Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

05 November 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:10:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:199.93.41.126:80
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

00:18:00 WinXP 72.215.49.28 (COX.NET):
COX COMMUNICATIONS,
BRISTOL, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.125:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:30:00 WinXP 78.34.37.17 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a8c10e184d
[Firefox: 2 hits: 11-03 to 11-04] none[none] none:none
none|none none none

T:00:43:00 WinXP 84.139.231.91 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
ROSTOCK, MECKLENBURG-VORPOMMERN, DE. n/a :proxim.ircgalaxy.pl
ES:tele-pc.com
IT:macedonia.my1.ru
CN:jrsx.jre.net.cn
PL:tunska.komrel.net
US:www.yahoo.com
US:www.hkwebguru.com
:soncibbs.eastday.com
ES:www.familiaordonez.com
**:2.0.0.127.bl.spamcop.net
:45.206.107.130.bl.spamcop.net
**:2.0.0.127.cbl.abuseat.org
:45.206.107.130.cbl.abuseat.org
:2.0.0.127.list.dsbl.org
**:2.0.0.127.sbl-xbl.spamhaus.org
AU:ozfloorball.com
:45.206.107.130.sbl-xbl.spamhaus.org
**:2.0.0.127.zen.spamhaus.org
:45.206.107.130.zen.spamhaus.org
**:2.0.0.127.combined.njabl.org
:45.206.107.130.combined.njabl.org
:2.0.0.127.multihop.dsbl.org
:2.0.0.127.blackholes.uceb.org
**:2.0.0.127.bl.csma.biz
**:2.0.0.127.db.wpbl.info
**:2.0.0.127.dnsbl.njabl.org
US:mailin-02.mx.aol.com
US:mailin-01.mx.aol.com
US:mailin-03.mx.aol.com 445 pcap raw alerts
ruleset http
136 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:00:49:00 WinXP 92.47.167.77 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 9 hits: 10-20 to 11-03] none[none] none:none
none|none none none

T:00:51:00 WinXP 117.99.31.130 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a CN:jrsx.jre.net.cn
PL:tunska.komrel.net
**:2.0.0.127.bl.spamcop.net
:69.148.107.130.bl.spamcop.net
**:2.0.0.127.cbl.abuseat.org
:69.148.107.130.cbl.abuseat.org
:2.0.0.127.list.dsbl.org
**:2.0.0.127.sbl-xbl.spamhaus.org
:69.148.107.130.sbl-xbl.spamhaus.org
**:2.0.0.127.zen.spamhaus.org
:69.148.107.130.zen.spamhaus.org
**:2.0.0.127.combined.njabl.org
:69.148.107.130.combined.njabl.org
:2.0.0.127.multihop.dsbl.org
:2.0.0.127.blackholes.uceb.org
US:www.hkwebguru.com
:soncibbs.eastday.com
ES:www.familiaordonez.com
AU:ozfloorball.com
UA:citi-bank.ru
**:2.0.0.127.bl.csma.biz
:69.148.107.130.bl.csma.biz
:proxim.ircgalaxy.pl
**:2.0.0.127.db.wpbl.info
**:2.0.0.127.dnsbl.njabl.org
EU:mx1.yandex.ru
US:mailin-01.mx.aol.com
US:mailin-02.mx.aol.com
US:mailin-03.mx.aol.com
US:mailin-04.mx.aol.com
:mxs.mail.ru
:mx2.yandex.ru
RU:imx1.rambler.ru
US:c.mx.mail.yahoo.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:205 hits: 01-03 to 11-04] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

00:52:00 WinXP 114.137.41.220 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox:19 hits: 10-11 to 11-04] none[none] none:none
none|none none none

01:06:00 WinXP 204.116.246.110 (UNITED.NET):
UNITED TELEPHONE COMPANY,
MYRTLE BEACH, SOUTH CAROLINA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 ebae9e44e3
NEW none[none] none:none
none|none none none

T:01:06:00 WinXP 204.116.246.110 (UNITED.NET):
UNITED TELEPHONE COMPANY,
MYRTLE BEACH, SOUTH CAROLINA, US. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 ebae9e44e3
NEW none[none] none:none
none|none none none

T:01:11:00 WinXP 78.106.36.230 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. n/a :proxim.ircgalaxy.pl
ES:tele-pc.com
IT:macedonia.my1.ru
CN:jrsx.jre.net.cn
US:www.yahoo.com
**:2.0.0.127.bl.spamcop.net
:1.209.107.130.bl.spamcop.net
**:2.0.0.127.cbl.abuseat.org
:1.209.107.130.cbl.abuseat.org
:2.0.0.127.list.dsbl.org
**:2.0.0.127.sbl-xbl.spamhaus.org
:1.209.107.130.sbl-xbl.spamhaus.org
**:2.0.0.127.zen.spamhaus.org
PL:tunska.komrel.net
:1.209.107.130.zen.spamhaus.org
**:2.0.0.127.combined.njabl.org
US:www.hkwebguru.com
:2.0.0.127.multihop.dsbl.org
ES:www.familiaordonez.com
:2.0.0.127.blackholes.uceb.org
AU:ozfloorball.com
**:2.0.0.127.bl.csma.biz
**:2.0.0.127.db.wpbl.info
**:2.0.0.127.dnsbl.njabl.org
:mxs.mail.ru 445 pcap raw alerts
ruleset http
134 lines Argh : 0.3
profile none summary
tarball none none none none none none none

01:11:00 WinXP 61.64.3.248 (-):
PHOENIX CATV C,
TW. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox: 5 hits: 10-29 to 11-02] none[none] none:none
none|none none none

T:01:14:00 WinXP 82.240.145.182 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 f611bd0182
NEW none[none] none:none
none|none none none

T:01:36:00 WinXP 89.41.89.112 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 414ae45a85
NEW none[none] none:none
none|none none none

T:01:44:00 WinXP 84.13.7.82 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
LONDON, ENGLAND, UK. (DSL) n/a ES:www.familiaordonez.com
AU:ozfloorball.com 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:01:47:00 WinXP 81.198.232.109 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 d9a4f2f314
[Firefox:12 hits: 09-29 to 11-04] none[none] none:none
none|none none none

01:49:00 WinXP 24.67.166.46 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KELOWNA, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox:13 hits: 10-20 to 11-04] none[none] none:none
none|none none none

T:01:50:00 WinXP 24.67.166.46 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KELOWNA, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox:13 hits: 10-20 to 11-04] none[none] none:none
none|none none none

02:24:00 WinXP 24.29.84.249 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALBANY, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:204.160.104.126:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:28:00 WinXP 212.220.192.0 (-):
J/S CO ETS,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. n/a :www.google.com.au
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox:56 hits: 04-18 to 11-02] none[3] none:none
tElock| none trace

02:28:00 Win2K-f 172.164.17.62 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:205.128.70.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
130 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33 0474b4b09f
[Firefox:12 hits: 09-24 to 10-31]
1c3210698a
[Firefox:14 hits: 07-13 to 10-31] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:48:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 135 pcap raw alerts
ruleset http
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
57ce4acac2
[Firefox:321 hits: 06-17 to 11-04]
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

02:53:00 WinXP 62.11.118.115 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
19 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:297 hits: 01-01 to 11-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:03:36:00 WinXP 218.164.38.162 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:656 hits: 01-01 to 11-04] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

03:41:00 WinXP 218.238.193.115 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 72c08ed557
NEW none[none] none:none
none|none none none

T:03:41:00 Win2K-f 218.48.26.50 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 75cfbfa70a
NEW none[none] none:none
none|none none none

T:03:41:00 Win2K-f 88.107.98.220 (AS9105.COM):
TISCALI UK LTD,
MONTROSE, SCOTLAND, UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
[Firefox:11 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:03:41:00 Win2K-f 211.44.210.166 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 cb7bf26ba3
NEW none[none] none:none
none|none none none

03:42:00 WinXP 88.168.231.122 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

03:43:00 Win2K-f 77.253.122.173 (COM.PL):
NETIA,
PL. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 22 of 33 89953ae602
[Firefox: 3 hits: 07-15 to 10-28] none[none] none:none
none|none none none

03:44:00 Win2K-f 116.42.64.88 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:45:00 WinXP 125.230.106.68 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 b724b621a2
[Firefox: 3 hits: 10-26 to 10-27] none[none] none:none
none|none none none

T:03:57:00 WinXP 211.179.140.147 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:32 hits: 08-01 to 10-28] none[none] none:none
none|none none none

T:03:59:00 Win2K-f 221.124.129.184 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3f76c545af
NEW none[none] none:none
none|none none none

T:03:59:00 WinXP 211.177.212.251 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 6b28308388
NEW none[none] none:none
none|none none none

04:03:00 WinXP 123.212.119.64 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
53 lines Yeah : 1.3
profile none summary
tarball 0 of 33 4c3df24b32
[Firefox:238 hits: 06-17 to 11-04] 4c3df24b32 [1] ASM:Graph
Armadillo| lines=81 trace

04:07:00 Win2K-f 116.45.59.204 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:12:00 Win2K-f 221.125.214.214 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 23 of 36 9d5d0ad83c
[Firefox: 6 hits: 08-15 to 10-28] none[none] none:none
none|none none none

04:18:00 WinXP 83.255.39.104 (COMHEM.SE):
COMHEM,
SE. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:47 hits: 10-05 to 11-03] none[none] none:none
none|none none none

T:04:18:00 Win2K-f 218.236.68.198 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 b724b621a2
[Firefox: 3 hits: 10-26 to 10-27] none[none] none:none
none|none none none

04:20:00 Win2K-f 86.105.21.203 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:32 hits: 08-01 to 10-28] none[none] none:none
none|none none none

04:20:00 WinXP 221.125.232.232 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 c36172817a
NEW none[none] none:none
none|none none none

T:04:22:00 WinXP 123.213.171.215 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a565344646
NEW none[none] none:none
none|none none none

T:04:24:00 WinXP 64.201.85.36 (80-LHTOT.COM):
LAUREL HIGHLAND TELEPHONE COMPANY,
STAHLSTOWN, PENNSYLVANIA, US. (DIAL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a537edc44b
[Firefox: 3 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:04:26:00 Win2K-f 89.136.45.251 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 918355cad9
[Firefox: 6 hits: 10-26 to 10-28] none[none] none:none
none|none none none

T:04:27:00 Win2K-f 82.236.176.183 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 f8deb2b824
NEW none[none] none:none
none|none none none

04:27:00 WinXP 211.247.185.159 (-):
DREAMX-CATV-JUNGBUSANCABLE2,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 29 of 36 89c901c1e0
NEW none[none] none:none
none|none none none

04:29:00 Win2K-f 117.58.138.55 (-):
TAEGU CABLE NETWORK CO. LTD,
TAEGU, KYONGSANG-BUKTO, KR. 63.173.172.98:6668 :proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 229f2f5c39
NEW none[none] none:none
none|none none none

04:32:00 WinXP 78.56.47.248 (ZEBRA.LT):
LIETUVOS,
LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:17 hits: 09-26 to 10-28] none[none] none:none
none|none none none

04:33:00 Win2K-f 61.105.125.161 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:32 hits: 08-01 to 10-28] none[none] none:none
none|none none none

T:04:39:00 WinXP 4.233.194.101 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:514 hits: 12-31 to 11-04] 048df78048 [0] ASM:Graph
none|none lines=61 trace

04:43:00 WinXP 211.173.183.242 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
INCHON, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 8e96b2ccbc
[Firefox: 2 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:04:43:00 Win2K-f 85.95.199.100 (CALIXO.NET):
VIALIS - REGIE MUNICIPALE DE COLMAR,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:17 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:04:48:00 WinXP 78.96.187.235 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 76b7a2a0ad
NEW none[none] none:none
none|none none none

T:04:49:00 Win2K-f 71.107.102.166 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04]
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:04:49:00 WinXP 61.228.185.226 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 3 hits: 10-22 to 10-28] none[none] none:none
none|none none none

04:49:00 Win2K-f 117.58.139.59 (-):
TAEGU CABLE NETWORK CO. LTD,
TAEGU, KYONGSANG-BUKTO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:15 hits: 08-15 to 10-29] none[none] none:none
none|none none none

04:57:00 WinXP 210.221.92.23 (-):
THRUNET CO. LTD,
KOTA KINABALU, SABAH, MY. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 34 of 36 70022553db
NEW none[none] none:none
none|none none none

T:05:02:00 Win2K-f 61.253.223.126 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 018066960e
NEW none[none] none:none
none|none none none

05:02:00 WinXP 4.233.194.101 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:514 hits: 12-31 to 11-04] 048df78048 [0] ASM:Graph
none|none lines=61 trace

05:05:00 Win2K-f 88.173.108.3 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 36 6b28308388
NEW none[none] none:none
none|none none none

T:05:16:00 WinXP 58.233.5.90 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 5efb38a186
NEW none[none] none:none
none|none none none

05:20:00 Win2K-f 122.118.19.54 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:26 hits: 07-13 to 10-28] none[none] none:none
none|none none none

T:05:21:00 Win2K-f 219.241.52.155 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:24 hits: 08-15 to 10-28] none[none] none:none
none|none none none

05:23:00 WinXP 92.130.43.80 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
[Firefox: 3 hits: 10-22 to 10-26] none[none] none:none
none|none none none

05:23:00 WinXP 202.226.239.232 (KITAKYUSHU03.BBIQ.JP):
KYUSHU TELECOMMUNICATION NETWORK CO. INC,
FUKUOKA, FUKUOKA, JP. (DIAL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox:11 hits: 09-26 to 10-28] none[none] none:none
none|none none none

05:26:00 WinXP 93.126.154.76 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f965fb8123
NEW none[none] none:none
none|none none none

T:05:27:00 WinXP 211.236.198.250 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0fb74a16d5
NEW none[none] none:none
none|none none none

T:05:27:00 Win2K-f 83.153.103.84 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE BROADBAND POOLS,
BOURGES, CENTRE, FR. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:26 hits: 08-15 to 10-29] none[none] none:none
none|none none none

T:05:32:00 WinXP 88.242.166.85 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:17 hits: 09-26 to 10-28] none[none] none:none
none|none none none

05:34:00 Win2K-f 88.246.123.156 (TTNET.NET.TR):
TT ADSL-METEKSAN DINAMIK_ACI,
BURSA, BURSA, TR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:15 hits: 08-15 to 10-29] none[none] none:none
none|none none none

T:05:35:00 Win2K-f 219.75.105.192 (SINGNET.COM.SG):
SINGNET PTE LTD,
SINGAPORE, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 d64290d3d5
NEW none[none] none:none
none|none none none

05:36:00 Win2K-f 207.177.106.199 (OMNITELCOM.COM):
NETINS INC,
MASON CITY, IOWA, US. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

05:37:00 WinXP 91.126.104.146 (RP80.SE):
WEBTECHNORD,
SE. 194.54.90.246:80 UA:citi-bank.ru
DE:kidos-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 977d83cd59
NEW none[none] none:none
none|none none none

05:39:00 WinXP 88.188.176.140 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 7 hits: 10-20 to 10-28] none[none] none:none
none|none none none

T:05:48:00 WinXP 89.136.34.160 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 35 ddb8dcfe6a
[Firefox: 2 hits: 10-22 to 10-28] none[none] none:none
none|none none none

T:05:49:00 WinXP 90.54.218.236 (IKBCC.COM):
IP2000-ADSL-BAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ca172c3868
[Firefox: 4 hits: 10-22 to 10-28] none[none] none:none
none|none none none

T:05:59:00 Win2K-f 78.96.227.247 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 35 3f4f3c33fe
NEW none[none] none:none
none|none none none

06:02:00 WinXP 79.206.75.68 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:656 hits: 01-01 to 11-04] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

06:07:00 WinXP 218.53.81.218 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7be76a5602
NEW none[none] none:none
none|none none none

T:06:10:00 WinXP 98.25.127.181 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:514 hits: 12-31 to 11-04] 048df78048 [0] ASM:Graph
none|none lines=61 trace

06:11:00 Win2K-f 89.136.31.82 (UPCNET.RO):
ASTRAL-UPC FOCSANI,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 35 3f4f3c33fe
NEW none[none] none:none
none|none none none

06:14:00 Win2K-f 211.215.197.63 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

T:06:16:00 WinXP 74.126.33.40 (COMWAVZ.COM):
WATCH TV,
LIMA, OHIO, US. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

T:06:28:00 Win2K-f 88.188.176.140 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 7 hits: 10-20 to 10-28] none[none] none:none
none|none none none

T:06:28:00 WinXP 93.156.97.218 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox: 5 hits: 10-29 to 11-02] none[none] none:none
none|none none none

T:06:31:00 Win2K-f 78.96.158.191 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:13 hits: 10-20 to 10-28] none[none] none:none
none|none none none

06:34:00 WinXP 69.151.232.13 (SWBELL.NET):
PPPOX POOL - RBACK18 HSTNTX #2,
HOUSTON, TEXAS, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:192 hits: 01-01 to 11-02] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

06:34:00 WinXP 221.125.209.97 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:11 hits: 09-26 to 10-28] none[none] none:none
none|none none none

06:34:00 Win2K-f 84.43.36.80 (ONETEL.NET.UK):
ONETEL DSL PIPE ALLOCATIONS,
LONDON, ENGLAND, UK. (DIAL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:11 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:06:46:00 WinXP 211.215.197.63 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

06:46:00 Win2K-f 211.187.106.184 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 836efce157
NEW none[none] none:none
none|none none none

T:06:47:00 WinXP 218.173.5.113 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:32 hits: 08-01 to 10-28] none[none] none:none
none|none none none

06:48:00 WinXP 82.246.76.69 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a RU:moscow-advokat.ru
US:lia.zanet.net
NL:diemen.nl.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:vancouver.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:837 hits: 12-31 to 11-04] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:06:51:00 Win2K-f 78.97.201.214 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 76b7a2a0ad
NEW none[none] none:none
none|none none none

T:06:58:00 WinXP 85.107.54.188 (TTNET.NET.TR):
TURK TELEKOM ADSL-ALCATEL,
BURSA, BURSA, TR. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:14 hits: 09-26 to 10-28] none[none] none:none
none|none none none

06:58:00 WinXP 123.252.135.118 (RDPLGLOBAL.COM):
TATA TELESERVICES MAHARASHTRA LTD,
MUMBAI, MAHARASHTRA, IN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 36 8fa85f3aeb
[Firefox: 2 hits: 10-22 to 10-28] none[none] none:none
none|none none none

07:09:00 Win2K-f 211.44.172.139 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 68c19ee5f2
NEW none[none] none:none
none|none none none

07:11:00 WinXP 218.169.185.164 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:117 hits: 07-13 to 10-29] none[none] none:none
none|none none none

T:07:12:00 WinXP 41.214.179.67 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:32 hits: 10-03 to 11-04] none[none] none:none
none|none none none

T:07:19:00 WinXP 207.177.106.199 (OMNITELCOM.COM):
NETINS INC,
MASON CITY, IOWA, US. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

T:07:23:00 Win2K-f 62.178.234.63 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:10 hits: 09-26 to 10-28] none[none] none:none
none|none none none

07:26:00 WinXP 122.2.146.209 (PLDT.NET):
IPG,
PH. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
US:lia.zanet.net
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3dc936f5f1
NEW none[none] none:none
none|none none none

T:07:27:00 WinXP 125.224.81.202 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:15 hits: 08-15 to 10-29] none[none] none:none
none|none none none

T:07:29:00 WinXP 122.2.146.209 (PLDT.NET):
IPG,
PH. n/a RU:moscow-advokat.ru
US:lia.zanet.net
SE:ced.dal.net
SE:vancouver.dal.net
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3dc936f5f1
NEW none[none] none:none
none|none none none

07:29:00 WinXP 221.124.21.238 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:29:00 WinXP 123.18.37.254 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 27 of 36 895fc368ac
[Firefox: 4 hits: 10-20 to 10-28] none[none] none:none
none|none none none

T:07:31:00 Win2K-f 218.51.103.183 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 33b54507d5
[Firefox: 3 hits: 09-26 to 10-28] none[none] none:none
none|none none none

07:39:00 Win2K-f 219.75.105.192 (SINGNET.COM.SG):
SINGNET PTE LTD,
SINGAPORE, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 d64290d3d5
NEW none[none] none:none
none|none none none

T:07:48:00 WinXP 211.173.184.60 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox:13 hits: 09-26 to 10-28] none[none] none:none
none|none none none

07:48:00 WinXP 85.186.144.101 (-):
ASTRAL MANGALIA CPE,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:13 hits: 10-20 to 10-28] none[none] none:none
none|none none none

07:51:00 WinXP 88.180.89.142 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:17 hits: 09-26 to 10-29] none[none] none:none
none|none none none

07:52:00 Win2K-f 24.64.249.242 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:24 hits: 08-15 to 10-28] none[none] none:none
none|none none none

08:05:00 Win2K-f 74.126.33.40 (COMWAVZ.COM):
WATCH TV,
LIMA, OHIO, US. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 24 of 36 b1966e6aa6
NEW none[none] none:none
none|none none none

T:08:06:00 Win2K-f 88.173.55.165 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 7 hits: 10-20 to 10-28] none[none] none:none
none|none none none

08:06:00 WinXP 61.229.142.106 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net
US:lia.zanet.net
SE:coins.dal.net
SE:viking.dal.net
BE:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
:gaspode.zanet.org.za
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
:los-angeles.ca.us.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 35 ce1a18eaa8
[Firefox: 2 hits: 11-04 to 11-04] none[none] none:none
none|none none none

T:08:07:00 WinXP 61.229.142.106 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

08:10:00 Win2K-f 70.249.80.192 (SWBELL.NET):
PPPOX POOL - BRAS2 OKCYOK 070704,
EDMOND, OKLAHOMA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.110.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04]
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:08:14:00 WinXP 89.137.252.211 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 7 hits: 10-22 to 10-28] none[none] none:none
none|none none none

08:14:00 WinXP 212.10.152.152 (REV.STOFANET.DK):
TELIA STOFA A/S,
AALBORG, NORDJYLLAND, DK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:26 hits: 07-13 to 10-28] none[none] none:none
none|none none none

08:32:00 WinXP 122.118.130.2 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 5975ee1875
NEW none[none] none:none
none|none none none

08:38:00 Win2K-f 210.3.179.184 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

T:08:41:00 WinXP 211.202.120.231 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 e457ad96b7
NEW none[none] none:none
none|none none none

08:52:00 WinXP 212.27.20.42 (-):
MLIFENET,
RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

08:54:00 Win2K-f 78.96.163.103 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 27 of 35 e019377a4f
[Firefox: 2 hits: 10-28 to 10-28] none[none] none:none
none|none none none

09:00:00 Win2K-f 114.201.118.137 (-):
. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 31 of 33
2 of 36 8ec6129efe
[Firefox:23 hits: 06-24 to 11-01]
d9766a3162
[Firefox: 2 hits: 08-29 to 10-31] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:09:08:00 WinXP 94.248.141.228 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 7a3d14f5d1
NEW none[none] none:none
none|none none none

09:12:00 WinXP 94.248.141.228 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 7a3d14f5d1
NEW none[none] none:none
none|none none none

09:19:00 WinXP 78.97.106.1 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ed84068c1f
NEW none[none] none:none
none|none none none

T:09:24:00 WinXP 87.57.182.78 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:28 hits: 08-02 to 10-12] none[none] none:none
none|none none none

09:26:00 WinXP 87.57.182.78 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:28 hits: 08-02 to 10-12] none[none] none:none
none|none none none

T:09:31:00 WinXP 79.163.187.169 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:22 hits: 10-21 to 11-04] none[none] none:none
none|none none none

09:34:00 WinXP 78.97.201.214 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 76b7a2a0ad
NEW none[none] none:none
none|none none none

T:09:35:00 Win2K-f 210.3.156.198 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

09:36:00 Win2K-f 222.235.214.102 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.96.126:80
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 0 of 33
none 4c3df24b32
[Firefox:238 hits: 06-17 to 11-04]
6a4845ca11
[Firefox:15 hits: 06-27 to 10-04] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

T:09:39:00 Win2K-f 78.131.12.32 (-):
EMKTV BUDAPEST VLAN 10 DOCSIS,
BUDAPEST, BUDAPEST, HU. n/a 139 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:53:00 Win2K-f 130.13.51.59 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 63.173.172.98:6668 :proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7990452f6a
[Firefox: 3 hits: 11-01 to 11-03] none[none] none:none
none|none none none

09:55:00 WinXP 85.95.199.100 (CALIXO.NET):
VIALIS - REGIE MUNICIPALE DE COLMAR,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:17 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:09:59:00 WinXP 75.85.254.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:837 hits: 12-31 to 11-04] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:10:05:00 WinXP 207.177.106.199 (OMNITELCOM.COM):
NETINS INC,
MASON CITY, IOWA, US. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

10:05:00 WinXP 212.72.2.76 (-):
GENERAL TELECOMMUNICATIONS ORGANIZATION,
MUSCAT, MASQAT, OM. n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
US:208.73.210.121:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:609 hits: 01-01 to 11-04] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:10:13:00 WinXP 85.87.208.8 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5ce420b160
NEW none[none] none:none
none|none none none

T:10:15:00 WinXP 193.227.109.191 (-):
SC SKY NET SRL,
IASI, IASI, RO. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 33 of 36 08f7a637d6
[Firefox: 2 hits: 11-04 to 11-04] none[none] none:none
none|none none none

10:19:00 Win2K-f 63.17.217.101 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a 135 pcap raw alerts
ruleset other
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

10:19:00 WinXP 79.163.178.33 (-):
IDEA,
PL. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 02ce2d42b8
[Firefox: 3 hits: 10-27 to 11-02] none[none] none:none
none|none none none

T:10:22:00 Win2K-f 88.173.49.88 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 6b28308388
NEW none[none] none:none
none|none none none

10:24:00 WinXP 89.136.45.251 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 918355cad9
[Firefox: 6 hits: 10-26 to 10-28] none[none] none:none
none|none none none

T:10:25:00 WinXP 79.163.223.147 (-):
IDEA,
PL. n/a UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:22 hits: 10-21 to 11-04] none[none] none:none
none|none none none

T:10:26:00 WinXP 4.249.240.129 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GERMANTOWN, MARYLAND, US. (DIAL) n/a UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:32 hits: 10-01 to 11-03] none[none] none:none
none|none none none

10:31:00 Win2K-f 88.31.174.102 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:17 hits: 09-26 to 10-29] none[none] none:none
none|none none none

10:33:00 Win2K-f 98.140.229.241 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:39:00 WinXP 65.173.138.52 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

10:41:00 WinXP 172.130.13.98 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
238 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:43:00 WinXP 78.59.226.145 (ZEBRA.LT):
LIETUVOS,
LT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 cd1d4a8f0a
NEW none[none] none:none
none|none none none

10:54:00 Win2K-f 88.165.234.229 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:57:00 WinXP 88.132.9.191 (-):
PRTELECOM,
MISKOLC, BORSOD-ABAUJ-ZEMPLEN, HU. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 db45e65cdc
NEW none[none] none:none
none|none none none

T:10:57:00 WinXP 88.132.9.191 (-):
PRTELECOM,
MISKOLC, BORSOD-ABAUJ-ZEMPLEN, HU. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 db45e65cdc
NEW none[none] none:none
none|none none none

11:03:00 Win2K-f 83.215.87.90 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:17 hits: 09-26 to 10-28] none[none] none:none
none|none none none

11:13:00 Win2K-f 85.186.112.164 (-):
ASTRAL HR GHEORGHIENI,
RO. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:19:00 WinXP 85.95.70.40 (-):
GEDIMEKS,
BG. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:16 hits: 10-21 to 11-04] none[none] none:none
none|none none none

11:24:00 Win2K-f 86.106.61.32 (UPCNET.RO):
SC UPC ROMANIA SA,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 3eeb212cb1
[Firefox: 5 hits: 10-22 to 10-28] none[none] none:none
none|none none none

T:11:28:00 Win2K-f 58.127.111.211 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:29:00 WinXP 190.188.81.79 (NET.AR):
PRIMA S.A,
AR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:68 hits: 09-13 to 11-03] none[none] none:none
none|none none none

11:33:00 WinXP 78.97.106.1 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ed84068c1f
NEW none[none] none:none
none|none none none

11:34:00 WinXP 217.201.211.173 (-):
TELECOM ITALIA MOBILE,
IT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 12797a184a
NEW none[none] none:none
none|none none none

T:11:45:00 WinXP 84.140.196.204 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
LUBECK, SCHLESWIG-HOLSTEIN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:192 hits: 01-08 to 11-03] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

11:48:00 Win2K-f 90.57.147.224 (IKBCC.COM):
IP2000-ADSL-BAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d2af6753cc
[Firefox: 5 hits: 10-26 to 10-31] none[none] none:none
none|none none none

T:12:09:00 Win2K-f 89.137.252.211 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 a23b0d455a
NEW none[none] none:none
none|none none none

12:09:00 WinXP 58.236.7.51 (-):
THRUNET-INFRA-INCHEON03,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 bc4e8366af
NEW none[none] none:none
none|none none none

T:12:13:00 WinXP 87.239.249.176 (-):
SC ACROPOLIS TECH SRL,
RO. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox: 5 hits: 11-02 to 11-04] none[none] none:none
none|none none none

T:12:16:00 Win2K-f 97.104.54.144 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:17:00 WinXP 189.97.192.147 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:16 hits: 10-21 to 11-04] none[none] none:none
none|none none none

T:12:18:00 WinXP 189.97.192.147 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:16 hits: 10-21 to 11-04] none[none] none:none
none|none none none

12:22:00 WinXP 24.59.240.103 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:297 hits: 01-01 to 11-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

12:29:00 WinXP 72.174.154.62 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:47 hits: 10-08 to 11-04] none[none] none:none
none|none none none

T:12:29:00 WinXP 72.174.154.62 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
:gaspode.zanet.org.za
SE:vancouver.dal.net
AT:graz.at.eu.undernet.org
:lulea.se.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:47 hits: 10-08 to 11-04] none[none] none:none
none|none none none

12:35:00 WinXP 83.132.112.24 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PORTO, PORTO, PT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 13754a62da
[Firefox: 2 hits: 10-09 to 10-13] none[none] none:none
none|none none none

T:12:36:00 WinXP 83.132.112.24 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PORTO, PORTO, PT. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 13754a62da
[Firefox: 2 hits: 10-09 to 10-13] none[none] none:none
none|none none none

12:40:00 WinXP 89.165.247.197 (HERTZA.RO):
HERTZA COMPUTERS SRL,
RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:44 hits: 09-17 to 11-03] none[none] none:none
none|none none none

12:45:00 WinXP 82.242.229.198 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:gaspode.zanet.org.za
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
SE:qis.md.us.dal.net
:brussels.be.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 ef4fe15355
NEW none[none] none:none
none|none none none

12:46:00 Win2K-f 89.137.252.211 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox: 7 hits: 10-22 to 10-28] none[none] none:none
none|none none none

12:51:00 Win2K-f 61.105.166.223 (KRLINE.NET):
KRNIC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:20 hits: 07-29 to 10-30] none[none] none:none
none|none none none

12:51:00 WinXP 72.131.81.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BROOKFIELD, WISCONSIN, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

12:52:00 WinXP 70.183.63.227 (COX.NET):
COX COMMUNICATIONS INC,
NEWPORT BEACH, CALIFORNIA, US. n/a CN:imb.f6hbr.in
CN:124.207.41.198:5900 135 pcap raw alerts
ruleset other
288 lines Yeah : 1.3
profile none summary
tarball 31 of 36 d732dd0b4d
NEW none[none] none:none
none|none none none

13:22:00 Win2K-f 68.184.109.17 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a US:www.symantec.com
US:j0r.biz 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 dd04166637
[Firefox: 4 hits: 02-11 to 07-29] 53e80eceeb [0] ASM:Graph
MEW| lines=296
embedded dns trace

13:25:00 Win2K-f 218.173.5.113 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:32 hits: 08-01 to 10-28] none[none] none:none
none|none none none

T:13:28:00 Win2K-f 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 812025bc54
NEW none[none] none:none
none|none none none

13:29:00 WinXP 41.214.165.93 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0d2740acc9
NEW none[none] none:none
none|none none none

T:13:29:00 WinXP 41.214.165.93 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 0d2740acc9
NEW none[none] none:none
none|none none none

13:32:00 WinXP 125.230.196.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

T:13:32:00 WinXP 24.64.249.242 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 121b9db36f
[Firefox: 2 hits: 10-22 to 10-22] none[none] none:none
none|none none none

13:34:00 WinXP 201.158.76.218 (CABLEXTREMO.COM.MX):
CABLEVISION DE SALTILLO SA DE CV,
MX. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 2afd89521c
[Firefox: 2 hits: 10-31 to 11-04] none[none] none:none
none|none none none

T:13:35:00 WinXP 83.97.174.64 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 6d7baa9138
[Firefox: 2 hits: 10-29 to 11-03] none[none] none:none
none|none none none

13:38:00 Win2K-f 82.127.168.142 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:14 hits: 08-01 to 10-28] none[none] none:none
none|none none none

13:44:00 WinXP 88.164.132.207 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 183fec029f
NEW none[none] none:none
none|none none none

13:45:00 Win2K-f 122.109.54.254 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80 135 pcap raw alerts
ruleset other
275 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 1a9ce5b5e9
NEW
a2db11fbb8
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:52:00 WinXP 91.145.192.232 (-):
LIMITED LIABILITY COMPANY ASTELIT,
AMSTERDAM, NOORD-HOLLAND, NL. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3f6fe8db26
NEW none[none] none:none
none|none none none

13:52:00 WinXP 91.145.192.232 (-):
LIMITED LIABILITY COMPANY ASTELIT,
AMSTERDAM, NOORD-HOLLAND, NL. n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:coins.dal.net
SE:ced.dal.net
SE:broadway.ny.us.dal.net
SE:ozbytes.dal.net
:caen.fr.eu.undernet.org
NL:london.uk.eu.undernet.org
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:17 hits: 10-03 to 10-28] none[none] none:none
none|none none none

13:59:00 WinXP 4.225.21.164 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:00:00 WinXP 151.67.221.44 (38-151.NET24.IT):
IUNET-BNET,
IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9eb35d0f8c
[Firefox: 4 hits: 11-03 to 11-04] none[none] none:none
none|none none none

T:14:01:00 WinXP 151.67.221.44 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9eb35d0f8c
[Firefox: 4 hits: 11-03 to 11-04] none[none] none:none
none|none none none

14:01:00 Win2K-f 210.3.156.198 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 36 0db664089d
[Firefox: 2 hits: 10-27 to 10-28] none[none] none:none
none|none none none

14:04:00 WinXP 195.174.205.111 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
IZMIR, IZMIR, TR. n/a UA:citi-bank.ru
DE:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b07a9f08ba
NEW none[none] none:none
none|none none none

14:07:00 Win2K-f 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.99.126:80
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:10:00 Win2K-f 78.155.142.170 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:14:00 WinXP 123.204.33.2 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:68 hits: 09-13 to 11-03] none[none] none:none
none|none none none

14:21:00 WinXP 125.58.88.176 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:198.78.201.126:80
US:207.123.37.123:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
b7082104e4
[Firefox:249 hits: 06-18 to 11-04] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

14:37:00 Win2K-f 64.201.85.36 (80-LHTOT.COM):
LAUREL HIGHLAND TELEPHONE COMPANY,
STAHLSTOWN, PENNSYLVANIA, US. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball 21 of 36 007e359dda
NEW none[none] none:none
none|none none none

14:38:00 WinXP 82.200.255.116 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM AKTOBE AFFILIATE,
KZ. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox: 5 hits: 11-02 to 11-04] none[none] none:none
none|none none none

T:14:45:00 WinXP 190.128.47.138 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:49:00 WinXP 61.229.122.44 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
SE:coins.dal.net
SE:ced.dal.net
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:vancouver.dal.net
:caen.fr.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:viking.dal.net
NO:london.uk.eu.undernet.org
:flanders.be.eu.undernet.org
:lulea.se.eu.undernet.org
US:lia.zanet.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 35 ce1a18eaa8
[Firefox: 2 hits: 11-04 to 11-04] none[none] none:none
none|none none none

14:58:00 Win2K-f 118.140.165.247 (-):
. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 32 of 36 790d5be34d
NEW none[none] none:none
none|none none none

T:15:00:00 WinXP 24.71.151.62 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 d5a5c04ab4
NEW none[none] none:none
none|none none none

T:15:04:00 Win2K-f 4.174.14.46 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ORLANDO, FLORIDA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:15:09:00 Win2K-f 4.178.189.202 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VANCOUVER, WASHINGTON, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80 135 pcap raw alerts
ruleset other
100 lines Yeah : 1.3
profile none summary
tarball 35 of 36
30 of 36 2ce489b91a
[Firefox: 4 hits: 10-06 to 10-25]
2f1ec86326
[Firefox: 4 hits: 10-06 to 10-25] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:10:00 WinXP 189.87.199.144 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:34 hits: 10-10 to 11-04] none[none] none:none
none|none none none

15:27:00 Win2K-f 70.61.16.80 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.220.124:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:28:00 WinXP 216.45.89.85 (GVEC.NET):
GVEC.NET,
ARNOLD, MARYLAND, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
:wpad
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
RU:195.200.213.54:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
15 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:609 hits: 01-01 to 11-04] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:15:36:00 WinXP 93.156.137.64 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox: 5 hits: 10-29 to 11-02] none[none] none:none
none|none none none

T:15:39:00 WinXP 125.58.88.176 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:207.123.37.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
b7082104e4
[Firefox:249 hits: 06-18 to 11-04] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

15:44:00 WinXP 24.67.141.164 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox:13 hits: 10-20 to 11-04] none[none] none:none
none|none none none

T:15:46:00 WinXP 119.72.24.213 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

15:48:00 WinXP 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:4.23.60.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 33 87e1117f2a
[Firefox:29 hits: 07-18 to 10-31]
b4fe4581c3
[Firefox:29 hits: 07-18 to 10-31] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:55:00 WinXP 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32
0 of 33 3cd7958258
[Firefox:36 hits: 06-17 to 11-04]
41efedf70f
[Firefox:35 hits: 06-19 to 11-04]
e07c29c4ae
[Firefox:793 hits: 06-19 to 11-04] none[4]
41efedf70f[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

16:04:00 Win2K-f 88.173.55.165 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox: 7 hits: 10-20 to 10-28] none[none] none:none
none|none none none

T:16:10:00 Win2K-f 173.16.77.89 (-):
. 67.43.236.98:1863 :xx.nadnadzz.info
CA:xx.enterhere.biz
CA:alwayssam.com
CA:zonetech.info 135 pcap raw alerts
ruleset irc
http
245 lines Yeah : 1.8
profile none summary
tarball 21 of 36
36 of 36
15 of 36 41b9df60db
[Firefox: 2 hits: 11-03 to 11-04]
bd7c6ba540
NEW
cada8d5adf
[Firefox: 3 hits: 11-03 to 11-04] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

16:18:00 WinXP 24.78.184.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:27:00 WinXP 190.189.116.43 (NET.AR):
PRIMA S.A,
AR. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:35:00 WinXP 80.234.120.18 (-):
POLICOM SPA IS AN INTERNET SERVICE PROVIDER AND TELCO OPERATOR,
IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 eaa9422755
[Firefox: 7 hits: 10-31 to 11-04] none[none] none:none
none|none none none

16:48:00 Win2K-f 62.178.234.63 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:10 hits: 09-26 to 10-28] none[none] none:none
none|none none none

T:16:51:00 WinXP 4.154.84.89 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SUWANEE, GEORGIA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:68 hits: 09-13 to 11-03] none[none] none:none
none|none none none

T:16:59:00 Win2K-f 189.48.126.27 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 84.244.6.253:2345 :qtas.net
SE:dzuc.net 445 pcap raw alerts
ruleset http
irc
34 lines Yeah : 1.3
profile none summary
tarball 6 of 36 e04df3fef0
NEW none[none] none:none
none|none none none

T:17:01:00 WinXP 24.79.249.21 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 aa485c27a9
NEW none[none] none:none
none|none none none

17:06:00 Win2K-f 66.136.150.72 (SWBELL.NET):
PPPOX POOL - RBACK1 KSC2MO,
KANSAS CITY, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

17:19:00 WinXP 210.218.144.209 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
PUSAN, PUSAN-GWANGYOKSI, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
32 of 33 0a2b1894da
[Firefox:12 hits: 06-26 to 11-02]
414b95a784
[Firefox:12 hits: 06-26 to 11-02] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:20:00 Win2K-f 24.84.211.155 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
604 lines Yeah : 1.3
profile none summary
tarball 32 of 36 738eb92db2
[Firefox: 8 hits: 10-06 to 11-03] none[none] none:none
none|none none none

T:17:23:00 WinXP 4.162.156.175 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
121 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36
0 of 33 304be62b7f
NEW
df6f03fdba
NEW
e07c29c4ae
[Firefox:793 hits: 06-19 to 11-04] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

17:25:00 WinXP 4.162.156.175 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:198.78.201.126:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
133 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36
0 of 33 304be62b7f
NEW
df6f03fdba
NEW
e07c29c4ae
[Firefox:793 hits: 06-19 to 11-04] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:17:26:00 WinXP 219.174.36.53 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:53:00 Win2K-f 66.65.73.236 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.37.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:06:00 WinXP 186.12.49.90 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:12 hits: 10-14 to 11-04] none[none] none:none
none|none none none

18:09:00 WinXP 65.188.32.184 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FT. WORTH, TEXAS, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:514 hits: 12-31 to 11-04] 048df78048 [0] ASM:Graph
none|none lines=61 trace

18:11:00 WinXP 151.118.211.55 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:12:00 WinXP 151.118.211.55 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:19:00 WinXP 72.225.209.3 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MIDDLE VILLAGE, NEW YORK, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:514 hits: 12-31 to 11-04] 048df78048 [0] ASM:Graph
none|none lines=61 trace

18:27:00 Win2K-f 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 812025bc54
NEW none[none] none:none
none|none none none

18:29:00 WinXP 72.174.96.50 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 9026691b97
NEW none[none] none:none
none|none none none

18:30:00 WinXP 70.138.29.203 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12 MRDNCT,
SEYMOUR, CONNECTICUT, US. (DSL) n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru
US:crime-research.ru
US:www.worldbank.org
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
US:prodexteam.net
:pnlkria.ru
:kargai.ru
:kfwfceki.ru
RU:alfabank.ru
:nhuwxyuw.ru
GB:www.viruslist.com
:udluzuq.ru
:fiazpvnne.ru
:ppxuub.ru
GB:www.candidateverifier.com
:lvwgdhwlj.ru
:raxeqajrf.ru
:dhagunb.ru
SE:kavkaz.tv
:zpwmktjv.ru
RU:www.cbr.ru
:aadqca.ru
:ygnrqi.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 bb7681eca8
[Firefox:14 hits: 09-26 to 11-02] none[none] none:none
none|none none none

18:31:00 WinXP 24.229.178.201 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox: 4 hits: 11-01 to 11-04] none[none] none:none
none|none none none

T:18:31:00 WinXP 24.229.178.201 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox: 4 hits: 11-01 to 11-04] none[none] none:none
none|none none none

T:18:44:00 WinXP 72.188.109.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
16 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:297 hits: 01-01 to 11-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

18:48:00 WinXP 96.51.28.41 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
194 lines Yeah : 1.3
profile none summary
tarball 27 of 32
0 of 33
34 of 36 b455f223d6
[Firefox: 6 hits: 06-20 to 10-27]
e07c29c4ae
[Firefox:793 hits: 06-19 to 11-04]
f6a98dbff3
NEW b455f223d6 [1]
e07c29c4ae[1]
none [none] ASM:Graph
ASM:Graph
none:none
Armadillo|
FSG|
none|none lines=81
lines=92
none trace
trace
none

18:58:00 WinXP 75.42.86.236 (SBCGLOBAL.NET):
PPPOX POOL - BRAS5.SCRMCA 090106-1000,
US. (DSL) n/a US:www.yahoo.com
:www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
US:crime-research.ru
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
DE:kavkaz.co.uk
:kargai.ru
:kfwfceki.ru
:nhuwxyuw.ru
RU:alfabank.ru
:udluzuq.ru
EU:crutop.nu
:fiazpvnne.ru
:ppxuub.ru
:lvwgdhwlj.ru
GB:www.candidateverifier.com
:raxeqajrf.ru
GB:www.viruslist.com 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 32 17028f1eda
[Firefox:56 hits: 04-18 to 11-02] none[3] none:none
tElock| none trace

T:19:03:00 WinXP 220.130.83.3 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:204.160.126.126:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 57ce4acac2
[Firefox:321 hits: 06-17 to 11-04]
83f26f5044
[Firefox:35 hits: 06-20 to 10-29] 57ce4acac2 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:19:07:00 Win2K-f 130.13.45.155 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 33 of 36 15717cd327
NEW none[none] none:none
none|none none none

19:11:00 WinXP 24.197.139.61 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 c91dfdf79a
[Firefox: 6 hits: 10-20 to 11-03] none[none] none:none
none|none none none

19:13:00 Win2K-f 123.212.119.64 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 4c3df24b32
[Firefox:238 hits: 06-17 to 11-04] 4c3df24b32 [1] ASM:Graph
Armadillo| lines=81 trace

T:19:16:00 WinXP 122.2.219.193 (PLDT.NET):
IPG,
PH. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox: 5 hits: 11-02 to 11-04] none[none] none:none
none|none none none

T:19:21:00 WinXP 121.234.165.40 (163DATA.COM.CN):
CHINANET JIANGSU PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a RU:moscow-advokat.ru
EU:gaz-prom.ru
:irc.kar.net
:washington.dc.us.undernet.org
:gaspode.zanet.org.za
AT:graz.at.eu.undernet.org
RU:irc.tsk.ru
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
US:lia.zanet.net
NL:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 d175bad0e6
[Firefox: 8 hits: 04-05 to 10-25] dfb15f5463 [0] ASM:Graph
tElock| lines=81
embedded dns trace

T:19:31:00 WinXP 71.117.203.132 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PORTLAND, OREGON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
a08f3b74a4
[Firefox:1340 hits: 06-18 to 11-04] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:32:00 Win2K-f 130.13.220.92 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 33 of 36 15717cd327
NEW none[none] none:none
none|none none none

T:19:32:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:38:00 WinXP 75.138.118.69 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:32 hits: 10-03 to 11-04] none[none] none:none
none|none none none

19:38:00 WinXP 75.138.118.69 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:32 hits: 10-03 to 11-04] none[none] none:none
none|none none none

19:53:00 Win2K-f 67.213.71.109 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
93 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:01:00 WinXP 96.15.232.112 (-):
. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox: 6 hits: 10-20 to 11-02] none[none] none:none
none|none none none

T:20:01:00 WinXP 96.15.232.112 (-):
. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox: 6 hits: 10-20 to 11-02] none[none] none:none
none|none none none

T:20:11:00 WinXP 114.48.2.31 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0d2740acc9
NEW none[none] none:none
none|none none none

20:28:00 Win2K-f 64.21.224.55 (GONDTC.COM):
GONDTC.COM,
HARVEY, NORTH DAKOTA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:31:00 WinXP 4.231.91.118 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4b2541d5f7
[Firefox:14 hits: 08-19 to 10-01] none[none] none:none
none|none none none

20:33:00 WinXP 222.150.29.11 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:531 hits: 01-05 to 11-04] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:20:33:00 Win2K-f 125.230.196.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox: 3 hits: 10-27 to 10-28] none[none] none:none
none|none none none

20:34:00 WinXP 70.77.49.233 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PRINCE GEORGE, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
23 of 33 bca9e0fb5f
[Firefox:41 hits: 06-18 to 11-04]
e07c29c4ae
[Firefox:793 hits: 06-19 to 11-04]
e53a9ea82e
[Firefox:40 hits: 06-18 to 11-04] none[4]
e07c29c4ae[1]
e53a9ea82e[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

20:46:00 WinXP 72.188.109.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1442 hits: 12-31 to 11-04] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:51:00 WinXP 117.201.1.242 (-):
. 194.14.236.50:6667 :proxim.ircgalaxy.pl
SE:vancouver.dal.net 445 pcap raw alerts
ruleset irc
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:53:00 WinXP 64.130.149.215 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:03:00 WinXP 68.150.205.150 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SHERWOOD PARK, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 31 of 36
33 of 36 d058cd6afc
NEW
fccf3453e3
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:03:00 WinXP 172.164.86.124 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33 3373948767
[Firefox:39 hits: 07-03 to 11-04]
c73f738c30
[Firefox:39 hits: 07-03 to 11-04] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:05:00 WinXP 218.54.9.116 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 32 1509c8d024
[Firefox:41 hits: 06-17 to 11-04]
f23b040440
[Firefox:27 hits: 06-22 to 10-14] none[4]
f23b040440[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

21:14:00 Win2K-f 210.233.210.146 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 3ed16ae12d
[Firefox:31 hits: 06-19 to 11-03]
79c01ec060
[Firefox:74 hits: 06-18 to 11-04]
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] 3ed16ae12d [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

21:17:00 Win2K-f 24.68.234.87 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 3 of 36
33 of 36
0 of 32 87ff5f5214
NEW
a0886943dd
NEW
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

21:20:00 WinXP 82.253.185.177 (PROXAD.NET):
PROXAD / FREE SAS,
LE HAVRE, HAUTE-NORMANDIE, FR. (DSL) n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b0d4bed1be
NEW none[none] none:none
none|none none none

T:21:27:00 Win2K-f 24.78.184.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:21:30:00 Win2K-f 72.215.49.28 (COX.NET):
COX COMMUNICATIONS,
BRISTOL, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.37.124:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:31:00 WinXP 117.99.22.195 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 aa485c27a9
NEW none[none] none:none
none|none none none

T:21:39:00 WinXP 92.47.131.60 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bcc96fab23
[Firefox: 2 hits: 08-29 to 09-17] none[none] none:none
none|none none none

21:48:00 Win2K-f 70.66.65.240 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NANAIMO, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.47.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 12e484a198
[Firefox: 9 hits: 10-01 to 11-03]
2e43dc0077
[Firefox:11 hits: 10-01 to 11-03] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:50:00 WinXP 60.248.17.88 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.47.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
57ce4acac2
[Firefox:321 hits: 06-17 to 11-04] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:09:00 WinXP 219.107.206.21 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:656 hits: 01-01 to 11-04] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

22:24:00 Win2K-f 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 812025bc54
NEW none[none] none:none
none|none none none

22:36:00 WinXP 74.67.48.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:12:00 WinXP 65.25.107.66 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CANTON, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:206.33.45.125:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
b7082104e4
[Firefox:249 hits: 06-18 to 11-04] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

23:19:00 WinXP 115.81.243.17 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.124:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
234 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 1fa62445aa
[Firefox: 4 hits: 11-01 to 11-03]
963d5f92ac
[Firefox: 5 hits: 10-28 to 11-03] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:39:00 WinXP 58.69.43.247 (PLDT.NET):
IPG,
QUEZON CITY, MANILA, PH. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 d799313878
NEW none[none] none:none
none|none none none

T:23:40:00 WinXP 83.69.62.252 (SCNET.CZ):
LOSAN S.R.O,
CZ. n/a RU:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
:gaspode.zanet.org.za
:washington.dc.us.undernet.org
SE:coins.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:47 hits: 10-08 to 11-04] none[none] none:none
none|none none none

T:23:44:00 Win2K-f 64.181.83.85 (WVFIBERNET.NET):
FIBERNET OF WV,
GRANTSVILLE, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
89 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04]
b5919931fe
[Firefox:1065 hits: 06-20 to 11-04] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:52:00 Win2K-f 71.97.11.177 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
GRAPEVINE, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:204.160.104.126:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3740 hits: 06-17 to 11-04]
73f1082158
[Firefox:1859 hits: 06-18 to 11-04] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace