Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

28 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:15:00 WinXP 83.223.1.65 (FASTBIT.SE):
FASTBIT,
SE. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 d7f1b62049
NEW none[none] none:none
none|none none none

T:00:17:00 Win2K-f 118.236.214.163 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:114 hits: 07-13 to 10-27] none[none] none:none
none|none none none

00:34:00 WinXP 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.41.124:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32 3cd7958258
[Firefox:34 hits: 06-17 to 10-25]
41efedf70f
[Firefox:33 hits: 06-19 to 10-25] none[4]
41efedf70f[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

00:49:00 WinXP 81.173.135.13 (NETCOLOGNE.DE):
DYNAMIC CABLE MODEM IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 730f3a29f5
NEW none[none] none:none
none|none none none

T:00:49:00 WinXP 81.173.135.13 (NETCOLOGNE.DE):
DYNAMIC CABLE MODEM IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 730f3a29f5
NEW none[none] none:none
none|none none none

T:00:54:00 WinXP 62.147.72.51 (PROXAD.NET):
PROXAD / FREE TELECOM,
GRENOBLE, RHONE-ALPES, FR. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:789 hits: 12-31 to 10-27] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:00:56:00 Win2K-f 64.139.99.92 (NCIDATA.COM):
NCI DATA.COM INC,
BREWSTER, WASHINGTON, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:57:00 WinXP 219.250.183.227 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:228 hits: 06-17 to 10-27]
53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

01:11:00 Win2K-f 116.126.249.246 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
95 lines Yeah : 1.3
profile none summary
tarball 30 of 33
0 of 32
2 of 35 6ec2a8994b
[Firefox:29 hits: 06-18 to 10-26]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27]
bcf66a38c8
[Firefox:16 hits: 07-30 to 10-26] none[4]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
tElock|
ASProtect|
none|none none
lines=90
none trace
trace
none

01:13:00 Win2K-f 65.185.123.119 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:22:00 WinXP 89.41.47.63 (-):
SC WINDMOB SERV SRL,
PLOIESTI, PRAHOVA, RO. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:washington.dc.us.undernet.org
:gaspode.zanet.org.za
:lulea.se.eu.undernet.org
SE:ced.dal.net
SE:viking.dal.net
:caen.fr.eu.undernet.org
US:lia.zanet.net
SE:qis.md.us.dal.net
SE:broadway.ny.us.dal.net
SE:vancouver.dal.net
SE:ozbytes.dal.net
:los-angeles.ca.us.undernet.org
SE:coins.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 91dfbd2049
NEW none[none] none:none
none|none none none

T:01:22:00 WinXP 89.41.47.63 (-):
SC WINDMOB SERV SRL,
PLOIESTI, PRAHOVA, RO. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 91dfbd2049
NEW none[none] none:none
none|none none none

01:42:00 WinXP 99.170.21.97 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

01:52:00 WinXP 70.60.205.20 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAYETTEVILLE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:55:00 Win2K-f 70.77.56.69 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 31 of 32
23 of 33 bca9e0fb5f
[Firefox:38 hits: 06-18 to 10-21]
e53a9ea82e
[Firefox:37 hits: 06-18 to 10-21] none[4]
e53a9ea82e[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

02:05:00 Win2K-f 90.14.225.165 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d2af6753cc
NEW none[none] none:none
none|none none none

02:05:00 Win2K-f 210.233.204.126 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox:24 hits: 06-19 to 09-21]
79c01ec060
[Firefox:58 hits: 06-18 to 10-27] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:02:09:00 WinXP 117.99.4.229 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:28 hits: 10-08 to 10-27] none[none] none:none
none|none none none

T:02:12:00 WinXP 76.87.96.107 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:www.bbin.ru
RU:www.binbank.ru
:wpad
DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
http
31 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:592 hits: 01-01 to 10-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

02:13:00 WinXP 117.99.4.229 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
AT:graz.at.eu.undernet.org
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
NO:london.uk.eu.undernet.org
SE:vancouver.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:28 hits: 10-08 to 10-27] none[none] none:none
none|none none none

02:24:00 WinXP 41.214.165.71 (-):
. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:ozbytes.dal.net
:flanders.be.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 0dc5ca8f7c
NEW none[none] none:none
none|none none none

T:02:30:00 WinXP 92.46.28.255 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 a4654e9d62
NEW none[none] none:none
none|none none none

02:35:00 WinXP 81.198.232.109 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 985b9b9708
[Firefox: 2 hits: 10-25 to 10-27] none[none] none:none
none|none none none

T:02:37:00 WinXP 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a 135 pcap raw alerts
ruleset other
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:04:00 WinXP 203.54.9.161 (TMNS.NET.AU):
TELSTRAINTERNET5,
WAGGA WAGGA, NEW SOUTH WALES, AU. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset http
161 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:17:00 Win2K-f 70.168.8.173 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.45:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:34:00 WinXP 24.59.7.39 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROME, NEW YORK, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
5 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:288 hits: 01-01 to 10-27] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

03:36:00 WinXP 4.252.135.96 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SYCAMORE, ILLINOIS, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1392 hits: 12-31 to 10-27] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:37:00 WinXP 122.131.222.61 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:630 hits: 01-01 to 10-27] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

03:40:00 Win2K-f 89.136.31.82 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 f561c235d5
NEW none[none] none:none
none|none none none

03:40:00 Win2K-f 221.138.225.43 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

T:03:41:00 WinXP 218.235.204.114 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 29f48b8b06
NEW none[none] none:none
none|none none none

03:42:00 WinXP 211.209.19.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 23 of 36 9d5d0ad83c
[Firefox: 5 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:03:42:00 WinXP 8.15.179.243 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox: 9 hits: 10-10 to 10-27] none[none] none:none
none|none none none

T:03:44:00 Win2K-f 121.125.167.176 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox:11 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:03:45:00 WinXP 59.117.182.213 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:03:47:00 Win2K-f 218.51.22.26 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:15 hits: 08-15 to 10-27] none[none] none:none
none|none none none

03:48:00 Win2K-f 221.138.95.28 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0cead190e7
NEW none[none] none:none
none|none none none

T:03:48:00 WinXP 221.138.14.87 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:11 hits: 08-01 to 10-26] none[none] none:none
none|none none none

03:49:00 Win2K-f 85.67.93.237 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
188 lines Yeah : 0.8
profile none summary
tarball 32 of 36 918355cad9
[Firefox: 3 hits: 10-26 to 10-27] none[none] none:none
none|none none none

T:03:53:00 WinXP 61.43.210.170 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 35 7377a34aeb
[Firefox:17 hits: 07-27 to 10-27] none[none] none:none
none|none none none

T:03:55:00 WinXP 218.233.1.97 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 33 of 34 c50e298b27
[Firefox: 2 hits: 10-26 to 10-27] none[none] none:none
none|none none none

T:03:55:00 Win2K-f 85.186.112.72 (-):
ASTRAL HR GHEORGHIENI,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

03:57:00 WinXP 121.53.197.191 (-):
DREAMX,
KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 1942675c3f
NEW none[none] none:none
none|none none none

04:14:00 WinXP 88.118.136.5 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 e1eaf05989
NEW none[none] none:none
none|none none none

04:17:00 Win2K-f 218.37.235.104 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

04:17:00 WinXP 88.181.76.96 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:10 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:04:17:00 WinXP 89.122.217.97 (PLATINUMGROUP.RO):
ARTELECOM,
RO. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:25 hits: 07-13 to 09-27] none[none] none:none
none|none none none

04:19:00 Win2K-f 125.26.122.45 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 34 c50e298b27
[Firefox: 2 hits: 10-26 to 10-27] none[none] none:none
none|none none none

T:04:20:00 WinXP 58.233.122.228 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:04:24:00 WinXP 61.98.11.115 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b84a24bfe7
NEW none[none] none:none
none|none none none

T:04:30:00 WinXP 89.137.124.73 (-):
ASTRAL CLUJ-NAPOCA DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 6 hits: 10-22 to 10-26] none[none] none:none
none|none none none

04:30:00 Win2K-f 78.96.241.7 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
13 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
NEW none[none] none:none
none|none none none

T:04:34:00 Win2K-f 78.96.241.7 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 27 of 35 e019377a4f
NEW none[none] none:none
none|none none none

04:36:00 WinXP 61.4.196.66 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 8e96b2ccbc
NEW none[none] none:none
none|none none none

T:04:39:00 Win2K-f 24.80.184.211 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 15 of 36 f34f803f97
NEW none[none] none:none
none|none none none

T:04:40:00 WinXP 119.148.145.99 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 99797e2b75
[Firefox: 9 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:04:40:00 Win2K-f 58.233.26.122 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox: 7 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:04:40:00 WinXP 218.49.53.4 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3488f7aa0d
NEW none[none] none:none
none|none none none

04:40:00 Win2K-f 211.243.10.75 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

04:42:00 WinXP 213.168.48.146 (-):
JSC NORD-WEST TELECOMMUNICATION AND,
RU. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 2f981a2988
[Firefox: 2 hits: 10-27 to 10-27] none[none] none:none
none|none none none

04:44:00 WinXP 211.212.166.89 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

T:04:45:00 WinXP 213.168.48.146 (-):
JSC NORD-WEST TELECOMMUNICATION AND,
RU. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 2f981a2988
[Firefox: 2 hits: 10-27 to 10-27] none[none] none:none
none|none none none

04:45:00 Win2K-f 85.67.101.174 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:10 hits: 10-20 to 10-27] none[none] none:none
none|none none none

04:47:00 WinXP 115.138.105.37 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 36 d1ab885580
NEW none[none] none:none
none|none none none

04:48:00 Win2K-f 59.117.182.213 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:05:01:00 WinXP 117.97.114.58 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a055b068ba
NEW none[none] none:none
none|none none none

05:13:00 WinXP 88.111.212.20 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

05:14:00 WinXP 118.140.57.138 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:10 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:05:15:00 WinXP 70.183.164.236 (COX.NET):
COX COMMUNICATIONS,
WARWICK, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

05:17:00 Win2K-f 119.148.132.51 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 cc8840e4b7
[Firefox: 3 hits: 10-20 to 10-27] none[none] none:none
none|none none none

T:05:17:00 Win2K-f 78.96.186.241 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 35 3f4f3c33fe
NEW none[none] none:none
none|none none none

05:21:00 Win2K-f 89.122.217.97 (PLATINUMGROUP.RO):
ARTELECOM,
RO. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

05:22:00 WinXP 88.241.133.120 (TTNET.NET.TR):
TT ADSL-ALCATEL DINAMIK_ACI,
ISTANBUL, ISTANBUL, TR. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:05:25:00 WinXP 122.43.104.54 (-):
POWERCOMM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:27:00 WinXP 123.19.194.53 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 27 of 36 5dd4ada1e9
NEW none[none] none:none
none|none none none

T:05:27:00 Win2K-f 123.111.87.35 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox: 9 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:05:31:00 WinXP 221.124.21.238 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:10 hits: 10-20 to 10-27] none[none] none:none
none|none none none

T:05:39:00 WinXP 116.44.101.68 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 36 20fcadb1a8
NEW none[none] none:none
none|none none none

T:05:45:00 WinXP 117.99.56.145 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

05:45:00 WinXP 210.109.72.121 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 50649fc087
[Firefox:13 hits: 07-29 to 10-26] none[none] none:none
none|none none none

05:48:00 Win2K-f 61.195.226.240 (OCT-NET.NE.JP):
OITA CABLE TELECOM CO .LTD,
JP. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:05:49:00 Win2K-f 67.223.137.107 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

05:52:00 Win2K-f 221.124.33.172 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:15 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:05:52:00 Win2K-f 88.161.63.113 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:53:00 WinXP 82.242.154.97 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:10 hits: 10-20 to 10-27] none[none] none:none
none|none none none

05:56:00 Win2K-f 211.49.47.215 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox: 3 hits: 10-21 to 10-21] none[none] none:none
none|none none none

T:05:58:00 WinXP 124.57.17.79 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:00:00 Win2K-f 203.130.184.155 (-):
TAEGU NAMSAN 4-DONG JUNG-GU DAEGU,
TAEGU, KYONGSANG-BUKTO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 052ac5379e
NEW none[none] none:none
none|none none none

T:06:01:00 WinXP 61.20.140.17 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. n/a UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:22 hits: 10-01 to 10-27] none[none] none:none
none|none none none

T:06:07:00 Win2K-f 89.44.93.31 (RDSNET.RO):
SC FANTASY PRODCOM SERV IMPEX SRL,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 e7801a316b
[Firefox: 3 hits: 10-22 to 10-27] none[none] none:none
none|none none none

06:08:00 WinXP 125.224.221.140 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 9 hits: 08-15 to 10-22] none[none] none:none
none|none none none

06:12:00 Win2K-f 211.187.104.196 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:11 hits: 08-01 to 10-26] none[none] none:none
none|none none none

T:06:18:00 WinXP 125.26.125.99 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a537edc44b
[Firefox: 2 hits: 09-26 to 10-20] none[none] none:none
none|none none none

06:19:00 WinXP 211.176.214.235 (HANANET.NET):
HANARO TELECOM INC,
ULAANBAATAR, ULAANBAATAR, MN. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox: 7 hits: 09-26 to 10-26] none[none] none:none
none|none none none

06:20:00 Win2K-f 221.124.96.195 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:12 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:06:22:00 Win2K-f 221.125.210.218 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 35 65429604ff
NEW none[none] none:none
none|none none none

T:06:27:00 WinXP 88.167.56.151 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a RU:moscow-advokat.ru
SE:vancouver.dal.net
:gaspode.zanet.org.za
:flanders.be.eu.undernet.org
SE:ced.dal.net
:lulea.se.eu.undernet.org
NO:london.uk.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
:brussels.be.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:28 hits: 10-08 to 10-27] none[none] none:none
none|none none none

06:28:00 Win2K-f 90.57.199.57 (IKBCC.COM):
IP2000-ADSL-BAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 33 89953ae602
[Firefox: 2 hits: 07-15 to 10-27] none[none] none:none
none|none none none

06:29:00 WinXP 211.202.120.231 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 29 of 36 e457ad96b7
NEW none[none] none:none
none|none none none

06:32:00 Win2K-f 221.126.227.188 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 7377a34aeb
[Firefox:17 hits: 07-27 to 10-27] none[none] none:none
none|none none none

T:06:38:00 WinXP 85.67.51.221 (-):
FIBERNET,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:10 hits: 09-26 to 10-26] none[none] none:none
none|none none none

06:41:00 Win2K-f 221.124.33.233 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 625144cee4
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:06:43:00 WinXP 58.122.202.46 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 32 of 36 3eeb212cb1
[Firefox: 3 hits: 10-22 to 10-27] none[none] none:none
none|none none none

06:48:00 Win2K-f 88.162.82.137 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 36 e739ce19e3
NEW none[none] none:none
none|none none none

T:06:53:00 Win2K-f 88.222.65.11 (-):
KAUNAS MEGANET AREA10 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cc2e3c9b92
NEW none[none] none:none
none|none none none

T:06:55:00 WinXP 79.163.203.62 (-):
IDEA,
PL. n/a :proxim.ircgalaxy.pl
115.126.2.121:80 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d2e0c1f039
[Firefox: 4 hits: 10-25 to 10-26] none[none] none:none
none|none none none

06:56:00 WinXP 68.119.201.107 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a UA:citi-bank.ru
DE:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:22 hits: 10-01 to 10-27] none[none] none:none
none|none none none

T:06:56:00 WinXP 68.119.201.107 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:22 hits: 10-01 to 10-27] none[none] none:none
none|none none none

06:57:00 Win2K-f 82.77.59.88 (RDSNET.RO):
ROMANIA DATA SYSTEMS,
ORADEA, BIHOR, RO. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:07:00 WinXP 88.168.20.250 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox: 4 hits: 10-22 to 10-26] none[none] none:none
none|none none none

T:07:09:00 Win2K-f 61.228.241.179 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:21 hits: 07-29 to 10-26] none[none] none:none
none|none none none

07:10:00 Win2K-f 203.235.71.202 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 049187b72a
NEW none[none] none:none
none|none none none

07:10:00 Win2K-f 89.137.239.79 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 35 ddb8dcfe6a
NEW none[none] none:none
none|none none none

T:07:12:00 WinXP 24.69.96.147 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

07:14:00 WinXP 221.124.129.184 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3f76c545af
NEW none[none] none:none
none|none none none

07:17:00 Win2K-f 85.67.42.224 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

07:19:00 WinXP 116.47.29.160 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball 22 of 36 d71277cc7c
NEW none[none] none:none
none|none none none

T:07:25:00 Win2K-f 211.243.251.143 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
POHANG, CHEJU-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:10 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:07:27:00 Win2K-f 196.208.9.68 (DIAL-UP.NET):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. (DIAL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:33:00 Win2K-f 85.66.2.83 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 d73bdf4a0e
NEW none[none] none:none
none|none none none

T:07:33:00 WinXP 85.66.2.83 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:46:00 Win2K-f 218.238.220.155 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 33b54507d5
[Firefox: 2 hits: 09-26 to 09-26] none[none] none:none
none|none none none

T:07:49:00 Win2K-f 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:04:00 WinXP 124.241.144.82 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.49:80
US:208.111.173.51:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:09:00 Win2K-f 85.67.51.221 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 36 d4e36e88c3
NEW none[none] none:none
none|none none none

T:08:14:00 WinXP 70.184.216.118 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 039d82e2db
NEW none[none] none:none
none|none none none

T:08:14:00 Win2K-f 210.3.156.198 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
NEW none[none] none:none
none|none none none

08:15:00 WinXP 70.184.216.118 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 039d82e2db
NEW none[none] none:none
none|none none none

T:08:19:00 WinXP 88.165.39.66 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

08:21:00 WinXP 86.156.104.116 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:630 hits: 01-01 to 10-27] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

08:22:00 WinXP 79.206.124.151 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:500 hits: 01-05 to 10-27] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:08:26:00 Win2K-f 94.111.75.157 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

08:27:00 Win2K-f 82.127.238.219 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:11 hits: 08-01 to 10-26] none[none] none:none
none|none none none

08:31:00 WinXP 88.165.39.66 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:08:33:00 WinXP 201.212.50.114 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox: 9 hits: 10-10 to 10-27] none[none] none:none
none|none none none

08:33:00 Win2K-f 89.137.143.227 (-):
ASTRAL MANGALIA DOCSIS NETWORK,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 918355cad9
[Firefox: 3 hits: 10-26 to 10-27] none[none] none:none
none|none none none

08:34:00 Win2K-f 79.66.198.29 (AS9105.COM):
TELINCO,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 5a38a2e599
NEW none[none] none:none
none|none none none

T:08:37:00 WinXP 140.239.41.127 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.49:80 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 33 73ce2b74da
[Firefox:26 hits: 06-18 to 10-27]
79c01ec060
[Firefox:58 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] 73ce2b74da [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

08:40:00 WinXP 204.193.212.172 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

T:08:41:00 WinXP 204.193.212.172 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

T:08:43:00 WinXP 210.192.209.189 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:15 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:08:43:00 WinXP 114.45.57.62 (-):
. n/a RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
NL:diemen.nl.eu.undernet.org
SE:coins.dal.net
SE:qis.md.us.dal.net
US:lia.zanet.net
SE:ced.dal.net
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
SE:ozbytes.dal.net
FI:london.uk.eu.undernet.org
:washington.dc.us.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:789 hits: 12-31 to 10-27] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

08:53:00 WinXP 211.108.236.225 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 25 of 36 b0a886c4ab
NEW none[none] none:none
none|none none none

T:08:56:00 Win2K-f 140.239.42.108 (XO.NET):
XO COMMUNICATIONS,
HOPKINTON, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:208.111.173.54:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 73ce2b74da
[Firefox:26 hits: 06-18 to 10-27]
79c01ec060
[Firefox:58 hits: 06-18 to 10-27] 73ce2b74da [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:09:02:00 WinXP 118.7.255.45 (-):
. n/a 445 pcap raw alerts
ruleset shell
2 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:07:00 WinXP 155.239.67.171 (TELKOM-IPNET.CO.ZA):
AFRINIC,
BEDFORDVIEW, GAUTENG, ZA. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:13:00 WinXP 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.50:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:21:00 Win2K-f 67.78.75.159 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. 194.109.11.65:6556 :proxim.ircgalaxy.pl
NL:0x80.online-software.org
NL:0x80.martiansong.com
:0xff.memzero.info
:0x80.my-secure.name
NL:0x80.goingformars.com
NL:0x80.my1x1.com
115.126.2.121:65520 135 pcap raw alerts
ruleset other
260 lines Yeah : 1.8
profile none summary
tarball 35 of 36 4c305d811f
NEW none[none] none:none
none|none none none

T:09:22:00 Win2K-f 89.137.143.227 (-):
ASTRAL MANGALIA DOCSIS NETWORK,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 918355cad9
[Firefox: 3 hits: 10-26 to 10-27] none[none] none:none
none|none none none

09:25:00 WinXP 67.150.173.250 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a EU:siliconfireware.ru
GB:new.egg.com
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
32 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:592 hits: 01-01 to 10-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:09:26:00 WinXP 79.138.212.226 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:789 hits: 12-31 to 10-27] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

09:27:00 WinXP 79.138.212.226 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:viking.dal.net
:los-angeles.ca.us.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:789 hits: 12-31 to 10-27] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:09:29:00 WinXP 124.241.144.82 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.17:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:09:32:00 Win2K-f 58.233.144.188 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 9bb7b69bdf
NEW none[none] none:none
none|none none none

09:34:00 Win2K-f 88.222.160.246 (-):
KAUNAS MEGANET AREA17 NETWORK,
DUBLIN, DUBLIN, IE. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 90fa88eaf0
NEW none[none] none:none
none|none none none

T:09:39:00 WinXP 82.247.251.233 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

09:43:00 Win2K-f 93.80.132.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.109.11.65:1023 194.109.11.65:6556 NL:0x80.my1x1.com
:proxim.ircgalaxy.pl
NL:0x80.online-software.org
115.126.2.121:65520 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:45:00 Win2K-f 210.192.209.189 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:15 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:09:53:00 WinXP 89.33.140.26 (U-NITE.RO):
JUMP NETWORK SERVICES S.R.L,
RO. 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:14 hits: 10-21 to 10-27] none[none] none:none
none|none none none

09:56:00 WinXP 82.225.250.167 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox:12 hits: 10-11 to 10-27] none[none] none:none
none|none none none

T:09:59:00 Win2K-f 123.19.194.53 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 27 of 36 5dd4ada1e9
NEW none[none] none:none
none|none none none

10:08:00 Win2K-f 24.80.184.211 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 16 of 35 a957b6dacf
NEW none[none] none:none
none|none none none

10:09:00 Win2K-f 61.228.241.179 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:21 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:10:10:00 Win2K-f 82.242.21.8 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a :proxim.ircgalaxy.pl
CA:xx.enterhere.biz
:xx.nadnadzz.info
115.126.2.121:65520
CA:67.43.236.98:1863
CA:67.43.236.99:1863 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 4250a21925
NEW none[none] none:none
none|none none none

T:10:12:00 Win2K-f 218.235.133.148 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:13:00 WinXP 85.152.150.83 (CM-85-152-150-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1392 hits: 12-31 to 10-27] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:10:19:00 Win2K-f 88.222.174.111 (-):
KAUNAS MEGANET AREA24 NETWORK,
DUBLIN, DUBLIN, IE. n/a 139 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 32 of 36 cd712316e7
NEW none[none] none:none
none|none none none

10:25:00 Win2K-f 58.233.144.188 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 63.173.172.98:6667
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 9bb7b69bdf
NEW none[none] none:none
none|none none none

10:25:00 WinXP 70.184.179.15 (COX.NET):
COX COMMUNICATIONS,
VIRGINIA BEACH, VIRGINIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 fcd4bae1af
NEW none[none] none:none
none|none none none

T:10:28:00 WinXP 83.36.86.237 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
BARCELONA, CATALUñA, ES. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 d28bf8aa1a
[Firefox:10 hits: 09-12 to 10-15] none[none] none:none
none|none none none

T:10:30:00 WinXP 60.179.163.143 (163DATA.COM.CN):
CHINANET-ZJ NINGBO NODE NETWORK,
NINGBO, ZHEJIANG, CN. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b7ba8daae1
[Firefox: 6 hits: 10-15 to 10-20] none[none] none:none
none|none none none

10:38:00 Win2K-f 88.187.144.131 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ca172c3868
[Firefox: 3 hits: 10-22 to 10-26] none[none] none:none
none|none none none

10:44:00 WinXP 63.28.8.180 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:10:49:00 WinXP 115.83.159.104 (-):
. n/a 135 pcap raw alerts
ruleset other
323 lines Yeah : 1.3
profile none summary
tarball 32 of 36 963d5f92ac
NEW none[none] none:none
none|none none none

10:51:00 WinXP 80.196.58.123 (PAISDN.TELE.DK):
LOCAL ASSIGNMENTS FOR PROACCESS ISDN,
ROSKILDE, ROSKILDE, DK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:16 hits: 10-03 to 10-25] none[none] none:none
none|none none none

10:51:00 Win2K-f 98.175.171.32 (-):
. n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:199.93.44.124:80
US:204.160.126.124:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 35 of 36
0 of 32
32 of 36 430b442da3
[Firefox: 2 hits: 10-10 to 10-25]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27]
bea8cb1865
[Firefox:30 hits: 08-11 to 10-25] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

T:10:52:00 WinXP 217.201.132.55 (-):
TELECOM ITALIA MOBILE,
FIRENZE, TOSCANA, IT. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 733275fd84
NEW none[none] none:none
none|none none none

10:53:00 WinXP 62.248.88.184 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ADANA, ADANA, TR. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
US:lia.zanet.net
SE:ozbytes.dal.net
SE:coins.dal.net
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
SE:viking.dal.net
:gaspode.zanet.org.za
NL:diemen.nl.eu.undernet.org
SE:ced.dal.net
AT:graz.at.eu.undernet.org
:caen.fr.eu.undernet.org
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:29 hits: 02-16 to 10-27] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

T:10:59:00 WinXP 78.88.79.101 (-):
VECTRA TECHNOLOGIE S.A,
PL. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 90dd3476c6
NEW none[none] none:none
none|none none none

11:06:00 Win2K-f 78.131.114.166 (-):
EMKTV HATVAN DOCSIS,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

11:11:00 Win2K-f 88.173.55.165 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 6 hits: 10-20 to 10-26] none[none] none:none
none|none none none

T:11:13:00 WinXP 195.116.178.94 (TPNET.PL):
TPSA,
PL. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 1f8b36b823
NEW none[none] none:none
none|none none none

T:11:15:00 Win2K-f 74.67.48.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

11:27:00 WinXP 85.217.206.12 (201-10.THEZONE.BG):
THE ZONE IP ADDRESS SPACE,
SOFIA, SOFIYA, BG. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 8ccbeb6978
NEW none[none] none:none
none|none none none

11:29:00 WinXP 78.88.79.101 (-):
VECTRA TECHNOLOGIE S.A,
PL. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 90dd3476c6
NEW none[none] none:none
none|none none none

T:11:45:00 WinXP 209.42.150.193 (WISPNET.NET):
WISPNET LLC,
HOPKINSVILLE, KENTUCKY, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

11:59:00 WinXP 218.235.133.148 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

11:59:00 Win2K-f 210.233.204.126 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.174:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox:24 hits: 06-19 to 09-21]
79c01ec060
[Firefox:58 hits: 06-18 to 10-27] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:12:03:00 WinXP 24.181.41.28 (CHARTER.COM):
CHARTER COMMUNICATIONS,
CARROLLTON, GEORGIA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4f1299acc0
[Firefox: 6 hits: 10-07 to 10-25] none[none] none:none
none|none none none

T:12:05:00 Win2K-f 24.76.12.222 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80 135 pcap raw alerts
ruleset http
124 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 0115338c8b
[Firefox:25 hits: 09-12 to 10-27]
321f4fc27d
[Firefox:25 hits: 09-12 to 10-27] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

12:11:00 Win2K-f 89.122.128.131 (PLATINUMGROUP.RO):
ARTELECOM,
RO. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:15 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:12:19:00 Win2K-f 210.209.243.68 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.148.219:80
US:208.111.148.247:80 135 pcap raw alerts
ruleset irc
96 lines Yeah : 1.8
profile none summary
tarball 31 of 33
0 of 33 6f630e7aa2
[Firefox: 5 hits: 06-30 to 09-13]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[none]
a08f3b74a4[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=81 none
trace

12:30:00 WinXP 24.79.146.50 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 63f13fe223
NEW none[none] none:none
none|none none none

T:12:35:00 WinXP 212.144.44.63 (ARCOR-IP.NET):
ARCOR-ONLINE-DSL-POOL,
KEMPEN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:487 hits: 12-31 to 10-27] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:12:41:00 Win2K-f 4.163.192.107 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ELBERT, COLORADO, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:42:00 Win2K-f 84.56.136.147 (ARCOR-IP.NET):
ARCOR-DSL-NET,
STUTTGART, BADEN-WURTTEMBERG, DE. (DSL) 115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 445 pcap raw alerts
ruleset irc
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:47:00 WinXP 81.84.176.132 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
VILA NOVA DE GAIA, PORTO, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d6df3972a0
[Firefox:34 hits: 01-07 to 10-21] 39eeef52a4 [0] ASM:Graph
PolyEnE| lines=65 trace

T:12:49:00 WinXP 79.206.127.61 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:630 hits: 01-01 to 10-27] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:12:54:00 WinXP 212.134.28.54 (EASYNET.CO.UK):
DYNAMIC ADDRESS POOL,
LEEDS, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 30 of 32 bae8dcdf54
[Firefox: 2 hits: 02-21 to 06-29] a5fc06a251 [0] ASM:Graph
tElock| lines=58
embedded dns trace

12:56:00 WinXP 88.176.231.149 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 643a63e7b1
NEW none[none] none:none
none|none none none

12:57:00 WinXP 81.48.1.12 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:21 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:13:02:00 WinXP 74.46.92.236 (FRONTIERNET.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 34 of 35 017f3b2704
[Firefox: 2 hits: 10-26 to 10-26] none[none] none:none
none|none none none

13:03:00 Win2K-f 94.111.75.157 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

13:14:00 WinXP 92.96.127.180 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:184 hits: 01-08 to 10-27] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

13:22:00 Win2K-f 123.212.119.64 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
54 lines Yeah : 1.3
profile none summary
tarball 0 of 33 4c3df24b32
[Firefox:228 hits: 06-17 to 10-27] 4c3df24b32 [1] ASM:Graph
Armadillo| lines=81 trace

13:28:00 WinXP 79.206.127.61 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:630 hits: 01-01 to 10-27] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

13:30:00 WinXP 83.141.137.175 (EVC.NET):
DHCP POOL EVC,
BASEL, BASEL-STADT, CH. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
115.126.2.110:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 71cb531478
NEW none[none] none:none
none|none none none

T:13:30:00 WinXP 83.141.137.175 (EVC.NET):
DHCP POOL EVC,
BASEL, BASEL-STADT, CH. 115.126.2.121:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
US:dreampass.us
:kidfitnesstv.com
:www.upononjob.cn
:mulfika.cn
:www.google.com
:clients1.google.com
US:do-make-progress.com
:antispyware-xp2009.com
:wpad 445 pcap raw alerts
ruleset http
irc
http
http
292 lines Yeah : 1.3
profile none summary
tarball 35 of 36
0 of 36
16 of 36
11 of 36 71cb531478
NEW
b836bbbc36
NEW
d04e4ee840
NEW
fb8f82fcb3
[Firefox:22 hits: 10-24 to 10-26] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:13:30:00 WinXP 85.27.148.81 (1101232.SYDFYNSNET.DK):
IP ADRESSES FOR CONNECTED CUSTOMERS,
DK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1392 hits: 12-31 to 10-27] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

13:31:00 WinXP 65.183.151.137 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
BURLINGTON, VERMONT, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:208.111.173.54:80 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 27e96e9b13
NEW
c48edd55a3
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:33:00 Win2K-f 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:208.111.173.54:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:44:00 WinXP 83.213.139.44 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:34 hits: 10-05 to 10-27] none[none] none:none
none|none none none

T:13:45:00 WinXP 84.247.44.155 (-):
GENIUS NETWORK SYSTEM SRL,
GALATI, GALATI, RO. n/a UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1eeecc1925
[Firefox: 2 hits: 10-25 to 10-26] none[none] none:none
none|none none none

13:50:00 Win2K-f 218.239.26.239 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 94156f67b0
[Firefox: 8 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:13:54:00 Win2K-f 61.195.226.240 (OCT-NET.NE.JP):
OITA CABLE TELECOM CO .LTD,
JP. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:14:03:00 WinXP 83.141.230.118 (-):
ESTVIDEOCOMMUNICATION CABLE & BROADBAND OPERATOR,
STRASBOURG, ALSACE, FR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
11 lines Yeah : 1.3
profile none summary
tarball 34 of 36 8185867a85
NEW none[none] none:none
none|none none none

14:04:00 WinXP 206.82.89.80 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:185 hits: 01-03 to 10-27] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

14:04:00 WinXP 89.137.200.14 (-):
ASTRAL CONSTANTA DOCSIS NETWORK,
CONSTANTA, CONSTANTA, RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:185 hits: 01-03 to 10-27] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:04:00 WinXP 206.82.89.80 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:185 hits: 01-03 to 10-27] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:18:00 WinXP 79.163.131.215 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:22:00 Win2K-f 65.25.107.66 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CANTON, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27]
b7082104e4
[Firefox:234 hits: 06-18 to 10-27] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

T:14:34:00 WinXP 88.251.242.49 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
TR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
NEW none[none] none:none
none|none none none

14:44:00 WinXP 77.47.89.148 (CABLESURF.DE):
KABELFERNSEHEN MUENCHEN SERVICENTER GMBH & CO.KG,
MUNICH, BAYERN, DE. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 d2d0f8db16
NEW none[none] none:none
none|none none none

T:14:50:00 WinXP 69.71.119.40 (SPEAKEASY.NET):
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 32 393d3a40db
[Firefox:14 hits: 02-14 to 10-14] 8a0ff8065a [0] ASM:Graph
PolyEnE| lines=76 trace

T:14:54:00 WinXP 165.29.122.25 (AR.US):
ARKANSAS PUBLIC SCHOOL COMPUTER NETWORK,
MONTICELLO, ARKANSAS, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

14:58:00 WinXP 66.184.21.133 (LDMI.COM):
TALK AMERICA,
RESTON, VIRGINIA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.153.231:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33
0 of 33 3690b64ca2
[Firefox: 9 hits: 06-18 to 10-25]
a6fb77fd26
[Firefox: 9 hits: 06-18 to 10-25]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
a6fb77fd26[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

T:15:00:00 Win2K-f 71.100.160.77 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BRANDON, FLORIDA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

15:02:00 Win2K-f 70.184.153.39 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.153.231:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 0 of 32
32 of 36
35 of 36 b5919931fe
[Firefox:963 hits: 06-20 to 10-27]
bea8cb1865
[Firefox:30 hits: 08-11 to 10-25]
fac78fde16
[Firefox:11 hits: 09-13 to 10-10] b5919931fe [1]
none [none]
none [none] ASM:Graph
none:none
none:none
ASProtect|
none|none
none|none lines=90
none
none trace
none
none

15:03:00 WinXP 24.76.172.201 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
124 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36
0 of 33 0115338c8b
[Firefox:25 hits: 09-12 to 10-27]
321f4fc27d
[Firefox:25 hits: 09-12 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:15:04:00 WinXP 82.217.239.7 (QUICKNET.NL):
CABLE CUSTOMERS - QUICKNET-CUSTOMERS,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0c99fe274d
NEW none[none] none:none
none|none none none

15:23:00 Win2K-f 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 33 87e1117f2a
[Firefox:25 hits: 07-18 to 10-27]
b4fe4581c3
[Firefox:25 hits: 07-18 to 10-27] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:36:00 WinXP 24.79.211.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e2faac2ade
NEW none[none] none:none
none|none none none

T:15:56:00 Win2K-f 81.48.1.12 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:21 hits: 08-15 to 10-27] none[none] none:none
none|none none none

16:19:00 Win2K-f 218.237.183.58 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 9 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:16:22:00 Win2K-f 61.30.11.72 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

16:24:00 Win2K-f 66.211.123.50 (SPEAKEASY.NET):
US. n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:25:00 WinXP 204.193.218.4 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 c198ee4e94
[Firefox: 3 hits: 10-20 to 10-22] none[none] none:none
none|none none none

T:16:25:00 WinXP 204.193.218.4 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 c198ee4e94
[Firefox: 3 hits: 10-20 to 10-22] none[none] none:none
none|none none none

16:31:00 WinXP 207.5.206.66 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:207.123.37.123:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:36:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com
NL:0x80.goingformars.com
NL:0x80.online-software.org
:0xff.memzero.info 135 pcap raw alerts
ruleset other
187 lines Yeah : 1.8
profile none summary
tarball 33 of 33
17 of 36 e30fb27bda
[Firefox:10 hits: 07-07 to 09-27]
fb57f56fcb
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:44:00 WinXP 85.102.160.239 (TTNET.NET.TR):
TURK TELEKOM ADSL-DYNAMIC,
ANKARA, ANKARA, TR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f63e70fa11
[Firefox: 6 hits: 10-22 to 10-26] none[none] none:none
none|none none none

17:06:00 WinXP 75.138.121.178 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:22 hits: 10-01 to 10-27] none[none] none:none
none|none none none

T:17:06:00 WinXP 75.138.121.178 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:22 hits: 10-01 to 10-27] none[none] none:none
none|none none none

17:17:00 WinXP 89.195.130.133 (-):
ORANGE,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 491fef3335
[Firefox: 2 hits: 10-26 to 10-27] none[none] none:none
none|none none none

17:18:00 WinXP 4.244.221.140 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
DE:217.11.54.126:80
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
http
16 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:592 hits: 01-01 to 10-26] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:17:18:00 Win2K-f 65.183.137.81 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
CLOQUET, MINNESOTA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox:24 hits: 06-19 to 09-21]
79c01ec060
[Firefox:58 hits: 06-18 to 10-27] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

17:34:00 Win2K-f 70.64.11.252 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
113 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 1fb1718d64
NEW
8c5ee6d275
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:54:00 WinXP 75.136.141.185 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c91dfdf79a
[Firefox: 3 hits: 10-20 to 10-24] none[none] none:none
none|none none none

18:05:00 WinXP 209.127.208.44 (-):
TELSCAPE COMMUNICATIONS INC,
MONROVIA, CALIFORNIA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.99.126:80
US:204.160.126.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 a8c074e136
[Firefox: 3 hits: 08-21 to 09-29]
fc22cbd605
[Firefox: 3 hits: 08-21 to 09-29] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:14:00 Win2K-f 219.174.36.53 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:207.123.37.125:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:19:00 Win2K-f 98.175.167.206 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.51:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:32:00 Win2K-f 71.64.27.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GROVE CITY, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.41.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:35:00 Win2K-f 24.189.30.113 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:47:00 WinXP 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 33 87e1117f2a
[Firefox:25 hits: 07-18 to 10-27]
b4fe4581c3
[Firefox:25 hits: 07-18 to 10-27] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:50:00 WinXP 60.249.118.241 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
404 lines Yeah : 1.3
profile none summary
tarball 29 of 36 652a0dfc0c
NEW none[none] none:none
none|none none none

T:19:06:00 WinXP 72.174.223.56 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
CEDAR CITY, UTAH, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:28 hits: 10-08 to 10-27] none[none] none:none
none|none none none

19:12:00 WinXP 186.9.36.158 (-):
. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:25:00 WinXP 204.193.215.106 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

T:19:27:00 WinXP 122.146.81.116 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
73f1082158
[Firefox:1724 hits: 06-18 to 10-27] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:31:00 WinXP 208.127.249.233 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:184 hits: 01-08 to 10-27] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

19:44:00 WinXP 220.130.194.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32
0 of 33 57ce4acac2
[Firefox:298 hits: 06-17 to 10-27]
83f26f5044
[Firefox:33 hits: 06-20 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] 57ce4acac2 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

19:46:00 WinXP 87.246.21.47 (MOBIFONIKA.COM):
MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN,
SLIVEN, BURGAS, BG. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 06a5e31b47
NEW none[none] none:none
none|none none none

19:47:00 WinXP 75.16.250.185 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:47:00 WinXP 87.246.21.47 (MOBIFONIKA.COM):
MOBIFONIKA EXTENDED IP ADDRESS SPACE IN SLIVEN,
SLIVEN, BURGAS, BG. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 06a5e31b47
NEW none[none] none:none
none|none none none

20:19:00 WinXP 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

20:22:00 WinXP 200.65.102.77 (PRODIGY.NET.MX):
UNINET S.A. DE C.V,
MEXICO, DISTRITO FEDERAL, MX. n/a :proxima.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 493cf13fab
NEW none[none] none:none
none|none none none

T:20:24:00 Win2K-f 82.242.48.25 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:12 hits: 09-26 to 10-26] none[none] none:none
none|none none none

20:27:00 Win2K-f 220.255.240.164 (SINGNET.COM.SG):
SINGNET PTE LTD,
SINGAPORE, SINGAPORE, SG. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 aec3bf1d58
NEW none[none] none:none
none|none none none

20:30:00 Win2K-f 211.212.226.74 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox: 7 hits: 09-26 to 10-26] none[none] none:none
none|none none none

20:33:00 WinXP 221.138.47.145 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 35 8f0a361a9b
NEW none[none] none:none
none|none none none

T:20:36:00 WinXP 59.112.226.123 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0a0049fc3d
NEW none[none] none:none
none|none none none

20:36:00 Win2K-f 211.210.157.157 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

20:37:00 WinXP 221.143.38.118 (GUTZWILLER.CH):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 e28f44cb36
NEW none[none] none:none
none|none none none

T:20:37:00 WinXP 41.210.195.153 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:789 hits: 12-31 to 10-27] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

20:38:00 WinXP 24.144.41.135 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) n/a :proxima.ircgalaxy.pl
RU:moscow-advokat.ru
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
NL:diemen.nl.eu.undernet.org
SE:coins.dal.net
SE:broadway.ny.us.dal.net
SE:qis.md.us.dal.net
:gaspode.zanet.org.za
BE:london.uk.eu.undernet.org
SE:ced.dal.net
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c392067a90
[Firefox: 5 hits: 10-06 to 10-14] none[none] none:none
none|none none none

T:20:39:00 WinXP 219.248.111.22 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 075fa70649
NEW none[none] none:none
none|none none none

T:20:41:00 Win2K-f 222.234.217.103 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:15 hits: 08-15 to 10-27] none[none] none:none
none|none none none

20:43:00 Win2K-f 218.237.193.93 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox:11 hits: 09-26 to 10-27] none[none] none:none
none|none none none

20:45:00 Win2K-f 118.140.56.153 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:20:47:00 Win2K-f 221.124.153.40 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 099f898131
NEW none[none] none:none
none|none none none

T:20:49:00 WinXP 208.96.120.123 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 94156f67b0
[Firefox: 8 hits: 08-15 to 10-27] none[none] none:none
none|none none none

20:50:00 WinXP 125.26.4.72 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 2 hits: 10-22 to 10-27] none[none] none:none
none|none none none

20:52:00 Win2K-f 218.50.142.62 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
91 lines Yeah : 1.3
profile none summary
tarball 0 of 33
34 of 36
0 of 32 4c3df24b32
[Firefox:228 hits: 06-17 to 10-27]
545b3dcf9f
[Firefox: 2 hits: 08-13 to 09-24]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] 4c3df24b32 [1]
none [none]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
none|none
ASProtect| lines=81
none
lines=90 trace
none
trace

T:20:52:00 WinXP 190.5.192.49 (EMTEL.NET.CO):
EMTEL S.A. E.S.P,
CO. n/a RU:moscow-advokat.ru
NO:london.uk.eu.undernet.org
SE:viking.dal.net
:los-angeles.ca.us.undernet.org
NL:diemen.nl.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
SE:ced.dal.net
AT:graz.at.eu.undernet.org
SE:coins.dal.net
SE:qis.md.us.dal.net
:washington.dc.us.undernet.org
SE:ozbytes.dal.net
:brussels.be.eu.undernet.org
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
US:lia.zanet.net
:flanders.be.eu.undernet.org
:lulea.se.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 6405484e84
[Firefox: 5 hits: 10-27 to 10-27] none[none] none:none
none|none none none

T:20:52:00 Win2K-f 220.137.80.241 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

21:00:00 WinXP 190.5.192.49 (EMTEL.NET.CO):
EMTEL S.A. E.S.P,
CO. n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
:lulea.se.eu.undernet.org
FI:london.uk.eu.undernet.org
US:lia.zanet.net
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
SE:coins.dal.net
SE:ced.dal.net
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
:washington.dc.us.undernet.org
SE:viking.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 6405484e84
[Firefox: 5 hits: 10-27 to 10-27] none[none] none:none
none|none none none

21:01:00 WinXP 219.86.195.129 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 7bede00c48
NEW none[none] none:none
none|none none none

T:21:09:00 WinXP 211.44.210.166 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 cb7bf26ba3
NEW none[none] none:none
none|none none none

21:10:00 Win2K-f 24.85.208.53 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
a08f3b74a4
[Firefox:1237 hits: 06-18 to 10-27] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:11:00 WinXP 211.209.200.23 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:21:11:00 Win2K-f 218.160.180.126 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:21 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:21:13:00 WinXP 24.64.253.158 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 35 a93ff1217b
NEW none[none] none:none
none|none none none

T:21:22:00 Win2K-f 211.111.41.17 (-):
LINEENGENIERING,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

21:25:00 WinXP 124.57.6.210 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:27:00 Win2K-f 219.254.237.46 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:21 hits: 08-15 to 10-27] none[none] none:none
none|none none none

21:30:00 WinXP 123.18.78.172 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 27 of 36 2762102c9a
NEW none[none] none:none
none|none none none

21:30:00 WinXP 221.139.205.58 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3014658789
NEW none[none] none:none
none|none none none

21:33:00 Win2K-f 88.168.133.87 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 28 of 36 a67f84f2af
NEW none[none] none:none
none|none none none

21:36:00 Win2K-f 61.105.251.114 (KRLINE.NET):
KRNIC,
KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.153.236:80 135 pcap raw alerts
ruleset http
144 lines Yeah : 1.3
profile none summary
tarball 31 of 33
24 of 33
0 of 32 6e2eaa0359
[Firefox:17 hits: 07-10 to 10-12]
740e3bffe0
[Firefox:18 hits: 06-25 to 10-12]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:21:40:00 WinXP 221.140.202.10 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 94156f67b0
[Firefox: 8 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:21:41:00 WinXP 210.116.138.249 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 de3634287a
NEW none[none] none:none
none|none none none

T:21:41:00 Win2K-f 61.17.42.36 (ETH.NET):
VIDESH SANCHAR NIGAM LTD - INDIA,
TRIVANDRUM, KERALA, IN. (DSL) n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:41:00 WinXP 195.68.191.23 (SOVINTEL.RU):
EDN SOVINTEL DIALUP POOL,
MOSCOW, MOSKVA, RU. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:41:00 Win2K-f 88.168.219.143 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 27 of 35 e019377a4f
NEW none[none] none:none
none|none none none

T:21:42:00 WinXP 211.247.184.115 (-):
DREAMX-CATV-JUNGBUSANCABLE1,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

21:54:00 WinXP 123.18.51.162 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 27 of 36 895fc368ac
[Firefox: 3 hits: 10-20 to 10-22] none[none] none:none
none|none none none

21:56:00 Win2K-f 123.22.12.119 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 8fa85f3aeb
NEW none[none] none:none
none|none none none

21:57:00 Win2K-f 88.172.105.199 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
13 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
NEW none[none] none:none
none|none none none

T:21:59:00 WinXP 172.133.142.62 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
161 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 3373948767
[Firefox:36 hits: 07-03 to 10-27]
c73f738c30
[Firefox:36 hits: 07-03 to 10-27]
e07c29c4ae
[Firefox:729 hits: 06-19 to 10-27] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

21:59:00 WinXP 208.127.249.146 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:184 hits: 01-08 to 10-27] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

22:01:00 WinXP 62.51.53.242 (AOL.COM):
DSL-CSI-NL,
UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:15 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:22:08:00 WinXP 72.174.96.50 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 9026691b97
NEW none[none] none:none
none|none none none

T:22:20:00 Win2K-f 24.86.122.147 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:10 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:22:22:00 WinXP 76.169.142.190 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:114 hits: 07-13 to 10-27] none[none] none:none
none|none none none

T:22:24:00 WinXP 221.125.128.93 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:12 hits: 09-26 to 10-26] none[none] none:none
none|none none none

T:22:25:00 Win2K-f 221.138.47.145 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 35 8f0a361a9b
NEW none[none] none:none
none|none none none

22:26:00 Win2K-f 210.206.118.209 (BORA.NET):
BORANET-NET-210-206/,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:13 hits: 07-29 to 10-26] none[none] none:none
none|none none none

22:28:00 Win2K-f 125.224.220.6 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox: 9 hits: 08-15 to 10-22] none[none] none:none
none|none none none

T:22:29:00 Win2K-f 203.243.180.61 (KRLINE.NET):
KRNIC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox: 9 hits: 09-26 to 10-27] none[none] none:none
none|none none none

22:33:00 Win2K-f 58.77.101.101 (-):
POW-HFC-KANGNAM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
25 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:33:00 WinXP 58.236.128.112 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 bd7dafdf1d
NEW none[none] none:none
none|none none none

T:22:37:00 WinXP 211.209.114.194 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

22:41:00 WinXP 24.64.253.158 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 35 a93ff1217b
NEW none[none] none:none
none|none none none

T:22:49:00 Win2K-f 210.206.118.209 (BORA.NET):
BORANET-NET-210-206/,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 89ea5a66ca
NEW none[none] none:none
none|none none none

22:51:00 Win2K-f 24.86.122.147 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

22:58:00 Win2K-f 211.109.132.7 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

22:58:00 WinXP 218.101.210.158 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:25 hits: 08-01 to 10-27] none[none] none:none
none|none none none

23:07:00 Win2K-f 221.125.128.93 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:12 hits: 09-26 to 10-26] none[none] none:none
none|none none none

23:07:00 WinXP 221.125.77.50 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:21 hits: 07-29 to 10-26] none[none] none:none
none|none none none

23:10:00 WinXP 211.209.114.194 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

T:23:10:00 Win2K-f 211.109.132.7 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:16 hits: 07-29 to 10-26] none[none] none:none
none|none none none

T:23:14:00 WinXP 124.60.43.91 (-):
POWERCOM,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 22 of 36 935e1d6422
NEW none[none] none:none
none|none none none

T:23:15:00 WinXP 211.214.33.42 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 29f48b8b06
NEW none[none] none:none
none|none none none

23:18:00 Win2K-f 211.179.128.61 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox: 9 hits: 08-15 to 10-22] none[none] none:none
none|none none none

23:21:00 Win2K-f 24.86.82.98 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:23:23:00 Win2K-f 24.86.82.98 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:23:27:00 Win2K-f 61.220.201.220 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3469 hits: 06-17 to 10-27]
57ce4acac2
[Firefox:298 hits: 06-17 to 10-27] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:34:00 Win2K-f 124.60.43.91 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 36 935e1d6422
NEW none[none] none:none
none|none none none

T:23:37:00 WinXP 211.24.192.134 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox: 3 hits: 10-21 to 10-21] none[none] none:none
none|none none none

23:38:00 WinXP 58.122.202.46 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 3eeb212cb1
[Firefox: 3 hits: 10-22 to 10-27] none[none] none:none
none|none none none

T:23:38:00 Win2K-f 61.105.251.114 (KRLINE.NET):
KRNIC,
KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:8.12.222.126:80 135 pcap raw alerts
ruleset http
144 lines Yeah : 1.3
profile none summary
tarball 31 of 33
24 of 33
0 of 32 6e2eaa0359
[Firefox:17 hits: 07-10 to 10-12]
740e3bffe0
[Firefox:18 hits: 06-25 to 10-12]
b5919931fe
[Firefox:963 hits: 06-20 to 10-27] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

23:39:00 WinXP 218.167.191.110 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:10 hits: 09-26 to 10-27] none[none] none:none
none|none none none

23:39:00 Win2K-f 211.247.189.46 (-):
DREAMX-CATV-JUNGBUSANCABLE6,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 75b372822f
NEW none[none] none:none
none|none none none

T:23:39:00 WinXP 204.193.212.180 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

23:47:00 WinXP 24.85.70.129 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

T:23:51:00 Win2K-f 211.49.42.210 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
115.126.2.121:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e7df2cc350
NEW none[none] none:none
none|none none none

T:23:53:00 WinXP 58.226.18.79 (HANANET.NET):
HANARO TELECOM INC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 50649fc087
[Firefox:13 hits: 07-29 to 10-26] none[none] none:none
none|none none none

23:53:00 Win2K-f 58.75.200.178 (-):
DACOM CORPORATION,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 483a9fc1bd
NEW none[none] none:none
none|none none none

T:23:56:00 WinXP 24.67.186.4 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KELOWNA, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 1595515522
[Firefox: 2 hits: 10-09 to 10-26] none[none] none:none
none|none none none