Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

29 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:06:00 WinXP 218.162.170.186 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:20:00 WinXP 79.138.219.26 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:188 hits: 01-03 to 10-28] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:21:00 Win2K-f 4.225.18.116 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

00:22:00 WinXP 124.61.239.41 (-):
POWERCOM,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 36 a6c26cd3cb
NEW none[none] none:none
none|none none none

T:00:27:00 WinXP 193.250.67.35 (ABO.WANADOO.FR):
WANADOO,
ROTTERDAM, ZUID-HOLLAND, NL. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:488 hits: 12-31 to 10-28] 048df78048 [0] ASM:Graph
none|none lines=61 trace

00:36:00 WinXP 83.213.17.218 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BILBAO, PAIS VASCO, ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a58434ecc4
NEW none[none] none:none
none|none none none

00:37:00 WinXP 87.247.101.154 (-):
MIKROVISATA,
LT. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:kidos-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27301fc96
NEW none[none] none:none
none|none none none

00:46:00 Win2K-f 118.219.70.3 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 16fe4d40d8
NEW none[none] none:none
none|none none none

00:56:00 Win2K-f 211.49.42.210 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 e7df2cc350
NEW none[none] none:none
none|none none none

00:58:00 Win2K-f 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 812025bc54
NEW none[none] none:none
none|none none none

01:04:00 WinXP 213.55.68.224 (TELECOM.NET.ET):
ETHIOPIAN TELECOMMUNICATION CORPORATION,
ADDIS ABABA, ADDIS ABABA, ET. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox: 2 hits: 10-27 to 10-27] none[none] none:none
none|none none none

T:01:04:00 WinXP 213.55.68.224 (TELECOM.NET.ET):
ETHIOPIAN TELECOMMUNICATION CORPORATION,
ADDIS ABABA, ADDIS ABABA, ET. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox: 2 hits: 10-27 to 10-27] none[none] none:none
none|none none none

01:09:00 WinXP 193.250.67.35 (ABO.WANADOO.FR):
WANADOO,
ROTTERDAM, ZUID-HOLLAND, NL. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:488 hits: 12-31 to 10-28] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:01:12:00 Win2K-f 58.239.110.46 (-):
THRUNET-INFRA-BUSAN18,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 5daac7f4a5
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

01:13:00 Win2K-f 218.191.195.19 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 114d93b412
[Firefox: 3 hits: 10-22 to 10-22] none[none] none:none
none|none none none

01:23:00 Win2K-f 75.34.107.250 (SBCGLOBAL.NET):
MOHSEN KHAZIRI DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
b7082104e4
[Firefox:235 hits: 06-18 to 10-28] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

01:27:00 WinXP 70.61.156.64 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

01:27:00 WinXP 88.111.243.160 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:15 hits: 09-26 to 10-28] none[none] none:none
none|none none none

01:35:00 WinXP 82.242.48.25 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:16 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:01:38:00 WinXP 61.220.116.19 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 cfcb83b235
NEW
d73359368b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

01:40:00 Win2K-f 211.24.192.134 (TIME.NET.MY):
TIME TELECOMMUNICATIONS SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox: 5 hits: 10-21 to 10-28] none[none] none:none
none|none none none

T:01:40:00 Win2K-f 125.224.220.6 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox:13 hits: 08-15 to 10-28] none[none] none:none
none|none none none

01:48:00 WinXP 93.120.151.117 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:634 hits: 01-01 to 10-28] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

01:48:00 WinXP 83.45.144.225 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:11 hits: 08-15 to 10-28] none[none] none:none
none|none none none

01:52:00 Win2K-f 219.174.36.53 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:55:00 Win2K-f 24.85.70.129 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:25 hits: 08-15 to 10-28] none[none] none:none
none|none none none

T:01:55:00 WinXP 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 33
0 of 33 686d4ca67b
[Firefox:13 hits: 07-08 to 10-26]
b7e379b157
[Firefox:12 hits: 07-08 to 10-26]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

01:56:00 Win2K-f 115.81.82.13 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:01:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.50:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:10:00 Win2K-f 120.143.161.50 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

02:17:00 WinXP 218.160.180.126 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:25 hits: 07-29 to 10-28] none[none] none:none
none|none none none

02:26:00 WinXP 64.183.180.4 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GARLAND, TEXAS, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.148.50:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 35 40f73d7feb
NEW
4a7580c787
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:02:26:00 WinXP 121.73.102.102 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
350 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 7f89b38665
[Firefox:30 hits: 08-02 to 10-24]
a51a50404e
[Firefox:30 hits: 08-02 to 10-24] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:30:00 WinXP 79.163.222.190 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 8988e13dc6
[Firefox: 4 hits: 10-25 to 10-27] none[none] none:none
none|none none none

02:38:00 WinXP 82.231.138.241 (PROXAD.NET):
PROXAD / FREE SAS,
MULHOUSE, ALSACE, FR. 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 35 725c6709cb
NEW none[none] none:none
none|none none none

T:02:47:00 Win2K-f 211.211.171.64 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 35b6a8170e
NEW none[none] none:none
none|none none none

02:49:00 WinXP 91.205.252.62 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:188 hits: 01-03 to 10-28] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:02:52:00 WinXP 218.191.195.19 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 25 of 36 114d93b412
[Firefox: 3 hits: 10-22 to 10-22] none[none] none:none
none|none none none

T:03:06:00 Win2K-f 118.219.70.3 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 16fe4d40d8
NEW none[none] none:none
none|none none none

03:16:00 WinXP 69.77.158.62 (SKYBEST.COM):
SKYBEST COMMUNICATIONS INC,
NEW BERN, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:24:00 WinXP 70.61.180.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HEBRON, OHIO, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:26:00 WinXP 124.66.255.58 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:30:00 WinXP 64.21.252.154 (GONDTC.COM):
GONDTC.COM,
NEW ROCKFORD, NORTH DAKOTA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:03:32:00 WinXP 221.125.19.111 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:15 hits: 09-26 to 10-28] none[none] none:none
none|none none none

03:43:00 Win2K-f 88.222.159.65 (-):
KAUNAS MEGANET AREA12 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cd712316e7
[Firefox: 2 hits: 10-26 to 10-28] none[none] none:none
none|none none none

03:53:00 WinXP 79.138.154.200 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 2d6c8c447f
[Firefox:25 hits: 09-16 to 10-22] none[none] none:none
none|none none none

03:54:00 WinXP 80.121.35.38 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:187 hits: 01-08 to 10-28] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

04:01:00 Win2K-f 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:04:11:00 WinXP 219.107.130.51 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
YOKOHAMA, KANAGAWA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:634 hits: 01-01 to 10-28] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:04:12:00 WinXP 79.163.169.20 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 35 of 36 5386e6a4b4
NEW none[none] none:none
none|none none none

T:04:15:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

04:22:00 WinXP 87.10.27.174 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
SALERNO, CAMPANIA, IT. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.96.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:30:00 Win2K-f 122.139.155.191 (MINTEL.COM):
CNCGROUP JILIN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:13 hits: 08-15 to 10-27] none[none] none:none
none|none none none

04:31:00 Win2K-f 116.120.196.227 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:192.221.99.126:80
US:205.128.70.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 32 168aab35a3
[Firefox:176 hits: 06-17 to 10-27]
61426996c3
[Firefox:15 hits: 06-20 to 10-22] none[4]
61426996c3[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

04:40:00 WinXP 75.143.201.146 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c3e3fb2336
[Firefox: 4 hits: 10-14 to 10-27] none[none] none:none
none|none none none

T:04:47:00 WinXP 66.88.98.162 (XO.NET):
XO COMMUNICATIONS,
HOLLYWOOD, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:02:00 WinXP 195.174.107.25 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ISTANBUL, ISTANBUL, TR. (DSL) n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:03:00 WinXP 78.34.20.43 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 730f3a29f5
[Firefox: 2 hits: 10-28 to 10-28] none[none] none:none
none|none none none

T:05:06:00 WinXP 130.13.69.133 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 4d9fda377d
[Firefox: 4 hits: 10-22 to 10-26] none[none] none:none
none|none none none

05:09:00 WinXP 207.5.212.231 (METROCAST.NET):
GREAT WORKS INTERNET,
WOLFEBORO, NEW HAMPSHIRE, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:05:17:00 WinXP 196.208.94.45 (TELKOM-IPNET.CO.ZA):
AFRINIC,
CAPE TOWN, WESTERN CAPE, ZA. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:199.93.44.126:80 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:22:00 Win2K-f 218.211.207.127 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

05:26:00 Win2K-f 118.218.115.190 (-):
. n/a US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:208.111.173.54:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 168aab35a3
[Firefox:176 hits: 06-17 to 10-27]
667f0c59f3
[Firefox:29 hits: 07-04 to 10-14] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:05:30:00 WinXP 70.166.118.73 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.173.54:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 34 of 36
28 of 33 da00a8e7a1
[Firefox:32 hits: 08-05 to 10-25]
f685f8e027
[Firefox:36 hits: 06-18 to 10-25] none[none]
f685f8e027[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=82 none
trace

05:44:00 WinXP 121.254.83.138 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:188 hits: 01-03 to 10-28] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

06:11:00 Win2K-f 218.211.81.20 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset other
266 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 dd98c3c108
[Firefox:10 hits: 06-24 to 10-21]
e98746deb1
[Firefox: 9 hits: 06-24 to 10-21] dd98c3c108 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:06:19:00 Win2K-f 96.48.142.233 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 01d97967d2
NEW none[none] none:none
none|none none none

06:19:00 WinXP 66.182.23.66 (SNET.NET):
PACIFIC CREST SECURITIES,
PORTLAND, OREGON, US. (100Mbps) 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.45:80
US:208.111.173.47:80 135 pcap raw alerts
ruleset irc
127 lines Yeah : 1.8
profile none summary
tarball 32 of 33
30 of 33 3690b64ca2
[Firefox:10 hits: 06-18 to 10-28]
a6fb77fd26
[Firefox:10 hits: 06-18 to 10-28] none[4]
a6fb77fd26[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=82 trace
trace

T:06:20:00 WinXP 85.85.30.18 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

06:23:00 WinXP 217.253.251.210 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
SIEGEN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 33 b402048f34
[Firefox: 5 hits: 07-05 to 10-22] none[none] none:none
none|none none none

T:06:26:00 WinXP 83.213.139.44 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:35 hits: 10-05 to 10-28] none[none] none:none
none|none none none

06:32:00 WinXP 66.53.83.178 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:06:45:00 WinXP 91.126.104.146 (RP80.SE):
WEBTECHNORD,
SE. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 977d83cd59
NEW none[none] none:none
none|none none none

T:06:59:00 WinXP 200.219.68.189 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 6c9f31fee4
NEW none[none] none:none
none|none none none

07:03:00 WinXP 89.165.45.243 (-):
NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK,
IR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c60b8a57de
NEW none[none] none:none
none|none none none

07:13:00 WinXP 4.242.150.202 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 a4654e9d62
NEW none[none] none:none
none|none none none

07:15:00 Win2K-f 76.169.142.190 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:116 hits: 07-13 to 10-28] none[none] none:none
none|none none none

07:33:00 WinXP 72.251.14.184 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:42:00 Win2K-f 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

07:54:00 Win2K-f 222.234.234.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 115.126.2.121:65520 US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
US:208.111.173.54:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset irc
112 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33 b74e792974
[Firefox:14 hits: 06-18 to 10-20]
f0e73c39a8
[Firefox:15 hits: 06-18 to 10-20] b74e792974 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

07:55:00 WinXP 79.206.120.97 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:501 hits: 01-05 to 10-28] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

08:00:00 Win2K-f 98.141.161.136 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:04:00 Win2K-f 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:08:23:00 Win2K-f 124.57.6.210 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:26:00 WinXP 90.57.147.111 (IKBCC.COM):
IP2000-ADSL-BAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d2af6753cc
[Firefox: 2 hits: 10-26 to 10-28] none[none] none:none
none|none none none

T:08:38:00 WinXP 76.70.165.224 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.53.125:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
b7082104e4
[Firefox:235 hits: 06-18 to 10-28] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:08:52:00 Win2K-f 220.130.83.3 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.53.125:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 57ce4acac2
[Firefox:300 hits: 06-17 to 10-28]
83f26f5044
[Firefox:34 hits: 06-20 to 10-28] 57ce4acac2 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:09:04:00 WinXP 170.51.192.97 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f17f896658
[Firefox: 2 hits: 10-26 to 10-27] none[none] none:none
none|none none none

T:09:06:00 Win2K-f 4.174.226.194 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BERWICK, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.17:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:08:00 WinXP 119.95.136.125 (-):
. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
:washington.dc.us.undernet.org
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox:16 hits: 08-06 to 10-25] none[none] none:none
none|none none none

T:09:08:00 WinXP 119.95.136.125 (-):
. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox:16 hits: 08-06 to 10-25] none[none] none:none
none|none none none

09:10:00 Win2K-f 172.131.49.173 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
118 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33 0474b4b09f
[Firefox:10 hits: 09-24 to 10-25]
1c3210698a
[Firefox:12 hits: 07-13 to 10-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:09:17:00 WinXP 122.25.107.91 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:17:00 WinXP 68.148.17.210 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.110.125:80
US:204.160.126.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 34 of 36
31 of 36 e8243a9ee6
NEW
f057d47965
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

09:22:00 WinXP 82.231.105.51 (PROXAD.NET):
PROXAD / FREE SAS,
LONGJUMEAU, ILE-DE-FRANCE, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f3440caba1
NEW none[none] none:none
none|none none none

T:09:46:00 WinXP 87.247.111.3 (-):
MIKROVISATA,
LT. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 6 hits: 10-14 to 10-26] none[none] none:none
none|none none none

09:48:00 WinXP 82.208.160.70 (ASTRAL.RO):
ASTRAL-BRAILA-DOCSIS,
RO. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

10:03:00 WinXP 92.47.138.114 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:35 hits: 10-05 to 10-28] none[none] none:none
none|none none none

T:10:12:00 WinXP 64.38.67.153 (SPEAKEASY.NET):
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 45d3b6bd28
[Firefox: 4 hits: 10-15 to 10-26] none[none] none:none
none|none none none

T:10:13:00 WinXP 94.191.155.96 (-):
. n/a RU:moscow-advokat.ru
BE:london.uk.eu.undernet.org
:washington.dc.us.undernet.org
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:10:16:00 WinXP 218.210.133.158 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
121 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 33 87e1117f2a
[Firefox:27 hits: 07-18 to 10-28]
b4fe4581c3
[Firefox:27 hits: 07-18 to 10-28] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

10:28:00 WinXP 82.217.239.7 (QUICKNET.NL):
CABLE CUSTOMERS - QUICKNET-CUSTOMERS,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0c99fe274d
NEW none[none] none:none
none|none none none

10:41:00 Win2K-f 4.181.98.202 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MODESTO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 135 pcap raw alerts
ruleset http
118 lines Yeah : 1.3
profile none summary
tarball 32 of 35
0 of 32
31 of 36 7f1b49769d
NEW
b5919931fe
[Firefox:974 hits: 06-20 to 10-28]
d830c2ced5
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

10:50:00 WinXP 88.170.104.92 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 8 hits: 10-20 to 10-27] none[none] none:none
none|none none none

T:11:04:00 WinXP 64.183.180.4 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GARLAND, TEXAS, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 135 pcap raw alerts
ruleset http
99 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 35
0 of 33 40f73d7feb
NEW
4a7580c787
NEW
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:11:22:00 WinXP 41.214.178.139 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:63 hits: 09-13 to 10-25] none[none] none:none
none|none none none

11:23:00 WinXP 77.254.199.130 (COM.PL):
NETIA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 2881209768
[Firefox: 6 hits: 10-22 to 10-27] none[none] none:none
none|none none none

11:48:00 WinXP 77.37.131.76 (NCNET.RU):
NCN-INFRA,
RU. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 bb7681eca8
[Firefox:10 hits: 09-26 to 10-20] none[none] none:none
none|none none none

T:11:53:00 WinXP 99.145.139.139 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
b7082104e4
[Firefox:235 hits: 06-18 to 10-28] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

11:54:00 WinXP 78.149.243.27 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 c5a8d4837c
NEW none[none] none:none
none|none none none

11:57:00 WinXP 79.146.207.72 (RIMA-TDE.NET):
TELEFONICA,
MADRID, MADRID, ES. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:501 hits: 01-05 to 10-28] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:12:07:00 WinXP 24.67.29.61 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 1595515522
[Firefox: 3 hits: 10-09 to 10-28] none[none] none:none
none|none none none

12:18:00 Win2K-f 66.53.121.103 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SACRAMENTO, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 135 pcap raw alerts
ruleset http
155 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:12:26:00 WinXP 82.243.63.24 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 06a5e31b47
[Firefox: 2 hits: 10-28 to 10-28] none[none] none:none
none|none none none

12:27:00 Win2K-f 71.79.78.37 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTERVILLE, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:12:45:00 Win2K-f 98.175.106.144 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.222.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:48:00 Win2K-f 61.155.20.168 (-):
SUZHOU-DATONG-TECHNOLOGY-CORP,
SUZHOU, JIANGSU, CN. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

12:54:00 WinXP 189.48.162.37 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:56:00 WinXP 80.218.208.74 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 21 of 22 8d2ef3175a
NEW none[none] none:none
none|none none none

12:58:00 Win2K-f 70.184.214.106 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.99.126:80
US:204.160.126.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 34 of 36
28 of 33 da00a8e7a1
[Firefox:32 hits: 08-05 to 10-25]
f685f8e027
[Firefox:36 hits: 06-18 to 10-25] none[none]
f685f8e027[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=82 none
trace

T:13:01:00 WinXP 76.236.155.171 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 729e7b849a
NEW none[none] none:none
none|none none none

13:14:00 WinXP 82.225.250.167 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox:13 hits: 10-11 to 10-28] none[none] none:none
none|none none none

T:13:41:00 WinXP 119.154.56.87 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:188 hits: 01-03 to 10-28] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:43:00 Win2K-f 210.233.204.126 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 3ed16ae12d
[Firefox:27 hits: 06-19 to 10-28]
79c01ec060
[Firefox:63 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] 3ed16ae12d [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

13:50:00 WinXP 93.177.181.150 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 f665a37b6c
[Firefox: 5 hits: 10-13 to 10-25] none[none] none:none
none|none none none

T:13:51:00 WinXP 66.53.82.123 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
SE:ced.dal.net
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
NL:diemen.nl.eu.undernet.org
:flanders.be.eu.undernet.org
SE:broadway.ny.us.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:13:52:00 WinXP 81.9.254.91 (CM-81-9-254-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) n/a RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
AT:graz.at.eu.undernet.org
SE:ozbytes.dal.net
SE:ced.dal.net
:washington.dc.us.undernet.org
SE:qis.md.us.dal.net
SE:vancouver.dal.net
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
NL:london.uk.eu.undernet.org
SE:viking.dal.net
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:32 hits: 10-08 to 10-28] none[none] none:none
none|none none none

T:14:08:00 WinXP 70.64.214.243 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 644ab77c01
[Firefox: 6 hits: 10-21 to 10-26] none[none] none:none
none|none none none

14:10:00 WinXP 83.255.40.36 (COMHEM.SE):
COMHEM,
SE. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:35 hits: 10-05 to 10-28] none[none] none:none
none|none none none

T:14:12:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.44.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:21:00 Win2K-f 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:14:22:00 WinXP 81.198.232.109 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 35 of 36 d9a4f2f314
[Firefox:10 hits: 09-29 to 10-26] none[none] none:none
none|none none none

T:14:44:00 WinXP 70.184.159.174 (COX.NET):
COX COMMUNICATIONS,
HAMPTON, VIRGINIA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:208.111.148.54:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36 bea8cb1865
[Firefox:32 hits: 08-11 to 10-28]
fac78fde16
[Firefox:12 hits: 09-13 to 10-28] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:47:00 WinXP 66.53.211.101 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:289 hits: 01-01 to 10-28] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

14:49:00 WinXP 4.249.132.175 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:14:00 WinXP 82.251.248.2 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5d7c7f2ec8
[Firefox: 2 hits: 10-25 to 10-26] none[none] none:none
none|none none none

T:15:16:00 WinXP 4.158.198.214 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

15:18:00 WinXP 204.193.219.88 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:11 hits: 10-21 to 10-28] none[none] none:none
none|none none none

15:23:00 Win2K-f 70.183.63.227 (COX.NET):
COX COMMUNICATIONS INC,
NEWPORT BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

15:23:00 Win2K-f 121.73.117.16 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80 135 pcap raw alerts
ruleset http
349 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 32 7f89b38665
[Firefox:30 hits: 08-02 to 10-24]
a51a50404e
[Firefox:30 hits: 08-02 to 10-24]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

15:23:00 WinXP 88.171.218.228 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a330d0d1c1
NEW none[none] none:none
none|none none none

T:15:31:00 Win2K-f 90.57.147.111 (IKBCC.COM):
IP2000-ADSL-BAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d2af6753cc
[Firefox: 2 hits: 10-26 to 10-28] none[none] none:none
none|none none none

T:15:33:00 WinXP 68.127.36.203 (PACBELL.NET):
PPPOX POOL - RBACK4.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:52:00 Win2K-f 70.65.17.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:02:00 WinXP 74.207.18.84 (HCIS.NET):
HEARTLAND COMMUNICATIONS INTERNET SERVICES INC,
PADUCAH, KENTUCKY, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
:wpad
GB:new.egg.com
RU:www.vtb.ru
US:208.73.210.121:80
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
http
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:595 hits: 01-01 to 10-28] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

16:03:00 Win2K-f 24.76.183.152 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:205.128.70.126:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset http
124 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 0115338c8b
[Firefox:27 hits: 09-12 to 10-28]
321f4fc27d
[Firefox:27 hits: 09-12 to 10-28] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

16:11:00 WinXP 4.242.150.100 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:kidos-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a4654e9d62
NEW none[none] none:none
none|none none none

16:15:00 WinXP 190.128.48.226 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 18c7040ea0
[Firefox: 7 hits: 09-15 to 10-22] none[none] none:none
none|none none none

16:23:00 Win2K-f 24.84.211.155 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
61 lines Yeah : 1.3
profile none summary
tarball 4 of 36 bd3437ca05
NEW none[none] none:none
none|none none none

T:16:25:00 WinXP 200.165.20.202 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 44da3653ac
NEW none[none] none:none
none|none none none

T:16:27:00 WinXP 70.64.214.243 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 6d7baa9138
NEW none[none] none:none
none|none none none

16:53:00 WinXP 65.173.141.167 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1395 hits: 12-31 to 10-28] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

17:03:00 WinXP 201.253.82.159 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 8 hits: 10-20 to 10-27] none[none] none:none
none|none none none

17:11:00 WinXP 190.159.83.27 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:11 hits: 10-10 to 10-28] none[none] none:none
none|none none none

T:17:11:00 WinXP 190.159.83.27 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:11 hits: 10-10 to 10-28] none[none] none:none
none|none none none

17:13:00 Win2K-f 208.117.117.145 (SPEAKEASY.NET):
US. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:14:00 WinXP 70.184.216.118 (COX.NET):
COX COMMUNICATIONS,
OMAHA, NEBRASKA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 039d82e2db
[Firefox: 2 hits: 10-28 to 10-28] none[none] none:none
none|none none none

17:26:00 Win2K-f 124.195.153.195 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

17:38:00 WinXP 70.184.159.174 (COX.NET):
COX COMMUNICATIONS,
HAMPTON, VIRGINIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 1d84ca0934
NEW none[none] none:none
none|none none none

17:39:00 WinXP 189.24.125.43 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:501 hits: 01-05 to 10-28] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:17:40:00 WinXP 165.166.225.21 (INFOAVE.NET):
INFO AVENUE INTERNET SERVICES LLC,
US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 bef242afd6
NEW none[none] none:none
none|none none none

T:17:41:00 WinXP 71.108.235.124 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
GLENDORA, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:26:00 WinXP 130.13.222.86 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:63 hits: 09-13 to 10-25] none[none] none:none
none|none none none

18:31:00 Win2K-f 72.140.130.98 (ROGERS.COM):
ROGERS CABLE INC. KTGC,
TORONTO, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:47:00 WinXP 61.155.20.168 (-):
SUZHOU-DATONG-TECHNOLOGY-CORP,
SUZHOU, JIANGSU, CN. (100Mbps) n/a 135 pcap raw alerts
ruleset other
53 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

18:47:00 WinXP 94.191.166.3 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:18:51:00 WinXP 190.225.232.253 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox: 2 hits: 10-27 to 10-27] none[none] none:none
none|none none none

18:55:00 Win2K-f 209.127.192.127 (-):
TELSCAPE COMMUNICATIONS INC,
TORONTO, OHIO, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:198.78.220.124:80 135 pcap raw alerts
ruleset other
115 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 a8c074e136
[Firefox: 4 hits: 08-21 to 10-28]
fc22cbd605
[Firefox: 4 hits: 08-21 to 10-28] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:56:00 Win2K-f 64.181.43.149 (-):
CITY OF PHILIPPI,
PHILIPPI, WEST VIRGINIA, US. n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:198.78.220.124:80
US:207.123.37.125:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 35 40f73d7feb
NEW
4a7580c787
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:57:00 Win2K-f 69.216.161.174 (-):
CITY OF NORWAY,
DETROIT, MICHIGAN, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:198.78.220.124:80
US:207.123.37.125:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 33 of 36
32 of 36 68270737c6
NEW
ba6c30bea5
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:12:00 WinXP 92.40.184.224 (IKBCC.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:coins.dal.net
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:vancouver.dal.net
US:lia.zanet.net
:caen.fr.eu.undernet.org
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
AT:graz.at.eu.undernet.org
:washington.dc.us.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:32 hits: 10-08 to 10-28] none[none] none:none
none|none none none

T:19:15:00 Win2K-f 119.94.24.113 (-):
. n/a 135 pcap raw alerts
ruleset other
119 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36 790b6ffe89
NEW
b84fac543a
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:17:00 WinXP 66.19.150.111 (POPSITE.NET):
USLEC CORP,
CHARLOTTE, NORTH CAROLINA, US. (DIAL) n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
SE:ozbytes.dal.net
US:lia.zanet.net
AT:graz.at.eu.undernet.org
SE:ced.dal.net
SE:vancouver.dal.net
SE:coins.dal.net
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
:lulea.se.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:19:17:00 WinXP 60.179.160.222 (163DATA.COM.CN):
CHINANET-ZJ NINGBO NODE NETWORK,
NINGBO, ZHEJIANG, CN. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 b7ba8daae1
[Firefox: 7 hits: 10-15 to 10-28] none[none] none:none
none|none none none

19:18:00 WinXP 60.179.160.222 (163DATA.COM.CN):
CHINANET-ZJ NINGBO NODE NETWORK,
NINGBO, ZHEJIANG, CN. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:kidos-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b7ba8daae1
[Firefox: 7 hits: 10-15 to 10-28] none[none] none:none
none|none none none

19:23:00 WinXP 98.134.203.83 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:199.93.44.124:80
US:204.160.126.124:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 6d86a1ff5a
[Firefox:41 hits: 06-25 to 10-07]
7f6e032fc0
[Firefox:41 hits: 06-25 to 10-07] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:34:00 WinXP 74.141.72.130 (INSIGHTBB.COM):
INSIGHT COMMUNICATIONS COMPANY L.P,
LOUISVILLE, KENTUCKY, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

19:44:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:50:00 WinXP 67.64.30.245 (WBSNET.NET):
WHEATLAND ELECTRIC COOP,
SCOTT CITY, KANSAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:56:00 Win2K-f 172.131.103.113 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
67 lines Yeah : 1.3
profile none summary
tarball 33 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28] none[4] none:none
tElock| none trace

T:20:03:00 WinXP 201.236.224.56 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:11 hits: 10-10 to 10-28] none[none] none:none
none|none none none

20:04:00 Win2K-f 216.208.65.52 (BELL.CA):
BELL CANADA,
PETERBOROUGH, ONTARIO, CA. (DIAL) n/a 135 pcap raw alerts
ruleset other
212 lines Yeah : 1.3
profile none summary
tarball 0 of 33 a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28] a08f3b74a4 [1] ASM:Graph
Armadillo| lines=81 trace

20:31:00 WinXP 4.166.159.16 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.50:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:44:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:45:00 WinXP 204.193.223.90 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:39 hits: 09-17 to 10-26] none[none] none:none
none|none none none

20:49:00 WinXP 94.137.13.164 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:63 hits: 09-13 to 10-25] none[none] none:none
none|none none none

21:01:00 WinXP 204.193.211.144 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:11 hits: 10-21 to 10-28] none[none] none:none
none|none none none

T:21:01:00 WinXP 204.193.211.144 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:11 hits: 10-21 to 10-28] none[none] none:none
none|none none none

21:05:00 Win2K-f 4.171.180.180 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GAINESVILLE, FLORIDA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
92 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:06:00 WinXP 70.66.86.72 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
GABRIOLA, BRITISH COLUMBIA, CA. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 ddb3bd55db
NEW none[none] none:none
none|none none none

21:16:00 WinXP 140.239.41.230 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 33 73ce2b74da
[Firefox:28 hits: 06-18 to 10-28]
79c01ec060
[Firefox:63 hits: 06-18 to 10-28]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] 73ce2b74da [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

21:35:00 WinXP 119.92.172.119 (-):
. n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
115.126.2.121:65520
US:208.111.148.137:80 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36
0 of 33 790b6ffe89
NEW
b84fac543a
NEW
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:21:48:00 Win2K-f 218.211.207.238 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
73f1082158
[Firefox:1738 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:53:00 WinXP 8.15.176.213 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:11 hits: 10-10 to 10-28] none[none] none:none
none|none none none

22:23:00 WinXP 89.195.64.18 (-):
ORANGE,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 491fef3335
[Firefox: 3 hits: 10-26 to 10-28] none[none] none:none
none|none none none

T:22:25:00 WinXP 89.195.64.18 (-):
ORANGE,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 491fef3335
[Firefox: 3 hits: 10-26 to 10-28] none[none] none:none
none|none none none

22:50:00 WinXP 121.84.172.19 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a :proxim.ntkrnlpa.info 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 33 of 36 1bfebad740
NEW none[none] none:none
none|none none none

T:22:51:00 WinXP 119.95.119.29 (-):
. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 aad553494f
NEW none[none] none:none
none|none none none

T:23:11:00 WinXP 58.106.193.62 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 33 of 33
32 of 36 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
c49f39fc23
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:23:14:00 WinXP 217.151.135.210 (GAZSVYAZ.RU):
GAZSVYAZ-MSK,
RU. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 445 pcap raw alerts
ruleset http
http
http
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:595 hits: 01-01 to 10-28] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

23:16:00 WinXP 70.166.118.73 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.110.126:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 34 of 36
0 of 33
28 of 33 da00a8e7a1
[Firefox:32 hits: 08-05 to 10-25]
e07c29c4ae
[Firefox:740 hits: 06-19 to 10-28]
f685f8e027
[Firefox:36 hits: 06-18 to 10-25] none[none]
e07c29c4ae[1]
f685f8e027[1] none:none
ASM:Graph
ASM:Graph
none|none
FSG|
Armadillo| none
lines=92
lines=82 none
trace
trace

23:22:00 Win2K-f 61.218.192.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:206.33.45.125:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
57ce4acac2
[Firefox:300 hits: 06-17 to 10-28] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:30:00 Win2K-f 24.29.83.90 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALBANY, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3496 hits: 06-17 to 10-28]
a08f3b74a4
[Firefox:1248 hits: 06-18 to 10-28]
b5919931fe
[Firefox:974 hits: 06-20 to 10-28] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:23:49:00 WinXP 89.41.89.91 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
NEW none[none] none:none
none|none none none

23:58:00 WinXP 94.191.175.64 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:794 hits: 12-31 to 10-28] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace