Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

25 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:09:00 WinXP 87.11.159.126 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
AVELLINO, CAMPANIA, IT. n/a RU:moscow-advokat.ru
SE:qis.md.us.dal.net
:brussels.be.eu.undernet.org
SE:ced.dal.net
:lulea.se.eu.undernet.org
SE:viking.dal.net
SE:broadway.ny.us.dal.net
NL:diemen.nl.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 33 of 35 30b8192f05
NEW none[none] none:none
none|none none none

T:00:09:00 WinXP 87.11.159.126 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
AVELLINO, CAMPANIA, IT. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 30b8192f05
NEW none[none] none:none
none|none none none

00:15:00 WinXP 117.99.0.237 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
:brussels.be.eu.undernet.org
:lulea.se.eu.undernet.org
SE:vancouver.dal.net
AT:graz.at.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:13 hits: 10-03 to 10-21] none[none] none:none
none|none none none

00:19:00 WinXP 79.163.64.74 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 8988e13dc6
NEW none[none] none:none
none|none none none

T:00:19:00 WinXP 82.224.85.212 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:34 hits: 09-17 to 10-24] none[none] none:none
none|none none none

T:00:32:00 WinXP 82.65.1.253 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 478e5ec8c0
NEW none[none] none:none
none|none none none

T:00:40:00 WinXP 165.29.122.25 (AR.US):
ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK,
MONTICELLO, ARKANSAS, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox: 2 hits: 10-10 to 10-24] none[none] none:none
none|none none none

00:41:00 WinXP 70.68.20.125 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:80 135 pcap raw alerts
ruleset http
irc
1046 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36
0 of 33 6ea2758c07
[Firefox: 5 hits: 10-07 to 10-22]
d4406c307b
[Firefox: 5 hits: 10-07 to 10-22]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:00:43:00 WinXP 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
116 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33
0 of 33 87e1117f2a
[Firefox:19 hits: 07-18 to 10-22]
b4fe4581c3
[Firefox:19 hits: 07-18 to 10-22]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

00:50:00 WinXP 79.163.69.192 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 35 of 36 23603d744f
NEW none[none] none:none
none|none none none

01:11:00 WinXP 82.225.250.167 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 4 hits: 10-11 to 10-21] none[none] none:none
none|none none none

T:01:12:00 WinXP 82.225.250.167 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 4 hits: 10-11 to 10-21] none[none] none:none
none|none none none

01:16:00 Win2K-f 217.184.141.5 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
HAMBURG, HAMBURG, DE. n/a GB:doiluc.com 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 1 of 36 793252c597
NEW none[none] none:none
none|none none none

01:17:00 WinXP 88.178.131.153 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 d0d92d58c3
NEW none[none] none:none
none|none none none

T:01:24:00 WinXP 72.251.93.212 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:23 hits: 02-16 to 10-21] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

T:01:28:00 Win2K-f 70.60.105.245 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN FRANCISCO, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:01:34:00 WinXP 83.141.200.40 (EVC.NET):
DHCP POOL EVC,
BASEL, BASEL-STADT, CH. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 c334fc5c05
NEW none[none] none:none
none|none none none

T:01:34:00 Win2K-f 63.28.79.88 (UU.NET):
UUNET TECHNOLOGIES INC,
HONOLULU, HAWAII, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:36:00 Win2K-f 24.64.253.158 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
259 lines Yeah : 1.3
profile none summary
tarball 31 of 35 a93ff1217b
NEW none[none] none:none
none|none none none

01:37:00 Win2K-f 203.91.191.104 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:38:00 WinXP 213.22.44.8 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f75c383301
[Firefox: 2 hits: 10-21 to 10-22] none[none] none:none
none|none none none

T:01:38:00 WinXP 213.22.44.8 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 f75c383301
[Firefox: 2 hits: 10-21 to 10-22] none[none] none:none
none|none none none

01:47:00 WinXP 87.247.111.3 (-):
MIKROVISATA,
LT. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 3 hits: 10-14 to 10-17] none[none] none:none
none|none none none

T:01:47:00 WinXP 24.166.51.15 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CUYAHOGA FALLS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.45:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:01:48:00 WinXP 83.213.139.44 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:29 hits: 10-05 to 10-24] none[none] none:none
none|none none none

01:53:00 Win2K-f 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
57ce4acac2
[Firefox:289 hits: 06-17 to 10-24] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:00:00 WinXP 69.85.119.80 (SPEAKEASY.NET):
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:02:01:00 WinXP 69.85.119.80 (SPEAKEASY.NET):
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

02:07:00 WinXP 98.140.59.201 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:12:00 WinXP 79.163.190.75 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 8988e13dc6
NEW none[none] none:none
none|none none none

T:02:31:00 WinXP 195.174.214.53 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
IZMIR, IZMIR, TR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 0094557189
NEW none[none] none:none
none|none none none

02:43:00 WinXP 85.85.37.198 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 9a620eca16
NEW none[none] none:none
none|none none none

T:02:47:00 WinXP 210.147.67.254 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
KITAKYUSHU, FUKUOKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:622 hits: 01-01 to 10-24] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:02:50:00 WinXP 87.247.99.13 (-):
MIKROVISATA,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 6 hits: 10-07 to 10-24] none[none] none:none
none|none none none

T:02:59:00 WinXP 98.175.153.98 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36
0 of 33 430b442da3
NEW
bea8cb1865
[Firefox:29 hits: 08-11 to 10-10]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:03:00:00 WinXP 81.198.37.14 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 2881209768
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

03:09:00 WinXP 217.185.234.121 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

03:13:00 Win2K-f 217.184.139.22 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
MERZIG, SAARLAND, DE. n/a GB:doiluc.com 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 1 of 36 793252c597
NEW none[none] none:none
none|none none none

03:13:00 WinXP 77.222.225.107 (NET.PL):
SPRAY-NET-WARSZAWA,
PL. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 17b93151f4
NEW none[none] none:none
none|none none none

T:03:14:00 WinXP 77.222.225.107 (NET.PL):
SPRAY-NET-WARSZAWA,
PL. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 17b93151f4
NEW none[none] none:none
none|none none none

T:03:23:00 Win2K-f 24.76.12.222 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36
0 of 32 0115338c8b
[Firefox:21 hits: 09-12 to 10-22]
321f4fc27d
[Firefox:21 hits: 09-12 to 10-22]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:03:23:00 WinXP 68.149.177.132 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:33:00 WinXP 79.163.92.125 (-):
IDEA,
PL. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 36
34 of 36
11 of 36 abee918d7e
NEW
c8ed7380d2
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

03:42:00 Win2K-f 24.84.5.16 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 31 of 36
33 of 36 28ce5fc467
[Firefox: 6 hits: 09-12 to 10-12]
e7335cb667
[Firefox: 6 hits: 09-12 to 10-12] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:03:43:00 WinXP 93.148.217.9 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 d09f36fcfb
NEW none[none] none:none
none|none none none

T:03:51:00 Win2K-f 203.91.176.117 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:04:01:00 WinXP 41.214.169.204 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:13:00 WinXP 12.73.69.131 (ATT.NET):
AT&T WORLDNET SERVICES,
AUSTIN, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:177 hits: 01-08 to 10-22] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

04:22:00 WinXP 63.28.53.55 (UU.NET):
UUNET TECHNOLOGIES INC,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:23:00 Win2K-f 24.69.187.101 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
223 lines Yeah : 1.3
profile none summary
tarball 32 of 36
33 of 36
0 of 32 090753e602
[Firefox: 2 hits: 10-09 to 10-15]
79595a71bb
[Firefox: 2 hits: 10-09 to 10-15]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

04:29:00 WinXP 84.247.3.89 (JUMP.RO):
SC AZURE SOFTWARE SRL,
BUCHAREST, BUCURESTI, RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 60de8620d9
NEW none[none] none:none
none|none none none

T:04:31:00 WinXP 84.140.205.235 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
AHRENSBURG, SCHLESWIG-HOLSTEIN, DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:177 hits: 01-08 to 10-22] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:04:33:00 WinXP 79.163.195.173 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:41:00 WinXP 70.69.94.87 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MISSION, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

04:49:00 WinXP 77.78.190.93 (-):
LULIN-NET,
BG. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:61 hits: 09-13 to 10-15] none[none] none:none
none|none none none

T:04:49:00 WinXP 77.78.190.93 (-):
LULIN-NET,
BG. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:61 hits: 09-13 to 10-15] none[none] none:none
none|none none none

T:05:05:00 Win2K-f 172.130.210.78 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
154 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33
0 of 32 0474b4b09f
[Firefox: 7 hits: 09-24 to 10-15]
1c3210698a
[Firefox: 9 hits: 07-13 to 10-16]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

05:06:00 Win2K-f 140.239.42.39 (XO.NET):
XO COMMUNICATIONS,
HOPKINTON, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 73ce2b74da
[Firefox:24 hits: 06-18 to 10-21]
79c01ec060
[Firefox:55 hits: 06-18 to 10-21]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] 73ce2b74da [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

T:05:10:00 WinXP 79.163.2.255 (-):
IDEA,
PL. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d2e0c1f039
NEW none[none] none:none
none|none none none

05:15:00 WinXP 80.116.59.196 (POOL80116.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
COMO, LOMBARDIA, IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox: 8 hits: 10-11 to 10-24] none[none] none:none
none|none none none

05:16:00 WinXP 70.249.81.159 (SWBELL.NET):
PPPOX POOL - BRAS2 OKCYOK 070704,
EDMOND, OKLAHOMA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:17:00 Win2K-f 4.181.106.34 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SACRAMENTO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:24:00 WinXP 87.247.101.64 (-):
MIKROVISATA,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 5f7a537123
NEW none[none] none:none
none|none none none

05:25:00 WinXP 79.163.187.168 (-):
IDEA,
PL. n/a UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 5 hits: 10-21 to 10-24] none[none] none:none
none|none none none

05:37:00 WinXP 70.183.161.118 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:05:37:00 WinXP 85.241.236.127 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. (DSL) n/a 445 pcap raw alerts
ruleset http
6 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:05:39:00 Win2K-f 24.87.9.35 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

05:46:00 WinXP 71.72.163.74 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENVILLE, OHIO, US. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:viking.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:23 hits: 02-16 to 10-21] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

05:51:00 WinXP 99.137.214.176 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:482 hits: 12-31 to 10-22] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:05:52:00 WinXP 71.72.163.74 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENVILLE, OHIO, US. n/a RU:moscow-advokat.ru
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
:lulea.se.eu.undernet.org
SE:coins.dal.net
SE:vancouver.dal.net
:flanders.be.eu.undernet.org
SE:ced.dal.net
:los-angeles.ca.us.undernet.org
NO:london.uk.eu.undernet.org
SE:broadway.ny.us.dal.net
:washington.dc.us.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:23 hits: 02-16 to 10-21] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

T:05:56:00 WinXP 121.84.99.145 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:177 hits: 01-08 to 10-22] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:05:57:00 WinXP 82.251.205.166 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5d7c7f2ec8
NEW none[none] none:none
none|none none none

06:01:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

06:03:00 Win2K-f 114.200.183.90 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33
0 of 32 4c3df24b32
[Firefox:223 hits: 06-17 to 10-20]
53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] 4c3df24b32 [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

06:06:00 WinXP 78.159.33.230 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 24e4c28fdb
NEW none[none] none:none
none|none none none

T:06:08:00 WinXP 87.110.142.42 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 4 hits: 10-11 to 10-21] none[none] none:none
none|none none none

06:15:00 WinXP 83.132.65.4 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
SE:coins.dal.net
:lulea.se.eu.undernet.org
NL:london.uk.eu.undernet.org
US:lia.zanet.net
SE:qis.md.us.dal.net
NL:diemen.nl.eu.undernet.org
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b23ffca78e
NEW none[none] none:none
none|none none none

06:16:00 WinXP 69.211.139.14 (AMERITECH.NET):
PPPOX POOL - RBACK5 WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:06:21:00 WinXP 79.163.227.26 (-):
IDEA,
PL. n/a
EU:79.163.227.26:1023 445 pcap raw alerts
ruleset shell
ftp
55 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d2e0c1f039
NEW none[none] none:none
none|none none none

T:06:23:00 WinXP 61.219.33.68 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a CA:xx.ka3ek.com
CA:zonetech.info
US:130.107.169.29:59648 135 pcap raw alerts
ruleset irc
http
372 lines Yeah : 1.3
profile none summary
tarball 20 of 36
22 of 36
21 of 36
30 of 33
10 of 36 0635f8d411
NEW
1868867d02
[Firefox: 3 hits: 09-29 to 10-04]
3e01fb69e1
[Firefox: 4 hits: 09-29 to 10-09]
b2aa60cb38
[Firefox: 4 hits: 07-11 to 10-15]
c025f08a76
[Firefox: 7 hits: 09-15 to 10-04] none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

T:06:25:00 WinXP 88.162.145.152 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 65baec9942
NEW none[none] none:none
none|none none none

06:27:00 WinXP 83.213.218.247 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f6710df15d
NEW none[none] none:none
none|none none none

06:37:00 WinXP 87.110.168.115 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 985b9b9708
NEW none[none] none:none
none|none none none

06:39:00 WinXP 122.16.183.118 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:622 hits: 01-01 to 10-24] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

06:41:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:06:41:00 Win2K-f 83.49.80.137 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MARBELLA, ANDALUCIA, ES. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 139 pcap raw alerts
ruleset irc
http
15 lines Yeah : 1.3
profile none summary
tarball 33 of 36
18 of 35
11 of 36 6d7df0c54c
NEW
81f91861f0
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

06:42:00 WinXP 83.49.80.137 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MARBELLA, ANDALUCIA, ES. 115.126.2.121:65520 139 pcap raw alerts
ruleset irc
16 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:06:54:00 WinXP 85.139.96.209 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 77ae91b868
NEW none[none] none:none
none|none none none

T:06:54:00 Win2K-f 201.94.187.174 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 115.126.2.121:65520 445 pcap raw alerts
ruleset irc
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:59:00 WinXP 79.163.239.132 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 36 23603d744f
NEW none[none] none:none
none|none none none

T:07:02:00 WinXP 82.7.208.140 (NTL.COM):
NTLI,
NOTTINGHAM, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 36 of 36 b7a2b9be2a
[Firefox: 2 hits: 08-27 to 09-20] none[none] none:none
none|none none none

T:07:02:00 WinXP 24.86.86.37 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
SE:qis.md.us.dal.net
US:lia.zanet.net
SE:coins.dal.net
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 e98b0aa219
NEW none[none] none:none
none|none none none

07:09:00 WinXP 79.163.128.171 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 35 of 36 8988e13dc6
NEW none[none] none:none
none|none none none

T:07:16:00 WinXP 204.193.222.184 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 2 hits: 10-21 to 10-22] none[none] none:none
none|none none none

07:17:00 WinXP 204.193.222.184 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 2 hits: 10-21 to 10-22] none[none] none:none
none|none none none

T:07:22:00 Win2K-f 61.105.46.98 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 135 pcap raw alerts
ruleset irc
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:25:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:07:35:00 Win2K-f 196.33.241.116 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. 115.126.2.121:65520 EE:www.starman.ee
FI:www.if.ee
EE:62.65.192.24:80 135 pcap raw alerts
ruleset irc
http
12 lines Yeah : 0.8
profile none summary
tarball 11 of 36 fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none] none:none
none|none none none

07:48:00 WinXP 98.141.161.158 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:54:00 WinXP 67.150.169.4 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a DE:ebookfinaltrash.ru
US:searchportal.information.com
US:spi.domainsponsor.com
EU:siliconfireware.ru
:wpad 445 pcap raw alerts
ruleset http
http
http
15 lines Yeah : 0.8
profile none summary
tarball 23 of 32 6711bd8304
NEW none[none] none:none
none|none none none

T:08:03:00 WinXP 151.118.198.119 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.110:80
115.126.2.121:65520 135 pcap raw alerts
ruleset irc
http
147 lines Yeah : 1.8
profile none summary
tarball 18 of 36
32 of 33
29 of 32
0 of 33
11 of 36 4622b3e228
NEW
7f66e51c85
[Firefox:17 hits: 07-11 to 10-22]
9d12fe9d3b
[Firefox:18 hits: 07-11 to 10-22]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24]
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none]
none [none]
e07c29c4ae[1]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none|none
none|none
none|none
FSG|
none|none none
none
none
lines=92
none none
none
none
trace
none

T:08:07:00 WinXP 92.60.225.87 (IKBCC.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

08:09:00 WinXP 72.71.68.172 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
FRANKLIN, NORTH CAROLINA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:622 hits: 01-01 to 10-24] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

08:15:00 WinXP 70.183.165.173 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.148.254:80 135 pcap raw alerts
ruleset http
irc
124 lines Yeah : 1.8
profile none summary
tarball 34 of 36
0 of 33
28 of 33 da00a8e7a1
[Firefox:30 hits: 08-05 to 10-22]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24]
f685f8e027
[Firefox:34 hits: 06-18 to 10-22] none[none]
e07c29c4ae[1]
f685f8e027[1] none:none
ASM:Graph
ASM:Graph
none|none
FSG|
Armadillo| none
lines=92
lines=82 none
trace
trace

T:08:17:00 WinXP 210.3.73.138 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a61ced303b
NEW none[none] none:none
none|none none none

08:20:00 Win2K-f 72.234.244.23 (HAWAIIANTEL.NET):
HAWAIIAN TELCOM SERVICES COMPANY INC,
HONOLULU, HAWAII, US. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:20:00 WinXP 122.146.240.36 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:23:00 WinXP 84.247.3.78 (JUMP.RO):
SC AZURE SOFTWARE SRL,
BUCHAREST, BUCURESTI, RO. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1eeecc1925
NEW none[none] none:none
none|none none none

08:35:00 Win2K-f 70.167.73.201 (COX.NET):
COX COMMUNICATIONS,
VINCENNES, INDIANA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:08:53:00 WinXP 88.164.227.211 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 788a5e857c
NEW none[none] none:none
none|none none none

T:09:00:00 WinXP 98.134.132.121 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

09:03:00 Win2K-f 172.129.69.129 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
121 lines Yeah : 1.3
profile none summary
tarball 30 of 33
0 of 32
29 of 33 3373948767
[Firefox:34 hits: 07-03 to 10-22]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24]
c73f738c30
[Firefox:34 hits: 07-03 to 10-22] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

T:09:08:00 WinXP 83.132.65.4 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b23ffca78e
NEW none[none] none:none
none|none none none

09:09:00 WinXP 80.219.147.66 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 451a3eb15f
NEW none[none] none:none
none|none none none

T:09:10:00 WinXP 77.254.144.36 (COM.PL):
NETIA,
PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 2881209768
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

09:16:00 WinXP 75.138.118.82 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 632e315db2
[Firefox:23 hits: 10-03 to 10-24] none[none] none:none
none|none none none

09:31:00 WinXP 66.190.162.127 (CHARTER.COM):
CHARTER COMMUNICATIONS,
LAGRANGE, GEORGIA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 4f1299acc0
[Firefox: 5 hits: 10-07 to 10-14] none[none] none:none
none|none none none

T:09:33:00 Win2K-f 68.148.192.174 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:09:48:00 WinXP 86.55.83.238 (OPTINET.RO):
SC OPTINET SRL,
RO. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 6 hits: 10-07 to 10-24] none[none] none:none
none|none none none

T:10:08:00 Win2K-f 58.126.215.117 (HANANET.NET):
HANARO TELECOM INC,
KR. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
irc
105 lines Yeah : 1.8
profile none summary
tarball 34 of 36
0 of 32
30 of 33 2363718c16
NEW
b5919931fe
[Firefox:913 hits: 06-20 to 10-24]
ff2150aa95
[Firefox: 4 hits: 07-03 to 10-01] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

10:08:00 WinXP 79.163.40.108 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 5 hits: 10-21 to 10-24] none[none] none:none
none|none none none

T:10:08:00 WinXP 79.163.40.108 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 5 hits: 10-21 to 10-24] none[none] none:none
none|none none none

T:10:15:00 WinXP 79.124.156.252 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 770385ec1c
NEW none[none] none:none
none|none none none

10:21:00 WinXP 85.95.210.118 (CALIXO.NET):
VIALIS - REGIE MUNICIPALE DE COLMAR,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

10:23:00 Win2K-f 216.158.118.222 (EGYPTIAN.NET):
EGYPTIAN TELEPHONE,
STEELEVILLE, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:10:26:00 Win2K-f 78.34.46.84 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. 115.126.2.121:65520 :proxima.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset irc
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:26:00 WinXP 91.150.84.72 (KRSTARICA.NET):
KRSTARICA-NET,
CS. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

10:27:00 WinXP 91.150.84.72 (KRSTARICA.NET):
KRSTARICA-NET,
CS. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

10:30:00 WinXP 4.154.102.17 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DULUTH, GEORGIA, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 8c0884b5f3
NEW none[none] none:none
none|none none none

T:10:32:00 WinXP 68.200.27.174 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:10:42:00 WinXP 82.58.118.205 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f3bfb92b73
NEW none[none] none:none
none|none none none

10:43:00 Win2K-f 70.184.214.106 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
121 lines Yeah : 1.8
profile none summary
tarball 0 of 32
34 of 36
28 of 33 b5919931fe
[Firefox:913 hits: 06-20 to 10-24]
da00a8e7a1
[Firefox:30 hits: 08-05 to 10-22]
f685f8e027
[Firefox:34 hits: 06-18 to 10-22] b5919931fe [1]
none [none]
f685f8e027[1] ASM:Graph
none:none
ASM:Graph
ASProtect|
none|none
Armadillo| lines=90
none
lines=82 trace
none
trace

10:49:00 WinXP 124.102.112.181 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 35 of 36 df2e62792a
NEW none[none] none:none
none|none none none

11:00:00 Win2K-f 90.192.148.53 (SKY.COM):
BSKYB-BROADBAND,
UK. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:02:00 Win2K-f 222.237.231.22 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
155 lines Yeah : 1.8
profile none summary
tarball 19 of 36
33 of 36
32 of 36
11 of 36 388bc1e566
NEW
840f57f567
NEW
9cce20be7b
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:11:03:00 WinXP 69.153.193.87 (SWBELL.NET):
RBACK24.HSTNTX PPPOX POOL,
HOUSTON, TEXAS, US. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
36 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:587 hits: 01-01 to 10-21] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

11:11:00 WinXP 208.9.118.209 (-):
AAFES/BARRACKS,
MASSENA, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:11:20:00 WinXP 88.162.158.207 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a RU:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org
:lulea.se.eu.undernet.org
:brussels.be.eu.undernet.org
SE:coins.dal.net
SE:ozbytes.dal.net
:gaspode.zanet.org.za
SE:viking.dal.net
NL:london.uk.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 15ee4e7627
[Firefox: 2 hits: 09-25 to 10-04] none[none] none:none
none|none none none

11:21:00 WinXP 88.162.158.207 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
HR:london.uk.eu.undernet.org
SE:viking.dal.net
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15ee4e7627
[Firefox: 2 hits: 09-25 to 10-04] none[none] none:none
none|none none none

11:27:00 WinXP 122.52.16.17 (PLDT.NET):
IPG,
PH. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:27:00 Win2K-f 89.178.14.84 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520 445 pcap raw alerts
ruleset irc
http
13 lines Yeah : 1.3
profile none summary
tarball 19 of 36
11 of 36 24ce67bd7b
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

11:36:00 Win2K-f 69.216.119.227 (AMERITECH.NET):
PPPOX POOL - RBACK5 SFLDMI,
DETROIT, MICHIGAN, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:42:00 WinXP 67.150.14.212 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

11:48:00 WinXP 149.225.78.33 (UU.NET):
VERIZON DEUTSCHLAND GMBH,
DORTMUND, NORDRHEIN-WESTFALEN, DE. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 34 of 36 8763cfd08c
NEW none[none] none:none
none|none none none

T:11:48:00 WinXP 173.16.128.165 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b7082104e4
[Firefox:222 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

12:05:00 WinXP 67.87.216.193 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BRONX, NEW YORK, US. 115.126.2.121:65520 US:microsoft.com
US:download.microsoft.com
:wpad
:proxim.ircgalaxy.pl
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
102 lines Yeah : 1.8
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

12:15:00 Win2K-f 65.27.194.90 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:15:00 WinXP 77.254.156.17 (COM.PL):
NETIA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2881209768
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

T:12:17:00 Win2K-f 24.195.234.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:18:00 WinXP 79.163.178.254 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 5 hits: 10-21 to 10-24] none[none] none:none
none|none none none

T:12:23:00 WinXP 24.144.43.115 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru
:makemegood24.com
:4ecfc.makemegood24.com
:aaakemegood24.com
:perfectchoice1.com
:559ef.perfectchoice1.com
:bparfectchoice1.com
DE:cash-ddt.net
DE:5e650.cash-ddt.net
:ccaah-ddt.net
:ddr-cash.net
:6c2e5.ddr-cash.net
:dddracash.net
:trn-cash.net
:78606.trn-cash.net
:etrn-aash.net 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox: 8 hits: 10-11 to 10-24] none[none] none:none
none|none none none

12:25:00 WinXP 195.167.65.109 (-):
44 KIFISIAS STR,
ATHENS, ATTIKI, GR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 445 pcap raw alerts
ruleset irc
http
11 lines Yeah : 0.8
profile none summary
tarball 0 of 33 e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] e07c29c4ae [1] ASM:Graph
FSG| lines=92 trace

12:26:00 Win2K-f 68.147.41.25 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:26:00 WinXP 89.186.159.32 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 7c31576ae8
NEW none[none] none:none
none|none none none

T:12:29:00 WinXP 92.47.130.125 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:29 hits: 10-05 to 10-24] none[none] none:none
none|none none none

T:12:29:00 WinXP 4.231.83.96 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:494 hits: 01-05 to 10-22] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

12:42:00 WinXP 24.67.131.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COURTENAY, BRITISH COLUMBIA, CA. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 3 hits: 10-20 to 10-24] none[none] none:none
none|none none none

12:47:00 Win2K-f 122.53.29.49 (PLDT.NET):
IPG,
PH. 67.43.236.98:1863 CA:xx.enterhere.biz
CA:zonetech.info
US:130.107.132.222:25043 135 pcap raw alerts
ruleset irc
http
372 lines Yeah : 1.8
profile none summary
tarball 20 of 36
22 of 36
21 of 36
33 of 36
10 of 36 0635f8d411
NEW
1868867d02
[Firefox: 3 hits: 09-29 to 10-04]
3e01fb69e1
[Firefox: 4 hits: 09-29 to 10-09]
9a91c94adf
NEW
c025f08a76
[Firefox: 7 hits: 09-15 to 10-04] none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

T:12:48:00 Win2K-f 68.75.16.245 (AMERITECH.NET):
PPPOX POOL RBACK4.WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:56:00 Win2K-f 70.183.63.227 (COX.NET):
COX COMMUNICATIONS INC,
NEWPORT BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:12:00 Win2K-f 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

13:20:00 WinXP 208.127.8.51 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a :done.blacktiehsbdcs.com
CA:dong.nagitiriheiwu.net 135 pcap raw alerts
ruleset irc
http
222 lines Yeah : 1.3
profile none summary
tarball 19 of 36
26 of 32 03d5bf43b7
[Firefox: 3 hits: 09-18 to 10-12]
5aeb9abc92
[Firefox:15 hits: 07-15 to 09-22] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

13:29:00 WinXP 79.163.51.132 (-):
IDEA,
PL. n/a :proxim.ircgalaxy.pl
115.126.2.121:80 445 pcap raw alerts
ruleset shell
ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d2e0c1f039
NEW none[none] none:none
none|none none none

13:31:00 Win2K-f 24.69.81.185 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PRINCE GEORGE, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
223 lines Yeah : 1.3
profile none summary
tarball 32 of 36
33 of 36
0 of 32 090753e602
[Firefox: 2 hits: 10-09 to 10-15]
79595a71bb
[Firefox: 2 hits: 10-09 to 10-15]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:13:44:00 WinXP 99.147.64.212 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b7082104e4
[Firefox:222 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

T:13:54:00 WinXP 76.175.6.160 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru
US:lia.zanet.net
RU:irc.tsk.ru
:gaspode.zanet.org.za 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 492957db81
[Firefox:26 hits: 01-01 to 10-22] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

13:54:00 WinXP 89.195.71.4 (-):
ORANGE,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 fd113df0bb
NEW none[none] none:none
none|none none none

T:13:55:00 WinXP 82.225.252.117 (PROXAD.NET):
PROXAD / FREE SAS,
BOULOGNE-BILLANCOURT, ILE-DE-FRANCE, FR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
irc
14 lines Yeah : 1.3
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 4 hits: 10-11 to 10-21] none[none] none:none
none|none none none

T:13:57:00 WinXP 12.218.183.243 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
COLUMBUS, GEORGIA, US. n/a RU:moscow-advokat.ru
EU:gaz-prom.ru
:washington.dc.us.undernet.org
:flanders.be.eu.undernet.org
NO:london.uk.eu.undernet.org
:los-angeles.ca.us.undernet.org
:caen.fr.eu.undernet.org
:irc.kar.net
RU:irc.tsk.ru
:brussels.be.eu.undernet.org
US:lia.zanet.net
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d175bad0e6
[Firefox: 7 hits: 04-05 to 10-03] dfb15f5463 [0] ASM:Graph
tElock| lines=81
embedded dns trace

T:13:59:00 WinXP 222.147.227.85 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:622 hits: 01-01 to 10-24] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:14:08:00 Win2K-f 172.130.143.52 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
132 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33
0 of 32 0474b4b09f
[Firefox: 7 hits: 09-24 to 10-15]
1c3210698a
[Firefox: 9 hits: 07-13 to 10-16]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

14:11:00 Win2K-f 76.87.208.17 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

14:11:00 WinXP 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
57ce4acac2
[Firefox:289 hits: 06-17 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:14:11:00 WinXP 89.41.89.52 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. n/a RU:moscow-advokat.ru
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net
SE:ozbytes.dal.net
NO:london.uk.eu.undernet.org
SE:broadway.ny.us.dal.net
:brussels.be.eu.undernet.org
SE:vancouver.dal.net
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
SE:viking.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 0dc5ca8f7c
NEW none[none] none:none
none|none none none

14:13:00 WinXP 65.173.141.167 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1373 hits: 12-31 to 10-24] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:17:00 WinXP 87.205.161.131 (INETIA.PL):
INTERNETIA,
PL. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2c681f443c
NEW none[none] none:none
none|none none none

14:31:00 WinXP 93.177.131.188 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:13 hits: 10-03 to 10-21] none[none] none:none
none|none none none

T:14:31:00 WinXP 93.177.131.188 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:13 hits: 10-03 to 10-21] none[none] none:none
none|none none none

14:43:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:00:00 WinXP 78.183.206.140 (MAXONCORP.COM):
TELEKOM,
TR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 f63e70fa11
NEW none[none] none:none
none|none none none

T:15:00:00 WinXP 78.183.206.140 (MAXONCORP.COM):
TELEKOM,
TR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f63e70fa11
NEW none[none] none:none
none|none none none

15:07:00 WinXP 200.165.206.93 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a9801d22e5
NEW none[none] none:none
none|none none none

T:15:08:00 WinXP 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b7082104e4
[Firefox:222 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

15:18:00 WinXP 78.27.251.101 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:24 hits: 10-08 to 10-24] none[none] none:none
none|none none none

T:15:22:00 WinXP 75.138.55.159 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:19 hits: 10-01 to 10-24] none[none] none:none
none|none none none

T:15:27:00 WinXP 88.86.29.131 (HOST-213-178-245-10.ALOOLA.SY):
SCS-NET IS AN ISP BASED IN DAMASCUS SYRIA,
AMMAN, 'AMMAN, JO. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 fa97468a59
NEW none[none] none:none
none|none none none

15:38:00 WinXP 24.79.139.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 35 a0e3d7e4d9
NEW none[none] none:none
none|none none none

T:15:45:00 WinXP 76.168.41.1 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WEST HOLLYWOOD, CALIFORNIA, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

15:46:00 WinXP 68.144.206.155 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 34 of 36 644ab77c01
[Firefox: 2 hits: 10-21 to 10-24] none[none] none:none
none|none none none

T:15:47:00 WinXP 68.144.206.155 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 644ab77c01
[Firefox: 2 hits: 10-21 to 10-24] none[none] none:none
none|none none none

T:15:50:00 Win2K-f 24.80.178.213 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 32
2 of 32 607b60ad51
[Firefox:42 hits: 06-20 to 10-22]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24]
e5c7bce70e
[Firefox:40 hits: 06-20 to 10-22] none[4]
b5919931fe[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
ASProtect|
Armadillo| none
lines=90
lines=81 trace
trace
trace

T:15:57:00 WinXP 213.22.223.95 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 f75c383301
[Firefox: 2 hits: 10-21 to 10-22] none[none] none:none
none|none none none

16:08:00 WinXP 66.66.190.91 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROCHESTER, NEW YORK, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:11:00 WinXP 24.79.165.72 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SPRUCE GROVE, ALBERTA, CA. (DSL) 115.126.2.121:65520 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 33 of 35 32ada0c750
NEW none[none] none:none
none|none none none

T:16:13:00 WinXP 201.21.140.125 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 c159f58da5
NEW none[none] none:none
none|none none none

16:16:00 WinXP 75.49.187.236 (-):
SECURITY & SPY,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
181 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:38:00 Win2K-f 24.76.12.222 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.115:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 0115338c8b
[Firefox:21 hits: 09-12 to 10-22]
321f4fc27d
[Firefox:21 hits: 09-12 to 10-22] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:17:04:00 WinXP 4.131.74.1 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c8b86ec020
[Firefox: 2 hits: 10-13 to 10-23] none[none] none:none
none|none none none

T:17:13:00 Win2K-f 4.185.96.66 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
100 lines Yeah : 1.3
profile none summary
tarball 35 of 36
30 of 36
0 of 32 2ce489b91a
[Firefox: 3 hits: 10-06 to 10-08]
2f1ec86326
[Firefox: 3 hits: 10-06 to 10-08]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

17:16:00 WinXP 24.144.22.97 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox: 8 hits: 10-11 to 10-24] none[none] none:none
none|none none none

T:17:16:00 WinXP 24.144.22.97 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox: 8 hits: 10-11 to 10-24] none[none] none:none
none|none none none

17:27:00 WinXP 24.164.122.49 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SHELBY, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 135 pcap raw alerts
ruleset http
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b7082104e4
[Firefox:222 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

17:27:00 WinXP 170.51.59.169 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 4 hits: 10-20 to 10-24] none[none] none:none
none|none none none

T:17:28:00 WinXP 170.51.59.169 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 4 hits: 10-20 to 10-24] none[none] none:none
none|none none none

T:17:40:00 WinXP 201.21.140.186 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 523a1e7bc6
NEW none[none] none:none
none|none none none

T:17:41:00 WinXP 115.129.11.68 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 e12a3ae2f6
NEW none[none] none:none
none|none none none

17:51:00 WinXP 38.105.177.145 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32 3cd7958258
[Firefox:33 hits: 06-17 to 10-20]
41efedf70f
[Firefox:32 hits: 06-19 to 10-20] none[4]
41efedf70f[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

17:52:00 WinXP 98.26.220.51 (-):
. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 445 pcap raw alerts
ruleset http
http
http
http
39 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:587 hits: 01-01 to 10-21] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

17:59:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com 135 pcap raw alerts
ruleset other
229 lines Yeah : 1.8
profile none summary
tarball 32 of 33 fe22b8315f
[Firefox:11 hits: 06-19 to 10-14] none[4] none:none
StarForce| none trace

T:18:07:00 WinXP 217.201.149.195 (-):
TELECOM ITALIA MOBILE,
FIRENZE, TOSCANA, IT. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:24 hits: 10-08 to 10-24] none[none] none:none
none|none none none

18:10:00 WinXP 87.78.192.167 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 3 hits: 10-20 to 10-24] none[none] none:none
none|none none none

18:11:00 WinXP 121.254.124.46 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.8
profile none summary
tarball 34 of 36 555fd0d0b3
NEW none[none] none:none
none|none none none

18:12:00 Win2K-f 58.230.192.35 (-):
THRUNET-INFRA-SEOUL03,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
136 lines Yeah : 1.8
profile none summary
tarball 27 of 33
31 of 33 1951eee0cd
[Firefox:14 hits: 06-18 to 10-07]
e5e0dbde57
[Firefox:14 hits: 06-18 to 10-07] 1951eee0cd [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:18:23:00 Win2K-f 210.181.101.73 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset http
irc
116 lines Yeah : 1.8
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:172 hits: 06-17 to 10-22]
4c3df24b32
[Firefox:223 hits: 06-17 to 10-20] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:33:00 Win2K-f 71.168.202.99 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LAWRENCEVILLE, NEW JERSEY, US. 115.126.2.121:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
http
12 lines Yeah : 0.8
profile none summary
tarball 19 of 36
11 of 36 0880ac4e91
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:35:00 Win2K-f 66.65.189.181 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MT. VERNON, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:38:00 Win2K-f 24.67.47.91 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 30 of 34
32 of 34 13a5c7ce0d
NEW
54c19812f4
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:52:00 Win2K-f 24.84.122.141 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LANGLEY, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 23 of 35
32 of 35 2e75f19bd1
NEW
4ab13a6a34
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:58:00 WinXP 70.44.150.17 (PTD.NET):
PENTELEDATA INC. - CABLE,
PALMERTON, PENNSYLVANIA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 35 d959ee26ee
NEW none[none] none:none
none|none none none

T:19:03:00 Win2K-f 71.188.0.43 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LAWRENCEVILLE, NEW JERSEY, US. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 445 pcap raw alerts
ruleset irc
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:05:00 WinXP 70.182.31.42 (COX.NET):
COX COMMUNICATIONS,
SILOAM SPRINGS, ARKANSAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:19:06:00 WinXP 186.9.132.105 (-):
. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 f665a37b6c
[Firefox: 2 hits: 10-13 to 10-21] none[none] none:none
none|none none none

19:11:00 WinXP 24.46.153.75 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
HARRISON, NEW YORK, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

19:14:00 WinXP 4.91.96.195 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 135 pcap raw alerts
ruleset http
104 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:19:30:00 WinXP 70.70.54.71 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none 13003605cc
[Firefox: 6 hits: 09-15 to 10-21] none[none] none:none
none|none none none

19:39:00 Win2K-f 63.28.58.157 (UU.NET):
UUNET TECHNOLOGIES INC,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:45:00 WinXP 189.49.167.153 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 8ae2cc2e80
[Firefox: 6 hits: 01-01 to 07-17] c24ca14cda [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:45:00 WinXP 189.49.167.153 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 8ae2cc2e80
[Firefox: 6 hits: 01-01 to 07-17] c24ca14cda [0] ASM:Graph
PolyEnE| lines=68 trace

19:49:00 Win2K-f 75.16.254.18 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

19:54:00 Win2K-f 173.16.128.165 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24]
b7082104e4
[Firefox:222 hits: 06-18 to 10-24] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

T:19:56:00 Win2K-f 69.105.170.168 (PACBELL.NET):
PPPOX POOL - RBACK3.IRVNCA,
LOS ANGELES, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:58:00 WinXP 60.56.96.86 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:494 hits: 01-05 to 10-22] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

20:04:00 WinXP 66.8.206.169 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1fcc146d70
[Firefox:60 hits: 01-02 to 10-20] 258fafe892 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:07:00 Win2K-f 124.195.153.195 (-):
. n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:24:00 Win2K-f 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:26:00 WinXP 208.105.171.240 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 f665a37b6c
[Firefox: 2 hits: 10-13 to 10-21] none[none] none:none
none|none none none

T:20:26:00 WinXP 208.105.171.240 (-):
. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 f665a37b6c
[Firefox: 2 hits: 10-13 to 10-21] none[none] none:none
none|none none none

T:20:32:00 WinXP 66.217.47.60 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:775 hits: 12-31 to 10-24] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:20:38:00 WinXP 173.16.103.39 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
a08f3b74a4
[Firefox:1200 hits: 06-18 to 10-24] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:39:00 WinXP 68.149.93.69 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox:15 hits: 08-06 to 10-24] none[none] none:none
none|none none none

20:41:00 WinXP 89.147.73.20 (RUBICOM.HU):
RUBICOM,
HU. 115.126.2.121:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
:proxim.ircgalaxy.pl
US:do-make-progress.com
:xpas-2009.com
:wpad 139 pcap raw alerts
ruleset irc
http
32 lines Yeah : 1.3
profile none summary
tarball 19 of 36
11 of 36 3eea510551
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:20:41:00 Win2K-f 89.147.73.20 (RUBICOM.HU):
RUBICOM,
HU. 115.126.2.121:65520 :lolika.cn
:www.upononjob.cn
:mulfika.cn 139 pcap raw alerts
ruleset http
irc
29 lines Yeah : 1.3
profile none summary
tarball 19 of 36
33 of 36
11 of 36 30c5e9623e
NEW
979a715ca3
NEW
fb8f82fcb3
[Firefox: 2 hits: 10-24 to 10-24] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

20:47:00 WinXP 70.71.245.157 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:56:00 Win2K-f 64.22.252.74 (SPRINGNET.NET):
NET VISION COMMUNICATIONS,
NIXA, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:56:00 WinXP 61.220.201.220 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
57ce4acac2
[Firefox:289 hits: 06-17 to 10-24] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:00:00 WinXP 61.155.20.168 (-):
SUZHOU-DATONG-TECHNOLOGY-CORP,
SUZHOU, JIANGSU, CN. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:289 hits: 06-17 to 10-24] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

21:15:00 Win2K-f 66.184.74.82 (LDMI.COM):
TALK AMERICA,
DETROIT, MICHIGAN, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
132 lines Yeah : 1.8
profile none summary
tarball 32 of 33
30 of 33
0 of 32 3690b64ca2
[Firefox: 8 hits: 06-18 to 10-21]
a6fb77fd26
[Firefox: 8 hits: 06-18 to 10-21]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
a6fb77fd26[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
Armadillo|
ASProtect| none
lines=82
lines=90 trace
trace
trace

T:21:16:00 WinXP 116.59.35.134 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 7e86aea473
NEW none[none] none:none
none|none none none

T:21:22:00 WinXP 92.47.137.201 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 4 hits: 10-20 to 10-24] none[none] none:none
none|none none none

T:21:28:00 WinXP 70.184.240.103 (COX.NET):
COX COMMUNICATIONS,
FALLS CHURCH, VIRGINIA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
130 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33
0 of 33 87e1117f2a
[Firefox:19 hits: 07-18 to 10-22]
b4fe4581c3
[Firefox:19 hits: 07-18 to 10-22]
e07c29c4ae
[Firefox:680 hits: 06-19 to 10-24] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

21:45:00 WinXP 87.70.125.40 (012.NET.IL):
GOLDEN LINES INTERNATIONAL COMMUNICATION SERVICES LTD,
IL. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
[Firefox:26 hits: 01-01 to 10-22] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

21:47:00 Win2K-f 70.168.15.160 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:31:00 WinXP 24.69.231.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WHITE ROCK SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80 135 pcap raw alerts
ruleset http
229 lines Yeah : 1.3
profile none summary
tarball 32 of 36
33 of 36 090753e602
[Firefox: 2 hits: 10-09 to 10-15]
79595a71bb
[Firefox: 2 hits: 10-09 to 10-15] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

22:37:00 Win2K-f 97.90.136.66 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:54:00 WinXP 98.132.175.169 (-):
ALLTEL SIP CUSTOMERS - CHARLOTTE,
MATTHEWS, NORTH CAROLINA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox:18 hits: 09-14 to 10-24] none[none] none:none
none|none none none

22:54:00 WinXP 98.132.175.169 (-):
ALLTEL SIP CUSTOMERS - CHARLOTTE,
MATTHEWS, NORTH CAROLINA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox:18 hits: 09-14 to 10-24] none[none] none:none
none|none none none

22:57:00 Win2K-f 70.68.8.151 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 34 of 36
31 of 35 372ee1f2e4
NEW
60d78c9f99
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:02:00 WinXP 144.134.21.76 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:06:00 Win2K-f 172.130.143.52 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
134 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33
0 of 32 0474b4b09f
[Firefox: 7 hits: 09-24 to 10-15]
1c3210698a
[Firefox: 9 hits: 07-13 to 10-16]
b5919931fe
[Firefox:913 hits: 06-20 to 10-24] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:23:19:00 Win2K-f 70.60.205.20 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAYETTEVILLE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:23:00 Win2K-f 172.129.3.126 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
128 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:34:00 Win2K-f 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24]
73f1082158
[Firefox:1649 hits: 06-18 to 10-24] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:38:00 Win2K-f 125.4.4.106 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
[Firefox:23 hits: 06-19 to 10-18]
53bfe15e91
[Firefox:3338 hits: 06-17 to 10-24] 07fabc79ef [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

23:41:00 WinXP 130.13.70.16 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 4d9fda377d
NEW none[none] none:none
none|none none none

T:23:41:00 WinXP 130.13.70.16 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 33 of 36 4d9fda377d
NEW none[none] none:none
none|none none none