25bf9
NEW
db33ef40cd
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:03:00 WinXP 65.188.148.89 (RR.COM):
ROAD RUNNER HOLDCO LLC,
POMPANO BEACH, FLORIDA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:186 hits: 01-01 to 10-14] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

17:13:00 Win2K-f 24.85.107.57 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:16:00 WinXP 190.208.110.54 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a0e1b944c1
NEW none[none] none:none
none|none none none

17:18:00 WinXP 4.153.8.140 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:20:00 WinXP 221.124.49.42 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 3 hits: 09-26 to 09-26] none[none] none:none
none|none none none

17:26:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:199.93.53.125:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
57ce4acac2
[Firefox:284 hits: 06-17 to 10-21] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:29:00 Win2K-f 211.22.210.69 (EAI.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:199.93.53.125:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
384 lines Yeah : 1.3
profile none summary
tarball 33 of 35
34 of 36 399935b731
NEW
c34838d4f7
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:33:00 Win2K-f 4.178.186.164 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VANCOUVER, WASHINGTON, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
166 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:35:00 WinXP 61.192.32.66 (ZAQ.NE.JP):
J-COM KANSAI CO. LTD,
TOKYO, TOKYO, JP. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
NEW none[none] none:none
none|none none none

17:39:00 WinXP 66.81.148.62 (O1.COM):
O1 DIALUP SERVICES,
LOS ANGELES, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:479 hits: 12-31 to 10-21] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:17:41:00 WinXP 68.203.135.108 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. n/a :www.proxy-socks.net
DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:283 hits: 01-01 to 10-20] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

17:45:00 Win2K-f 63.17.176.44 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:17:45:00 WinXP 70.15.80.233 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:16 hits: 10-05 to 10-21] none[none] none:none
none|none none none

17:48:00 WinXP 70.15.80.233 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:16 hits: 10-05 to 10-21] none[none] none:none
none|none none none

T:17:52:00 Win2K-f 218.235.133.148 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:18:14:00 WinXP 24.85.166.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:12 hits: 08-15 to 10-21] none[none] none:none
none|none none none

18:20:00 WinXP 66.69.75.193 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. (100Mbps) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

18:34:00 WinXP 211.207.90.182 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 99797e2b75
[Firefox: 4 hits: 09-26 to 10-20] none[none] none:none
none|none none none

18:35:00 Win2K-f 66.139.9.197 (SWBELL.NET):
PPPOX POOL - RBACK14.HSTNTX.042005-2016,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:38:00 Win2K-f 118.221.182.19 (-):
. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
100 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33
0 of 32 9d571adc3c
[Firefox: 7 hits: 07-04 to 08-26]
a704164588
[Firefox: 9 hits: 07-04 to 08-26]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

18:45:00 WinXP 208.22.9.137 (-):
AAFES/BARRACKS,
VIRGINIA BEACH, VIRGINIA, US. n/a UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 01-03 to 10-21] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

19:00:00 WinXP 190.188.56.47 (NET.AR):
PRIMA S.A,
AR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 e50d19ea22
NEW none[none] none:none
none|none none none

19:05:00 Win2K-f 4.152.105.221 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ATLANTA, GEORGIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:05:00 WinXP 76.175.11.28 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
[Firefox:25 hits: 01-01 to 10-06] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

19:06:00 WinXP 65.41.179.38 (EMBARQHSD.NET):
EMBARQ CORPORATION,
US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:490 hits: 01-05 to 10-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:19:08:00 Win2K-f 96.48.149.231 (-):
. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:12 hits: 08-15 to 10-21] none[none] none:none
none|none none none

T:19:10:00 WinXP 66.69.57.229 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. (100Mbps) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:142 hits: 01-01 to 10-15] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

19:15:00 Win2K-f 24.80.122.234 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
126 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36
0 of 32 0115338c8b
[Firefox:19 hits: 09-12 to 10-21]
321f4fc27d
[Firefox:19 hits: 09-12 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

19:18:00 WinXP 4.155.15.60 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BALTIMORE, MARYLAND, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 27 of 33 b402048f34
[Firefox: 4 hits: 07-05 to 08-14] none[none] none:none
none|none none none

19:26:00 WinXP 64.89.167.129 (DIXIE-NET.COM):
ISP ASSOCIATES INC. DBA DIXIE-NET,
OXFORD, MISSISSIPPI, US. n/a GB:new.egg.com
DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
32 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:283 hits: 01-01 to 10-20] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

19:26:00 WinXP 66.53.213.41 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 28 of 36 ff8dd3eeb9
NEW none[none] none:none
none|none none none

19:46:00 WinXP 67.150.121.193 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a RU:www.bbin.ru
RU:www.binbank.ru
EU:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
http
30 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:283 hits: 01-01 to 10-20] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:19:56:00 WinXP 204.193.222.235 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
NEW none[none] none:none
none|none none none

19:58:00 WinXP 65.172.27.17 (-):
DICKENSON COUNTY D/B/A DCWIN,
ATHENS, PENNSYLVANIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:4.23.60.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:18:00 WinXP 96.52.187.68 (-):
. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ba5f4486d7
NEW none[none] none:none
none|none none none

T:20:18:00 WinXP 85.85.66.77 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:142 hits: 01-01 to 10-15] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:20:20:00 WinXP 12.72.186.173 (ATT.NET):
AT&T WORLDNET SERVICES,
CARSON CITY, NEVADA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:479 hits: 12-31 to 10-21] 048df78048 [0] ASM:Graph
none|none lines=61 trace

20:24:00 Win2K-f 68.124.160.111 (PACBELL.NET):
PPPOX POOL - BRAS1.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:38:00 WinXP 201.32.231.154 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 45af2e8f47
NEW none[none] none:none
none|none none none

T:20:40:00 WinXP 77.22.120.206 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 f73291a39a
NEW none[none] none:none
none|none none none

20:41:00 Win2K-f 116.120.178.158 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 35
35 of 36 94510cf3f0
NEW
b209a05ffa
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

20:54:00 WinXP 71.104.134.152 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
RANCHO CUCAMONGA, CALIFORNIA, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d2ab31c2
[Firefox: 2 hits: 10-20 to 10-20] none[none] none:none
none|none none none

T:20:56:00 WinXP 71.104.134.152 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
RANCHO CUCAMONGA, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

21:13:00 Win2K-f 70.248.127.149 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:32:00 Win2K-f 208.82.46.217 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
62 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21]
b7082104e4
[Firefox:218 hits: 06-18 to 10-21] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

21:41:00 WinXP 210.157.196.75 (SANNET.NE.JP):
SANNET INTERNET SERVICE,
JP. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c88e305fa8
NEW none[none] none:none
none|none none none

21:45:00 Win2K-f 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:53:00 WinXP 24.88.104.110 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1358 hits: 12-31 to 10-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

22:09:00 Win2K-f 65.204.67.167 (MIS.NET):
MIKROTEC INTERNET SERVICES INC,
LOUISA, KENTUCKY, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:12:00 Win2K-f 68.149.177.132 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:17:00 WinXP 151.118.198.119 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset irc
http
141 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 32
0 of 33 7f66e51c85
[Firefox:15 hits: 07-11 to 10-20]
9d12fe9d3b
[Firefox:16 hits: 07-11 to 10-20]
e07c29c4ae
[Firefox:661 hits: 06-19 to 10-21] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

22:18:00 WinXP 4.245.158.225 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAVEN, CONNECTICUT, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
433 lines Yeah : 1.3
profile none summary
tarball 34 of 36 65cf97781c
NEW none[none] none:none
none|none none none

T:22:23:00 WinXP 63.246.52.244 (GEUSNET.NET):
GEUS,
GREENVILLE, TEXAS, US. n/a 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:26:00 Win2K-f 24.170.56.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
INGLESIDE, TEXAS, US. n/a 135 pcap raw alerts
ruleset other
61 lines Yeah : 1.3
profile none summary
tarball 0 of 33 a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] a08f3b74a4 [1] ASM:Graph
Armadillo| lines=81 trace

22:59:00 Win2K-f 172.130.152.82 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:01:00 Win2K-f 122.146.243.245 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
73f1082158
[Firefox:1621 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:23:03:00 WinXP 75.42.73.87 (-):
PPPOX POOL - BRAS5.SCRMCA,
PLANO, TEXAS, US. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox:50 hits: 04-18 to 10-15] none[3] none:none
tElock| none trace

23:05:00 Win2K-f 98.145.210.251 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:06:00 WinXP 81.198.238.87 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 2881209768
NEW none[none] none:none
none|none none none

T:23:06:00 WinXP 81.198.238.87 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2881209768
NEW none[none] none:none
none|none none none

23:35:00 Win2K-f 71.148.35.37 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3289 hits: 06-17 to 10-21]
a08f3b74a4
[Firefox:1183 hits: 06-18 to 10-21]
b5919931fe
[Firefox:880 hits: 06-20 to 10-21] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:42:00 WinXP 208.127.250.153 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. n/a 135 pcap raw alerts
ruleset other
678 lines Yeah : 1.3
profile none summary
tarball 32 of 36 f0a79023d6
NEW none[none] none:none
none|none none none

23:52:00 WinXP 89.50.104.162 (PPPOOL.DE):
FREENET CITYLINE GMBH,
DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:176 hits: 01-08 to 10-21] 83893bd25d [0] ASM:Graph
none|none lines=65 trace