Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

26 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:18:00 Win2K-f 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
57ce4acac2
[Firefox:293 hits: 06-17 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

00:27:00 WinXP 85.122.70.65 (RNC.RO):
RNC,
RO. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:783 hits: 12-31 to 10-25] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:00:27:00 WinXP 85.122.70.65 (RNC.RO):
RNC,
RO. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:783 hits: 12-31 to 10-25] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

00:28:00 WinXP 144.134.21.76 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

00:42:00 WinXP 80.219.147.66 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
7 lines Yeah : 1.3
profile none summary
tarball 35 of 36 451a3eb15f
NEW none[none] none:none
none|none none none

00:50:00 Win2K-f 24.79.159.241 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
108 lines Yeah : 1.8
profile none summary
tarball none
3 of 36 05b1ed9c9c
[Firefox: 7 hits: 09-22 to 10-24]
34b47bb59e
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

00:52:00 WinXP 79.163.32.50 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

01:00:00 Win2K-f 4.190.219.8 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BILLINGS, MONTANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:06:00 Win2K-f 163.203.132.119 (VIP-ZA.COM):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. 115.126.2.121:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
17 lines Yeah : 1.3
profile none summary
tarball 20 of 36
11 of 36 34d4418878
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

01:07:00 WinXP 89.32.216.161 (-):
SC MONDO-BYTE SRL,
IASI, IASI, RO. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 93a84a5dba
NEW none[none] none:none
none|none none none

T:01:08:00 WinXP 89.32.216.161 (-):
SC MONDO-BYTE SRL,
IASI, IASI, RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 35 93a84a5dba
NEW none[none] none:none
none|none none none

T:01:16:00 WinXP 67.49.149.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:783 hits: 12-31 to 10-25] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

01:17:00 WinXP 67.49.149.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. n/a RU:moscow-advokat.ru
US:lia.zanet.net
SE:viking.dal.net
NL:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
:brussels.be.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:ced.dal.net
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:783 hits: 12-31 to 10-25] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

01:27:00 Win2K-f 92.8.189.108 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 115.126.2.121:65520
115.126.2.121:65520 445 pcap raw alerts
ruleset irc
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:28:00 WinXP 83.213.139.44 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:31 hits: 10-05 to 10-25] none[none] none:none
none|none none none

T:01:28:00 Win2K-f 84.59.180.179 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) n/a GB:doiluc.com 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 1 of 36 793252c597
[Firefox: 2 hits: 10-25 to 10-25] none[none] none:none
none|none none none

01:29:00 WinXP 83.213.139.44 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:31 hits: 10-05 to 10-25] none[none] none:none
none|none none none

01:35:00 WinXP 79.163.204.59 (-):
IDEA,
PL. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d2e0c1f039
[Firefox: 3 hits: 10-25 to 10-25] none[none] none:none
none|none none none

T:01:35:00 WinXP 212.106.20.150 (POLBOX.PL):
POLBOX,
PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 d9a4f2f314
[Firefox: 8 hits: 09-29 to 10-15] none[none] none:none
none|none none none

T:01:51:00 WinXP 218.173.131.103 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 632e315db2
[Firefox:24 hits: 10-03 to 10-25] none[none] none:none
none|none none none

T:02:10:00 WinXP 71.111.181.50 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ALOHA, OREGON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:02:10:00 WinXP 82.207.19.255 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN KIEV,
UA. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

02:31:00 Win2K-f 221.125.73.167 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 33 of 34 c50e298b27
NEW none[none] none:none
none|none none none

T:02:33:00 Win2K-f 79.114.147.94 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox: 8 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:02:34:00 WinXP 58.127.48.239 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:13 hits: 07-29 to 10-20] none[none] none:none
none|none none none

02:35:00 WinXP 78.96.71.14 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox: 4 hits: 09-26 to 10-22] none[none] none:none
none|none none none

02:36:00 Win2K-f 218.51.14.115 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 49c4551858
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

02:36:00 WinXP 94.191.157.97 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:783 hits: 12-31 to 10-25] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:02:37:00 Win2K-f 61.224.41.219 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox: 8 hits: 08-15 to 10-22] none[none] none:none
none|none none none

02:37:00 Win2K-f 58.230.126.111 (-):
THRUNET-INFRA-SEOUL01,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 36 347daa99f9
NEW none[none] none:none
none|none none none

T:02:37:00 WinXP 217.68.170.88 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c79a964184
NEW none[none] none:none
none|none none none

T:02:38:00 Win2K-f 84.237.168.244 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a269837231
NEW none[none] none:none
none|none none none

02:38:00 Win2K-f 58.78.252.79 (-):
POW-HFC-POHANG-KYUNGJU,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:39:00 WinXP 58.121.221.242 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:02:41:00 WinXP 203.130.184.77 (-):
TAEGU NAMSAN 4-DONG JUNG-GU DAEGU,
TAEGU, KYONGSANG-BUKTO, KR. 63.173.172.98:6668 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 139 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.3
profile none summary
tarball 34 of 36 052ac5379e
NEW none[none] none:none
none|none none none

02:41:00 WinXP 116.123.196.117 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 d4bfcf7542
NEW none[none] none:none
none|none none none

02:43:00 WinXP 79.163.120.147 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:52:00 Win2K-f 218.191.92.37 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 4 hits: 10-20 to 10-22] none[none] none:none
none|none none none

T:03:00:00 Win2K-f 83.113.13.230 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d2af6753cc
NEW none[none] none:none
none|none none none

T:03:03:00 WinXP 115.138.64.27 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:05:00 Win2K-f 88.187.209.247 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 17e0d9aa63
NEW none[none] none:none
none|none none none

T:03:05:00 Win2K-f 218.50.85.166 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 33 of 35 00113a60ab
NEW none[none] none:none
none|none none none

03:08:00 WinXP 85.67.95.70 (-):
FIBERNET,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

03:12:00 WinXP 119.149.48.113 (-):
. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 d473e07dae
NEW none[none] none:none
none|none none none

03:15:00 Win2K-f 218.51.27.251 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ba7fe3559a
NEW none[none] none:none
none|none none none

03:17:00 WinXP 88.173.97.102 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
NEW none[none] none:none
none|none none none

03:19:00 WinXP 88.31.222.181 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cd712316e7
NEW none[none] none:none
none|none none none

T:03:23:00 Win2K-f 78.97.58.141 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

03:27:00 WinXP 88.160.80.204 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 29 of 36 74c6c141d8
[Firefox:10 hits: 08-02 to 10-22] none[none] none:none
none|none none none

T:03:29:00 WinXP 81.9.71.94 (ELLINK.RU):
NORTH-WEST TELECOM MULTISERVICE NETWORK,
RU. (DIAL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 7 hits: 10-20 to 10-25] none[none] none:none
none|none none none

T:03:31:00 WinXP 115.138.105.37 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 36 b00c01eb97
NEW none[none] none:none
none|none none none

T:03:35:00 WinXP 78.131.118.108 (-):
EMKTV HATVAN DOCSIS,
HU. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:16 hits: 08-15 to 10-22] none[none] none:none
none|none none none

03:37:00 WinXP 219.248.94.45 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e02434faef
NEW none[none] none:none
none|none none none

03:38:00 Win2K-f 212.8.36.246 (ZSSM.ZP.UA):
ZAPOROZHYE,
UA. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:03:39:00 WinXP 83.215.83.214 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 b724b621a2
NEW none[none] none:none
none|none none none

03:40:00 Win2K-f 83.215.12.162 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
[Firefox: 7 hits: 09-26 to 10-25] none[none] none:none
none|none none none

03:40:00 Win2K-f 211.108.31.127 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 36 347daa99f9
NEW none[none] none:none
none|none none none

T:03:44:00 WinXP 24.85.10.213 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

03:46:00 Win2K-f 218.39.127.138 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox: 8 hits: 08-15 to 10-22] none[none] none:none
none|none none none

03:51:00 WinXP 221.124.132.29 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox: 4 hits: 09-26 to 10-22] none[none] none:none
none|none none none

03:53:00 WinXP 90.3.203.80 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:16 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:03:53:00 Win2K-f 58.81.239.45 (UCOM.NE.JP):
N-KG,
JP. (100Mbps) 63.173.172.98:6668 135 pcap raw alerts
ruleset irc
334 lines Yeah : 1.8
profile none summary
tarball 33 of 36 6b9f54dd8b
NEW none[none] none:none
none|none none none

T:03:55:00 Win2K-f 119.65.104.129 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:12:00 WinXP 88.118.96.110 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
LT. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:14:00 WinXP 151.67.224.85 (38-151.NET24.IT):
IUNET-BNET,
IT. 194.54.90.246:80 UA:citi-bank.ru
:adult-empire.com 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

04:16:00 WinXP 211.208.141.119 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:04:18:00 WinXP 211.25.135.159 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:17 hits: 07-29 to 10-22] none[none] none:none
none|none none none

04:18:00 Win2K-f 211.189.223.182 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 115.126.2.121:65520 :proxima.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
http
51 lines Yeah : 1.3
profile none summary
tarball 35 of 36
19 of 36
5 of 36
11 of 36 4264cb2c1c
NEW
d8625f1b40
NEW
f9b0e06f76
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:04:31:00 Win2K-f 221.125.136.180 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 b724b621a2
NEW none[none] none:none
none|none none none

T:04:32:00 WinXP 83.215.4.20 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox: 7 hits: 08-15 to 10-22] none[none] none:none
none|none none none

04:34:00 Win2K-f 85.67.128.222 (-):
FIBERNET,
HU. 115.126.2.121:65520
115.126.2.121:65520 139 pcap raw alerts
ruleset irc
7 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:35:00 Win2K-f 78.96.237.205 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:04:37:00 Win2K-f 79.175.201.238 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6667 63.173.172.98:6668
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 5 hits: 09-26 to 10-22] none[none] none:none
none|none none none

04:42:00 Win2K-f 89.137.238.254 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

04:43:00 WinXP 211.75.64.197 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f24bd35aa7
NEW none[none] none:none
none|none none none

04:46:00 WinXP 85.152.149.121 (CM-85-152-150-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:47:00 Win2K-f 78.184.227.95 (MAXONCORP.COM):
TELEKOM,
TR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox: 8 hits: 08-15 to 10-22] none[none] none:none
none|none none none

04:47:00 WinXP 85.67.116.93 (-):
FIBERNET,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
NEW none[none] none:none
none|none none none

04:51:00 WinXP 82.194.153.202 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:53:00 WinXP 70.68.152.29 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:80 135 pcap raw alerts
ruleset http
127 lines Yeah : 1.3
profile none summary
tarball 33 of 36
34 of 36
0 of 33 0bf027644c
NEW
197a2b61fa
NEW
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:04:58:00 WinXP 212.8.36.246 (ZSSM.ZP.UA):
ZAPOROZHYE,
UA. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:05:00:00 WinXP 124.104.118.237 (PLDT.NET):
JNEC7300I01_CONSUMER,
PH. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a5afc0a19a
NEW none[none] none:none
none|none none none

T:05:00:00 Win2K-f 85.186.112.164 (-):
ASTRAL HR GHEORGHIENI,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 c3be2ee601
NEW none[none] none:none
none|none none none

T:05:00:00 Win2K-f 88.242.165.92 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

05:14:00 Win2K-f 76.252.46.78 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:110 hits: 07-13 to 09-26] none[none] none:none
none|none none none

05:16:00 Win2K-f 89.136.20.231 (-):
ASTRAL ALBA IULIA,
RO. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 918355cad9
NEW none[none] none:none
none|none none none

05:20:00 WinXP 221.124.49.42 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:05:21:00 WinXP 219.251.52.193 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 30 of 35 885d9d9090
NEW none[none] none:none
none|none none none

T:05:26:00 Win2K-f 85.67.96.18 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 ca172c3868
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

T:05:26:00 Win2K-f 89.122.128.131 (PLATINUMGROUP.RO):
ARTELECOM,
RO. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:12 hits: 08-15 to 10-22] none[none] none:none
none|none none none

05:27:00 Win2K-f 221.140.212.14 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:21 hits: 08-01 to 10-22] none[none] none:none
none|none none none

05:31:00 Win2K-f 79.175.201.238 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 5 hits: 09-26 to 10-22] none[none] none:none
none|none none none

05:35:00 WinXP 88.242.165.92 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. (DSL) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

05:36:00 Win2K-f 83.215.17.56 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:110 hits: 07-13 to 09-26] none[none] none:none
none|none none none

05:37:00 WinXP 211.108.245.177 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.3
profile none summary
tarball 24 of 36 174161e938
NEW none[none] none:none
none|none none none

T:05:45:00 Win2K-f 58.231.59.250 (-):
THRUNET-INFRA-SEOUL05,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 af782db102
NEW none[none] none:none
none|none none none

T:05:46:00 Win2K-f 89.136.34.203 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 e7801a316b
NEW none[none] none:none
none|none none none

05:49:00 WinXP 85.186.121.71 (-):
ASTRAL BACAU CPE,
BACAU, BACAU, RO. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
NEW none[none] none:none
none|none none none

T:05:50:00 WinXP 221.124.132.29 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox: 4 hits: 09-26 to 10-22] none[none] none:none
none|none none none

05:56:00 WinXP 58.226.80.45 (HANANET.NET):
HANARO TELECOM INC,
KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:kidfitnesstv.com
:www.google.com
:www.upononjob.cn
:mulfika.cn
:clients1.google.com
US:do-make-progress.com
:wpad
:xpas-2009.com
US:192.221.99.124:80
US:216.195.58.158:80 135 pcap raw alerts
ruleset irc
http
159 lines Yeah : 1.8
profile none summary
tarball 17 of 36
30 of 33
31 of 33
11 of 36 10e3e89519
NEW
2ef9098242
[Firefox: 4 hits: 07-05 to 10-15]
d789c8d157
[Firefox: 5 hits: 07-05 to 09-29]
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:05:57:00 WinXP 70.61.180.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HEBRON, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

05:57:00 Win2K-f 58.121.225.70 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 89d021262b
[Firefox:13 hits: 07-29 to 10-20] none[none] none:none
none|none none none

06:00:00 Win2K-f 88.175.33.110 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 21 of 36 bdff5268e2
NEW none[none] none:none
none|none none none

T:06:06:00 WinXP 124.60.163.141 (-):
POWERCOM,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:17 hits: 07-29 to 10-22] none[none] none:none
none|none none none

T:06:22:00 WinXP 79.163.190.85 (-):
IDEA,
PL. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 9 hits: 10-21 to 10-25] none[none] none:none
none|none none none

T:06:26:00 WinXP 211.178.133.24 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
78 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:21 hits: 08-01 to 10-22] none[none] none:none
none|none none none

06:26:00 WinXP 85.186.92.112 (-):
ROAD TRANS SRL,
RO. (100Mbps) 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
79 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 4 hits: 10-20 to 10-22] none[none] none:none
none|none none none

T:06:28:00 Win2K-f 119.149.48.113 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 d473e07dae
NEW none[none] none:none
none|none none none

T:06:28:00 Win2K-f 84.112.101.60 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

06:34:00 Win2K-f 58.70.115.25 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:12 hits: 07-29 to 10-22] none[none] none:none
none|none none none

06:40:00 WinXP 122.19.146.13 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:626 hits: 01-01 to 10-25] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:06:41:00 WinXP 85.67.101.174 (-):
FIBERNET,
HU. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 7 hits: 10-20 to 10-22] none[none] none:none
none|none none none

06:42:00 Win2K-f 221.124.96.195 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

06:43:00 WinXP 217.203.215.233 (-):
TELECOM ITALIA MOBILE,
IT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 8 hits: 10-11 to 10-25] none[none] none:none
none|none none none

T:06:46:00 WinXP 221.124.49.42 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

06:51:00 Win2K-f 78.131.118.108 (-):
EMKTV HATVAN DOCSIS,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:16 hits: 08-15 to 10-22] none[none] none:none
none|none none none

07:01:00 Win2K-f 98.25.111.137 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:01:00 Win2K-f 63.25.202.15 (UU.NET):
UUNET TECHNOLOGIES INC,
LOUISVILLE, KENTUCKY, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:07:08:00 Win2K-f 80.219.221.3 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 35 d0266569e1
NEW none[none] none:none
none|none none none

07:19:00 WinXP 82.233.59.206 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a DE:siliconfireware.ru
:wpad
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 34 of 36 966bc384e0
NEW none[none] none:none
none|none none none

T:07:20:00 Win2K-f 130.13.230.38 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 72.10.172.218:2938 CA:japan.youngpeyatech.info 139 pcap raw alerts
ruleset ftp
irc
http
21 lines Yeah : 1.3
profile none summary
tarball 19 of 36
28 of 30 03d5bf43b7
[Firefox: 4 hits: 09-18 to 10-25]
2aa59ba425
[Firefox:10 hits: 02-10 to 09-13] none[none]
2aa59ba425[1] none:none
ASM:Graph
none|none
ASPack| none
lines=10 none
trace

07:22:00 Win2K-f 130.13.230.38 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 30 2aa59ba425
[Firefox:10 hits: 02-10 to 09-13] 2aa59ba425 [1] ASM:Graph
ASPack| lines=10 trace

07:25:00 Win2K-f 82.236.6.44 (PROXAD.NET):
PROXAD / FREE SAS,
GENK, LIMBURG, BE. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 815c36f1db
NEW none[none] none:none
none|none none none

07:25:00 Win2K-f 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

07:33:00 WinXP 213.22.134.178 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
BRAGA, BRAGA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 8df76b0d35
NEW none[none] none:none
none|none none none

T:07:33:00 WinXP 213.22.134.178 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
BRAGA, BRAGA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 8df76b0d35
NEW none[none] none:none
none|none none none

T:07:41:00 Win2K-f 86.52.9.78 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
ÅRHUS, ARHUS, DK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:10 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:07:46:00 WinXP 77.44.153.163 (HOST-213-178-230-63.ALOOLA.SY):
SYRIAN COMPUTER SOCIETY SCS,
SY. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:286 hits: 01-01 to 10-22] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:07:48:00 WinXP 200.114.32.228 (INTERCABLE.NET.CO):
TV CABLE PROMISION S.A,
BUCARAMANGA, SANTANDER, CO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 163daa6b71
NEW none[none] none:none
none|none none none

07:54:00 Win2K-f 62.178.32.56 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 34 f042156709
NEW none[none] none:none
none|none none none

08:06:00 WinXP 201.76.240.121 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 eca9a5fa95
[Firefox:53 hits: 08-09 to 10-20] none[none] none:none
none|none none none

T:08:07:00 Win2K-f 211.108.245.177 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 24 of 36 174161e938
NEW none[none] none:none
none|none none none

08:08:00 WinXP 79.163.131.67 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:08:15:00 Win2K-f 97.90.136.66 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:205.128.70.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:19:00 WinXP 204.193.208.65 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 4 hits: 10-21 to 10-25] none[none] none:none
none|none none none

T:08:22:00 WinXP 217.201.15.55 (-):
TELECOM ITALIA MOBILE,
IT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
12 lines Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 8 hits: 10-11 to 10-25] none[none] none:none
none|none none none

08:26:00 Win2K-f 211.108.53.189 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:08:31:00 WinXP 4.245.179.163 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HARTFORD, CONNECTICUT, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:33:00 Win2K-f 218.45.122.154 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
URAWA, SAITAMA, JP. (DSL) n/a 135 pcap raw alerts
ruleset other
656 lines Yeah : 1.3
profile none summary
tarball 33 of 36 53d79e5f62
NEW none[none] none:none
none|none none none

08:37:00 Win2K-f 84.112.101.60 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

08:39:00 WinXP 70.184.102.222 (COX.NET):
COX COMMUNICATIONS,
CHANDLER, ARIZONA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:kidfitnesstv.com
:www.google.com
:www.upononjob.cn
:mulfika.cn
:clients1.google.com
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.121:65520
US:192.221.99.124:80 135 pcap raw alerts
ruleset http
irc
142 lines Yeah : 1.8
profile none summary
tarball 0 of 33
11 of 36 e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25]
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] e07c29c4ae [1]
none [none] ASM:Graph
none:none
FSG|
none|none lines=92
none trace
none

T:08:43:00 WinXP 85.139.210.195 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:187 hits: 01-01 to 10-22] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

08:53:00 WinXP 122.214.36.11 (UCOM.NE.JP):
G-ST0060N,
JP. (100Mbps) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:17 hits: 07-29 to 10-22] none[none] none:none
none|none none none

T:08:53:00 Win2K-f 78.96.237.205 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox: 6 hits: 09-26 to 10-22] none[none] none:none
none|none none none

T:08:56:00 WinXP 61.195.227.242 (OCT-NET.NE.JP):
OITA CABLE TELECOM CO .LTD,
JP. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 36 8bf93712cb
NEW none[none] none:none
none|none none none

08:59:00 WinXP 85.67.96.178 (-):
FIBERNET,
HU. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox: 9 hits: 09-26 to 10-22] none[none] none:none
none|none none none

09:02:00 Win2K-f 88.222.181.174 (-):
KAUNAS MEGANET AREA16 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:10 hits: 08-01 to 10-22] none[none] none:none
none|none none none

T:09:04:00 WinXP 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset irc
http
137 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33
0 of 33 87e1117f2a
[Firefox:21 hits: 07-18 to 10-25]
b4fe4581c3
[Firefox:21 hits: 07-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:09:10:00 WinXP 85.24.201.108 (BAHNHOF.SE):
PRIVATE CUSTOMERS IN KISTA,
KISTA, STOCKHOLM, SE. n/a RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
NL:london.uk.eu.undernet.org
NL:diemen.nl.eu.undernet.org
AT:graz.at.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:26 hits: 10-08 to 10-25] none[none] none:none
none|none none none

09:17:00 Win2K-f 116.232.80.172 (163DATA.COM.CN):
CHINANET SHANGHAI PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 fe92f5afc8
NEW none[none] none:none
none|none none none

09:24:00 WinXP 59.103.90.211 (-):
. 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f6d85ed867
NEW none[none] none:none
none|none none none

09:26:00 WinXP 76.188.46.116 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW PHILADELPHIA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.124:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:09:26:00 WinXP 83.221.71.210 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
6 lines Yeah : 1.3
profile none summary
tarball 34 of 36 703ad78900
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

09:26:00 WinXP 83.221.71.210 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 703ad78900
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

09:28:00 Win2K-f 85.67.101.174 (-):
FIBERNET,
HU. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox: 7 hits: 10-20 to 10-22] none[none] none:none
none|none none none

T:09:28:00 WinXP 70.182.83.78 (COX.NET):
COX COMMUNICATIONS,
MUSKOGEE, OKLAHOMA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:kidfitnesstv.com
:www.upononjob.cn
:mulfika.cn
:www.google.com
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
137 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33
17 of 36
11 of 36 87e1117f2a
[Firefox:21 hits: 07-18 to 10-25]
b4fe4581c3
[Firefox:21 hits: 07-18 to 10-25]
e2b55cb2a5
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:09:35:00 Win2K-f 89.137.238.254 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

T:09:40:00 WinXP 155.239.188.25 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:47:00 WinXP 88.246.51.147 (TTNET.NET.TR):
TT ADSL-METEKSAN DINAMIK_ACI,
IZMIR, IZMIR, TR. (DSL) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:17 hits: 07-29 to 10-22] none[none] none:none
none|none none none

09:48:00 Win2K-f 116.123.40.113 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.99.126:80
US:205.128.70.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset irc
96 lines Yeah : 1.8
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:173 hits: 06-17 to 10-25]
4c3df24b32
[Firefox:225 hits: 06-17 to 10-25] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:58:00 WinXP 87.247.94.40 (-):
MIKROVISATA,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 8 hits: 10-07 to 10-25] none[none] none:none
none|none none none

T:09:59:00 WinXP 87.247.94.40 (-):
MIKROVISATA,
LT. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 8 hits: 10-07 to 10-25] none[none] none:none
none|none none none

T:10:00:00 WinXP 88.28.97.118 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 f63e70fa11
[Firefox: 3 hits: 10-22 to 10-25] none[none] none:none
none|none none none

10:03:00 Win2K-f 71.168.202.41 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LAWRENCEVILLE, NEW JERSEY, US. 115.126.2.121:65520 :proxima.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset irc
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:04:00 Win2K-f 221.125.207.66 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox: 7 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:10:14:00 WinXP 208.126.11.15 (NETINS.NET):
ROCKWELL COOPERATIVE TELEPHONE ASSN,
SUTHERLAND, IOWA, US. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
24 lines Yeah : 1.3
profile none summary
tarball 34 of 36 644ab77c01
[Firefox: 4 hits: 10-21 to 10-25] none[none] none:none
none|none none none

10:27:00 WinXP 77.57.201.211 (SOLPA.NET):
CABLECOM,
CH. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 9317ee6f77
NEW none[none] none:none
none|none none none

T:10:28:00 Win2K-f 72.0.181.234 (BENDBROADBAND.COM):
BEND CABLE COMMUNICATIONS LLC,
BEND, OREGON, US. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:36:00 Win2K-f 219.111.113.147 (DY.BBEXCITE.JP):
INTERNET INITIATIVE JAPAN INC,
JP. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:110 hits: 07-13 to 09-26] none[none] none:none
none|none none none

10:44:00 WinXP 196.20.167.50 (-):
MAURITIUS TELECOM,
MU. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
NEW none[none] none:none
none|none none none

T:10:46:00 WinXP 212.106.19.244 (POLBOX.PL):
POLBOX,
PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 d9a4f2f314
[Firefox: 8 hits: 09-29 to 10-15] none[none] none:none
none|none none none

T:10:49:00 Win2K-f 88.110.77.249 (AS9105.COM):
TISCALI UK LTD,
UK. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 139 pcap raw alerts
ruleset irc
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 78590eaad8
NEW none[none] none:none
none|none none none

T:10:49:00 Win2K-f 66.88.98.162 (XO.NET):
XO COMMUNICATIONS,
HOLLYWOOD, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

10:49:00 Win2K-f 88.110.77.249 (AS9105.COM):
TISCALI UK LTD,
UK. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520 139 pcap raw alerts
ruleset irc
http
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36
17 of 36
11 of 36 78590eaad8
NEW
c74b1e14f7
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

10:49:00 Win2K-f 75.36.121.141 (SBCGLOBAL.NET):
IRIS MFG INC,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
75 lines Yeah : 1.3
profile none summary
tarball 1 of 33
33 of 33 4ca3056804
[Firefox: 7 hits: 06-18 to 10-16]
53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25] 4ca3056804 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

10:50:00 WinXP 201.252.122.209 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:35 hits: 09-17 to 10-25] none[none] none:none
none|none none none

10:52:00 WinXP 92.40.201.218 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
115.126.2.121:80 445 pcap raw alerts
ruleset http
irc
79 lines Yeah : 0.8
profile none summary
tarball 30 of 32 7a393628ea
[Firefox: 8 hits: 05-12 to 10-12] none[4] none:none
ASProtect| none trace

T:10:53:00 WinXP 70.167.73.201 (COX.NET):
COX COMMUNICATIONS,
VINCENNES, INDIANA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:10:56:00 WinXP 76.236.155.12 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:111 hits: 01-14 to 10-24] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:11:00:00 WinXP 92.40.201.218 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
115.126.2.121:80 445 pcap raw alerts
ruleset http
irc
9 lines Yeah : 0.8
profile none summary
tarball 30 of 32 7a393628ea
[Firefox: 8 hits: 05-12 to 10-12] none[4] none:none
ASProtect| none trace

11:01:00 WinXP 24.174.13.12 (CARRERACOMMUNICATIONS.NET):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
:wpad
RU:195.200.213.54:80 445 pcap raw alerts
ruleset http
http
http
19 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:589 hits: 01-01 to 10-25] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

11:06:00 Win2K-f 70.248.127.149 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.54:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:13:00 Win2K-f 88.111.155.57 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520 139 pcap raw alerts
ruleset irc
http
36 lines Yeah : 1.3
profile none summary
tarball 17 of 36
33 of 36
11 of 36 0306573a9e
NEW
78590eaad8
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

11:14:00 Win2K-f 88.111.155.57 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 139 pcap raw alerts
ruleset irc
5 lines Yeah : 1.3
profile none summary
tarball 33 of 36 78590eaad8
NEW none[none] none:none
none|none none none

T:11:15:00 WinXP 217.21.44.188 (CONDOR.UNICA.BY):
UNICA-BRANCH OF ZAO KLEMENS,
MINSK, MINSK, BY. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:483 hits: 12-31 to 10-25] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:11:32:00 WinXP 87.116.207.93 (TNP.PL):
BROADBAND_SERVICES,
PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 32 5818023061
[Firefox: 5 hits: 01-03 to 04-01] a227e5e49d [0] ASM:Graph
PolyEnE| lines=68 trace

11:42:00 WinXP 72.0.181.234 (BENDBROADBAND.COM):
BEND CABLE COMMUNICATIONS LLC,
BEND, OREGON, US. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball 22 of 36 df7421daba
NEW none[none] none:none
none|none none none

T:11:53:00 WinXP 85.102.163.12 (TTNET.NET.TR):
TURK TELEKOM ADSL-DYNAMIC,
ANKARA, ANKARA, TR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f63e70fa11
[Firefox: 3 hits: 10-22 to 10-25] none[none] none:none
none|none none none

12:01:00 Win2K-f 89.137.183.238 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

12:04:00 WinXP 69.198.129.61 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:12:07:00 WinXP 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

12:13:00 WinXP 78.63.156.15 (ZEBRA.LT):
LIETUVOS,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 4 hits: 10-14 to 10-25] none[none] none:none
none|none none none

T:12:13:00 WinXP 78.63.156.15 (ZEBRA.LT):
LIETUVOS,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 4 hits: 10-14 to 10-25] none[none] none:none
none|none none none

12:14:00 Win2K-f 211.108.94.219 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 89d021262b
[Firefox:13 hits: 07-29 to 10-20] none[none] none:none
none|none none none

12:22:00 WinXP 117.99.45.97 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:25:00 WinXP 117.99.45.97 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
4 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

12:29:00 WinXP 64.187.32.140 (PORCHLIGHT.CA):
PORCHLIGHT.CA,
KITCHENER, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
68 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
b7082104e4
[Firefox:227 hits: 06-18 to 10-25] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

12:33:00 WinXP 170.51.135.113 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 32 23c6886399
[Firefox: 5 hits: 06-03 to 06-11] none[4] none:none
PolyEnE| none trace

T:12:37:00 WinXP 85.122.43.144 (RNC.RO):
RNC,
RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:38:00 WinXP 87.247.114.61 (INTURBO.LT):
OPTICAL RESIDENT CLIENT POOL,
LT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

12:43:00 Win2K-f 70.64.191.42 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 14a7f9598a
NEW
348b47e27f
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

12:49:00 WinXP 96.10.88.124 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

12:55:00 WinXP 88.170.100.76 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bf9f26628c
[Firefox: 2 hits: 10-11 to 10-22] none[none] none:none
none|none none none

12:55:00 WinXP 172.129.200.71 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:12:56:00 WinXP 88.170.100.76 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bf9f26628c
[Firefox: 2 hits: 10-11 to 10-22] none[none] none:none
none|none none none

T:13:20:00 WinXP 89.152.112.249 (-):
TVCABO PORTUGAL S.A,
LISBON, LISBOA, PT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:26:00 WinXP 24.166.30.173 (RR.COM):
ROAD RUNNER HOLDCO LLC,
INDIANAPOLIS, INDIANA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
DE:212.227.111.29:80 445 pcap raw alerts
ruleset http
http
http
http
33 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:589 hits: 01-01 to 10-25] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

13:27:00 WinXP 84.247.3.78 (JUMP.RO):
SC AZURE SOFTWARE SRL,
BUCHAREST, BUCURESTI, RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1eeecc1925
NEW none[none] none:none
none|none none none

T:13:37:00 WinXP 70.64.143.93 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
6 lines Yeah : 1.3
profile none summary
tarball 34 of 36 644ab77c01
[Firefox: 4 hits: 10-21 to 10-25] none[none] none:none
none|none none none

T:13:37:00 WinXP 170.51.56.59 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:kidfitnesstv.com
:www.upononjob.cn
:www.google.com
:mulfika.cn
:clients1.google.com
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
27 lines Yeah : 1.3
profile none summary
tarball 17 of 36
35 of 36
11 of 36 1e971c31b3
NEW
f17f896658
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

13:37:00 Win2K-f 64.228.36.171 (BELL.CA):
SYMPATICO,
TORONTO, ONTARIO, CA. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:49:00 WinXP 211.133.27.119 (INFOWEB.NE.JP):
INFOWEB-CIDR-BLK,
FUKUOKA, FUKUOKA, JP. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
40 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:589 hits: 01-01 to 10-25] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:13:50:00 WinXP 208.105.186.90 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:51:00 WinXP 217.203.202.188 (-):
TELECOM ITALIA MOBILE,
IT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox: 8 hits: 10-11 to 10-25] none[none] none:none
none|none none none

T:13:56:00 Win2K-f 4.174.230.106 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BERWICK, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
175 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:10:00 WinXP 4.190.221.51 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BILLINGS, MONTANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
67 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
b7082104e4
[Firefox:227 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

14:16:00 WinXP 64.38.67.153 (SPEAKEASY.NET):
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 45d3b6bd28
[Firefox: 3 hits: 10-15 to 10-24] none[none] none:none
none|none none none

14:25:00 WinXP 85.139.107.228 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
OEIRAS, LISBOA, PT. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 77ae91b868
NEW none[none] none:none
none|none none none

T:14:31:00 Win2K-f 116.126.249.246 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520
US:192.221.99.124:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
irc
121 lines Yeah : 1.8
profile none summary
tarball 30 of 33
0 of 32
2 of 35
17 of 36
11 of 36 6ec2a8994b
[Firefox:28 hits: 06-18 to 10-21]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25]
bcf66a38c8
[Firefox:15 hits: 07-30 to 10-21]
d8e2d7be44
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[4]
b5919931fe[1]
none [none]
none [none]
none [none] none:none
ASM:Graph
none:none
none:none
none:none
tElock|
ASProtect|
none|none
none|none
none|none none
lines=90
none
none
none trace
trace
none
none
none

14:45:00 WinXP 72.131.81.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BROOKFIELD, WISCONSIN, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1381 hits: 12-31 to 10-25] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:46:00 WinXP 212.205.245.128 (OTENET.GR):
MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS,
ATHENS, ATTIKI, GR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:180 hits: 01-08 to 10-25] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:14:50:00 Win2K-f 80.196.58.110 (PAISDN.TELE.DK):
LOCAL ASSIGNMENTS FOR PROACCESS ISDN,
ROSKILDE, ROSKILDE, DK. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 445 pcap raw alerts
ruleset irc
http
29 lines Yeah : 1.3
profile none summary
tarball 0 of 32 b5919931fe
[Firefox:945 hits: 06-20 to 10-25] b5919931fe [1] ASM:Graph
ASProtect| lines=90 trace

15:05:00 Win2K-f 211.108.53.189 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox: 7 hits: 09-26 to 10-22] none[none] none:none
none|none none none

15:07:00 WinXP 92.41.66.57 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
115.126.2.121:80 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 28 of 35 e8c16bf1e2
NEW none[none] none:none
none|none none none

15:14:00 WinXP 203.184.0.103 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
HAMILTON, WAIKATO, NZ. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:111 hits: 01-14 to 10-24] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

15:17:00 WinXP 78.84.153.178 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:483 hits: 12-31 to 10-25] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:15:21:00 WinXP 87.78.195.240 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 5 hits: 10-20 to 10-25] none[none] none:none
none|none none none

T:15:24:00 WinXP 75.136.128.72 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
259 lines Yeah : 1.3
profile none summary
tarball 32 of 36 51a7bd0673
NEW none[none] none:none
none|none none none

15:36:00 WinXP 74.75.234.232 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

15:42:00 WinXP 151.20.70.137 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
MILANO, LOMBARDIA, IT. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:496 hits: 01-05 to 10-25] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:15:44:00 WinXP 156.17.240.10 (WROC.PL):
THE NETWORK COVERS WHOLE WROCLAW AREA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 5 hits: 10-20 to 10-25] none[none] none:none
none|none none none

T:15:51:00 Win2K-f 4.142.213.232 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
123 lines Yeah : 1.8
profile none summary
tarball none
32 of 33 470e7533c6
[Firefox: 3 hits: 06-27 to 08-26]
9b5f91cb49
[Firefox: 3 hits: 06-27 to 08-26] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:52:00 WinXP 92.41.238.146 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 2b78d6647e
NEW none[none] none:none
none|none none none

T:15:52:00 WinXP 41.234.226.201 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 cebccf0ff8
NEW none[none] none:none
none|none none none

T:15:59:00 WinXP 122.19.146.13 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:626 hits: 01-01 to 10-25] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:16:03:00 WinXP 70.44.239.5 (PTD.NET):
PENTELEDATA INC. - CABLE,
DINGMANS FERRY, PENNSYLVANIA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:35 hits: 09-17 to 10-25] none[none] none:none
none|none none none

16:05:00 WinXP 204.193.215.19 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 4 hits: 10-21 to 10-25] none[none] none:none
none|none none none

T:16:08:00 Win2K-f 70.68.20.125 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
212 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 6ea2758c07
[Firefox: 6 hits: 10-07 to 10-25]
d4406c307b
[Firefox: 6 hits: 10-07 to 10-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

16:10:00 Win2K-f 208.105.186.90 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:16:11:00 Win2K-f 186.9.101.142 (-):
. 115.126.2.121:65520 445 pcap raw alerts
ruleset irc
28 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:12:00 WinXP 68.74.68.201 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:12:00 WinXP 4.131.77.205 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 30 of 33 9d77b4ca8e
[Firefox: 3 hits: 06-29 to 10-04] none[none] none:none
none|none none none

T:16:23:00 WinXP 82.250.158.145 (PROXAD.NET):
PROXAD / FREE SAS,
METZ, NANTERRE, FR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5d7c7f2ec8
NEW none[none] none:none
none|none none none

16:32:00 WinXP 88.31.160.242 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5b0f6c4959
NEW none[none] none:none
none|none none none

T:16:34:00 WinXP 203.184.8.32 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
AUCKLAND, AUCKLAND, NZ. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:111 hits: 01-14 to 10-24] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

16:45:00 WinXP 165.29.122.82 (AR.US):
ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK,
MONTICELLO, ARKANSAS, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox: 3 hits: 10-10 to 10-25] none[none] none:none
none|none none none

T:16:48:00 WinXP 68.151.52.88 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 92ff7d574b
NEW none[none] none:none
none|none none none

T:16:57:00 WinXP 89.195.194.185 (-):
ORANGE,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 491fef3335
NEW none[none] none:none
none|none none none

T:17:05:00 WinXP 130.13.75.3 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 4d9fda377d
[Firefox: 3 hits: 10-22 to 10-25] none[none] none:none
none|none none none

17:07:00 WinXP 190.137.170.207 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:35 hits: 09-17 to 10-25] none[none] none:none
none|none none none

T:17:07:00 WinXP 190.137.170.207 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:35 hits: 09-17 to 10-25] none[none] none:none
none|none none none

17:10:00 WinXP 96.15.41.117 (-):
. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox: 4 hits: 10-20 to 10-21] none[none] none:none
none|none none none

17:26:00 WinXP 65.37.11.1 (FRONTIERNET.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
ROCHESTER, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:17:41:00 WinXP 201.221.113.121 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:20 hits: 10-01 to 10-25] none[none] none:none
none|none none none

17:47:00 WinXP 24.66.205.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
21 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f24bd35aa7
NEW none[none] none:none
none|none none none

T:17:47:00 WinXP 24.66.205.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f24bd35aa7
NEW none[none] none:none
none|none none none

17:53:00 WinXP 96.15.77.198 (-):
. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 93d35be1d1
[Firefox: 2 hits: 09-27 to 09-27] none[none] none:none
none|none none none

18:05:00 Win2K-f 173.16.103.39 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:4.23.60.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:06:00 WinXP 210.221.46.98 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.96.126:80
US:4.23.60.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset irc
126 lines Yeah : 1.8
profile none summary
tarball 30 of 33
32 of 33 0a2b1894da
[Firefox:10 hits: 06-26 to 10-13]
414b95a784
[Firefox:10 hits: 06-26 to 10-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:23:00 Win2K-f 98.140.229.179 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:26:00 Win2K-f 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:28:00 Win2K-f 140.239.201.214 (XO.NET):
XO COMMUNICATIONS,
BOSTON, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
79c01ec060
[Firefox:56 hits: 06-18 to 10-25] 73f1082158 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

18:30:00 WinXP 64.138.243.161 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:32:00 Win2K-f 64.138.243.161 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:39:00 WinXP 85.96.168.169 (TTNET.NET.TR):
ADSL-ALC-ULUS-DYNAMIC POOL,
ANKARA, ANKARA, TR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f63e70fa11
[Firefox: 3 hits: 10-22 to 10-25] none[none] none:none
none|none none none

18:40:00 WinXP 24.80.178.213 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:43 hits: 06-20 to 10-25]
e5c7bce70e
[Firefox:41 hits: 06-20 to 10-25] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:42:00 WinXP 4.252.211.1 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:44:00 WinXP 24.67.29.61 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

18:55:00 Win2K-f 68.148.10.29 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a CA:dirty.eiheihre3.com 135 pcap raw alerts
ruleset irc
http
532 lines Yeah : 1.3
profile none summary
tarball 19 of 36
36 of 36 03d5bf43b7
[Firefox: 4 hits: 09-18 to 10-25]
99bfd6101e
[Firefox: 2 hits: 09-19 to 10-10] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:42:00 Win2K-f 98.174.0.4 (-):
. n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:1677 hits: 06-18 to 10-25] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

T:19:44:00 WinXP 4.171.180.235 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GAINESVILLE, FLORIDA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:04:00 WinXP 66.52.226.231 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SEATTLE, WASHINGTON, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 36 e71c2759e0
NEW none[none] none:none
none|none none none

20:27:00 WinXP 4.229.195.9 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LANSING, MICHIGAN, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.46.126:80
US:208.111.148.254:80
US:208.111.153.231:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:28:00 WinXP 122.146.82.66 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:33:00 WinXP 59.104.2.212 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 e6234a8ecc
NEW none[none] none:none
none|none none none

20:38:00 Win2K-f 74.204.64.132 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:39:00 Win2K-f 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80 135 pcap raw alerts
ruleset irc
124 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 33 686d4ca67b
[Firefox:12 hits: 07-08 to 10-20]
b7e379b157
[Firefox:11 hits: 07-08 to 10-20] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

20:56:00 Win2K-f 75.185.186.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.96.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:01:00 Win2K-f 200.222.147.28 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 115.126.2.121:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn 445 pcap raw alerts
ruleset irc
http
29 lines Yeah : 0.8
profile none summary
tarball 17 of 36
11 of 36 56436cbbbd
NEW
fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:20:00 Win2K-f 4.243.29.97 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SALEM, OREGON, US. (DIAL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
:mulfika.cn 135 pcap raw alerts
ruleset irc
http
27 lines Yeah : 1.3
profile none summary
tarball 11 of 36 fb8f82fcb3
[Firefox:11 hits: 10-24 to 10-25] none[none] none:none
none|none none none

21:25:00 Win2K-f 70.119.115.84 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
a08f3b74a4
[Firefox:1218 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:25:00 Win2K-f 4.180.54.116 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KANSAS CITY, MISSOURI, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:21:39:00 Win2K-f 69.77.158.62 (SKYBEST.COM):
SKYBEST COMMUNICATIONS INC,
NEW BERN, NORTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
318 lines Yeah : 1.3
profile none summary
tarball 24 of 36 a98417e0fd
[Firefox: 2 hits: 10-22 to 10-24] none[none] none:none
none|none none none

T:21:48:00 WinXP 140.112.182.197 (NTU.EDU.TW):
TAIWAN ACADEMIC NETWORK,
TAIPEI, T'AI-PEI, TW. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bf9f26628c
[Firefox: 2 hits: 10-11 to 10-22] none[none] none:none
none|none none none

T:21:57:00 WinXP 122.55.112.182 (PLDT.NET):
IPG,
PH. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:175 hits: 01-03 to 10-24] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

21:58:00 Win2K-f 208.105.94.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:20:00 Win2K-f 98.173.193.183 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.49:80
US:208.111.173.51:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:35:00 WinXP 24.189.30.113 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:38:00 WinXP 70.183.161.118 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:22:43:00 Win2K-f 75.34.107.250 (SBCGLOBAL.NET):
MOHSEN KHAZIRI DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
b5919931fe
[Firefox:945 hits: 06-20 to 10-25]
b7082104e4
[Firefox:227 hits: 06-18 to 10-25] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

22:47:00 WinXP 79.163.235.137 (-):
IDEA,
PL. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
21 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:51:00 Win2K-f 4.180.102.151 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TULSA, OKLAHOMA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:04:00 WinXP 60.234.124.20 (ORCON.NET.NZ):
ORCON INTERNET LTD,
AUCKLAND, AUCKLAND, NZ. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 017f3b2704
NEW none[none] none:none
none|none none none

23:05:00 WinXP 60.234.124.20 (ORCON.NET.NZ):
ORCON INTERNET LTD,
AUCKLAND, AUCKLAND, NZ. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
24 lines Yeah : 1.3
profile none summary
tarball 34 of 35 017f3b2704
NEW none[none] none:none
none|none none none

23:18:00 WinXP 99.128.59.193 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
b7082104e4
[Firefox:227 hits: 06-18 to 10-25] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

23:37:00 Win2K-f 203.54.9.15 (TMNS.NET.AU):
TELSTRAINTERNET5,
WAGGA WAGGA, NEW SOUTH WALES, AU. n/a 135 pcap raw alerts
ruleset other
157 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
73f1082158
[Firefox:1677 hits: 06-18 to 10-25] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:49:00 WinXP 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3394 hits: 06-17 to 10-25]
57ce4acac2
[Firefox:293 hits: 06-17 to 10-25]
e07c29c4ae
[Firefox:702 hits: 06-19 to 10-25] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace