Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 November 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:26:00 Win2K-f 98.175.173.35 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

00:33:00 WinXP 70.78.198.163 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

00:47:00 WinXP 210.4.125.55 (-):
COMCLARK,
ROXAS, CAPIZ, PH. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 b81df3157e
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

T:00:48:00 WinXP 210.4.125.55 (-):
COMCLARK,
ROXAS, CAPIZ, PH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b81df3157e
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

T:00:51:00 Win2K-f 58.226.28.56 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:43 hits: 06-20 to 11-02]
9276c8b36b
[Firefox:43 hits: 06-20 to 11-02] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

00:56:00 Win2K-f 58.226.28.56 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:43 hits: 06-20 to 11-02]
9276c8b36b
[Firefox:43 hits: 06-20 to 11-02] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:58:00 WinXP 98.174.0.4 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:205.128.73.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:16:00 WinXP 121.254.121.27 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 555fd0d0b3
[Firefox: 3 hits: 10-07 to 11-07] none[none] none:none
none|none none none

01:25:00 WinXP 71.51.226.110 (EMBARQHSD.NET):
EMBARQ CORPORATION,
RAEFORD, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:4.23.60.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:25:00 WinXP 88.176.188.153 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 31a5a51653
[Firefox: 2 hits: 10-31 to 11-09] none[none] none:none
none|none none none

T:01:35:00 Win2K-f 203.73.84.174 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
57ce4acac2
[Firefox:335 hits: 06-17 to 11-09] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:00:00 WinXP 79.138.138.75 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

T:02:17:00 WinXP 217.201.149.190 (-):
TELECOM ITALIA MOBILE,
FIRENZE, TOSCANA, IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 e6a7785fad
NEW none[none] none:none
none|none none none

02:18:00 WinXP 217.201.149.190 (-):
TELECOM ITALIA MOBILE,
FIRENZE, TOSCANA, IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 e6a7785fad
NEW none[none] none:none
none|none none none

T:02:24:00 WinXP 121.125.23.40 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:4.23.60.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:187 hits: 06-17 to 11-09]
4c3df24b32
[Firefox:246 hits: 06-17 to 11-08] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:26:00 Win2K-f 70.73.192.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
146 lines Yeah : 1.3
profile none summary
tarball 32 of 36 8aa56d1389
NEW none[none] none:none
none|none none none

02:27:00 WinXP 61.217.246.237 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:41:00 WinXP 122.124.192.172 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox:23 hits: 10-11 to 11-09] none[none] none:none
none|none none none

T:02:44:00 WinXP 81.84.96.132 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

02:46:00 WinXP 94.191.174.179 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:02:49:00 WinXP 83.92.53.11 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 60ac8e80c9
NEW none[none] none:none
none|none none none

02:57:00 WinXP 88.167.56.151 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 fd26272f9b
NEW none[none] none:none
none|none none none

03:02:00 Win2K-f 211.23.48.46 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
55 lines Yeah : 1.3
profile none summary
tarball 2 of 35 d1c529322b
NEW none[none] none:none
none|none none none

03:08:00 WinXP 87.6.112.183 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
BOLOGNA, EMILIA-ROMAGNA, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:21 hits: 10-27 to 11-09] none[none] none:none
none|none none none

03:17:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. n/a 135 pcap raw alerts
ruleset other
298 lines Yeah : 1.3
profile none summary
tarball 32 of 33 fe22b8315f
[Firefox:13 hits: 06-19 to 11-07] none[4] none:none
StarForce| none trace

T:03:33:00 WinXP 82.255.89.25 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:21 hits: 10-27 to 11-09] none[none] none:none
none|none none none

T:03:38:00 WinXP 173.16.65.241 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.125:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:03:44:00 Win2K-f 68.184.103.181 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:03:50:00 WinXP 24.30.171.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:03:51:00 WinXP 218.38.255.63 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 4cf5c7079b
NEW none[none] none:none
none|none none none

03:51:00 Win2K-f 218.37.242.53 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

03:53:00 WinXP 58.78.253.235 (-):
POW-HFC-POHANG-KYUNGJU,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:54:00 WinXP 218.239.76.25 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 c5b1d2ec7f
[Firefox: 2 hits: 11-07 to 11-07] none[none] none:none
none|none none none

03:56:00 Win2K-f 218.37.231.198 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 0772ea0926
NEW none[none] none:none
none|none none none

03:56:00 Win2K-f 89.137.162.75 (-):
ASTRAL ROMAN DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
[Firefox:12 hits: 10-22 to 11-07] none[none] none:none
none|none none none

T:04:01:00 WinXP 89.137.162.151 (-):
ASTRAL ROMAN DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 f4296e2474
[Firefox: 2 hits: 11-06 to 11-06] none[none] none:none
none|none none none

04:01:00 WinXP 67.11.179.92 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. (100Mbps) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:150 hits: 01-01 to 11-03] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:04:06:00 WinXP 218.171.115.75 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:25 hits: 09-26 to 11-07] none[none] none:none
none|none none none

04:06:00 Win2K-f 211.209.200.4 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:31 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:04:07:00 Win2K-f 116.121.208.7 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 d4bfcf7542
NEW none[none] none:none
none|none none none

T:04:16:00 WinXP 78.131.120.232 (-):
EMKTV DOROG DOCSIS,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:44 hits: 08-15 to 11-09] none[none] none:none
none|none none none

04:17:00 WinXP 212.106.47.143 (-):
TWELVENET,
UK. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
US:lia.zanet.net
:washington.dc.us.undernet.org
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
SE:coins.dal.net
SE:qis.md.us.dal.net
NL:london.uk.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:ozbytes.dal.net
:caen.fr.eu.undernet.org
:lulea.se.eu.undernet.org
SE:vancouver.dal.net
SE:ced.dal.net
:los-angeles.ca.us.undernet.org
SE:broadway.ny.us.dal.net
SE:viking.dal.net
AT:graz.at.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 aa26e45466
NEW none[none] none:none
none|none none none

T:04:19:00 Win2K-f 85.95.210.181 (CALIXO.NET):
VIALIS - REGIE MUNICIPALE DE COLMAR,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:25:00 WinXP 221.125.77.15 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 a7376cdb44
NEW none[none] none:none
none|none none none

04:26:00 WinXP 221.125.14.151 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 625144cee4
[Firefox:32 hits: 09-26 to 11-09] none[none] none:none
none|none none none

04:28:00 Win2K-f 80.8.118.180 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
BAYONNE, AQUITAINE, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:43 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:04:29:00 WinXP 219.240.90.190 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:24 hits: 10-27 to 11-09] none[none] none:none
none|none none none

04:29:00 WinXP 119.148.137.90 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 985cebca28
NEW none[none] none:none
none|none none none

T:04:34:00 WinXP 218.49.231.108 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 9d1c418d3c
NEW none[none] none:none
none|none none none

T:04:38:00 Win2K-f 83.221.72.58 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 34 d01706053b
NEW none[none] none:none
none|none none none

T:04:38:00 WinXP 91.141.107.231 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
US:lia.zanet.net
:los-angeles.ca.us.undernet.org
SE:viking.dal.net
SE:ced.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

04:43:00 Win2K-f 124.60.19.76 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 36 9d8ace5582
NEW none[none] none:none
none|none none none

T:04:45:00 Win2K-f 82.242.246.70 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:21 hits: 10-20 to 11-07] none[none] none:none
none|none none none

04:46:00 WinXP 88.243.72.243 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
IZMIR, IZMIR, TR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

04:47:00 Win2K-f 89.136.45.251 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 31e2551c0c
NEW none[none] none:none
none|none none none

04:48:00 Win2K-f 119.149.85.145 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 000e599b02
[Firefox: 3 hits: 10-22 to 11-07] none[none] none:none
none|none none none

T:04:49:00 WinXP 122.121.6.48 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:25 hits: 09-26 to 11-07] none[none] none:none
none|none none none

04:50:00 WinXP 220.255.111.247 (SINGNET.COM.SG):
SINGNET PTE LTD,
SINGAPORE, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 6b0c562a8e
NEW none[none] none:none
none|none none none

T:04:55:00 WinXP 85.186.144.125 (-):
ASTRAL MANGALIA CPE,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:21 hits: 10-20 to 11-07] none[none] none:none
none|none none none

T:04:58:00 WinXP 211.186.235.145 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none 301b2537f4
NEW none[none] none:none
none|none none none

T:05:05:00 Win2K-f 70.66.65.240 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NANAIMO, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.70.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 12e484a198
[Firefox:11 hits: 10-01 to 11-07]
2e43dc0077
[Firefox:13 hits: 10-01 to 11-07] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

05:13:00 WinXP 218.238.16.162 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 33b54507d5
[Firefox: 6 hits: 09-26 to 11-07] none[none] none:none
none|none none none

05:15:00 WinXP 96.48.148.9 (-):
. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 16 of 35 a957b6dacf
NEW none[none] none:none
none|none none none

T:05:16:00 Win2K-f 119.95.74.244 (-):
. n/a 135 pcap raw alerts
ruleset other
230 lines Yeah : 1.3
profile none summary
tarball 34 of 36 89b295feb4
NEW none[none] none:none
none|none none none

T:05:23:00 WinXP 117.58.139.59 (-):
TAEGU CABLE NETWORK CO. LTD,
TAEGU, KYONGSANG-BUKTO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:34 hits: 08-15 to 11-09] none[none] none:none
none|none none none

05:29:00 Win2K-f 61.253.238.48 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0bd5c84025
NEW none[none] none:none
none|none none none

T:05:30:00 Win2K-f 218.191.131.80 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:21 hits: 10-20 to 11-07] none[none] none:none
none|none none none

05:30:00 Win2K-f 218.191.199.29 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 36 625144cee4
[Firefox:32 hits: 09-26 to 11-09] none[none] none:none
none|none none none

05:31:00 WinXP 85.186.61.38 (ASTRAL.RO):
ASTRAL ODORHEI CABLE,
TIMISOARA, TIMIS, RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:12 hits: 10-22 to 11-09] none[none] none:none
none|none none none

05:31:00 WinXP 218.191.84.230 (-):
HUTCHISON GLOBAL COMMUNICATIONS,
SINGAPORE, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 edd41bea6e
NEW none[none] none:none
none|none none none

T:05:35:00 Win2K-f 61.253.223.126 (KRLINE.NET):
KRNIC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 018066960e
[Firefox: 2 hits: 10-22 to 11-05] none[none] none:none
none|none none none

T:05:40:00 WinXP 88.160.231.112 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 72.10.172.218:2938 EU:proxim.ircgalaxy.pl
:preek.oihduhdd.net
CA:japan.youngpeyatech.info
CA:italian.swiifatecihno.com
CA:72.10.172.218:2938 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 97881454dd
NEW none[none] none:none
none|none none none

05:46:00 Win2K-f 89.136.249.66 (-):
ASTRAL CURTEA DE ARGES DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 36 c37468ce14
[Firefox: 5 hits: 11-06 to 11-07] none[none] none:none
none|none none none

T:05:53:00 WinXP 89.136.249.66 (-):
ASTRAL CURTEA DE ARGES DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c37468ce14
[Firefox: 5 hits: 11-06 to 11-07] none[none] none:none
none|none none none

05:58:00 Win2K-f 211.200.144.160 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 3850aaad23
NEW none[none] none:none
none|none none none

T:06:00:00 Win2K-f 61.253.207.34 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 29 of 36 b27fcff98f
NEW none[none] none:none
none|none none none

06:07:00 WinXP 170.51.143.117 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:13 hits: 10-14 to 11-05] none[none] none:none
none|none none none

06:22:00 Win2K-f 58.122.122.184 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 000e599b02
[Firefox: 3 hits: 10-22 to 11-07] none[none] none:none
none|none none none

T:06:23:00 Win2K-f 24.174.245.183 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAREDO, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.96.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:06:23:00 WinXP 87.228.51.67 (-):
INFOLINE ZAO,
TROITSK, MOSKOVSKAYA OBLAST', RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

06:25:00 WinXP 87.228.51.67 (-):
INFOLINE ZAO,
TROITSK, MOSKOVSKAYA OBLAST', RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

T:06:25:00 Win2K-f 222.237.48.125 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 c8d35cd9fc
NEW none[none] none:none
none|none none none

06:28:00 Win2K-f 123.212.157.43 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:34 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:06:29:00 Win2K-f 61.228.162.239 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 33 of 34 c50e298b27
[Firefox:16 hits: 10-26 to 11-09] none[none] none:none
none|none none none

06:36:00 WinXP 221.126.226.253 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 23 of 36 9d5d0ad83c
[Firefox: 9 hits: 08-15 to 11-07] none[none] none:none
none|none none none

T:06:37:00 Win2K-f 88.243.98.144 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ACI,
ISTANBUL, ISTANBUL, TR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

06:39:00 WinXP 115.165.82.236 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:539 hits: 01-05 to 11-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:06:41:00 WinXP 220.129.71.106 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

T:06:43:00 Win2K-f 58.230.25.35 (-):
THRUNET-INFRA-SEOUL01,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 9e8bef3e67
NEW none[none] none:none
none|none none none

T:06:43:00 WinXP 82.245.163.58 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
SE:broadway.ny.us.dal.net
NL:diemen.nl.eu.undernet.org
SE:vancouver.dal.net
US:lia.zanet.net
:brussels.be.eu.undernet.org
:flanders.be.eu.undernet.org
:lulea.se.eu.undernet.org
NL:london.uk.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
SE:coins.dal.net
:washington.dc.us.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 3dc936f5f1
[Firefox: 3 hits: 11-05 to 11-08] none[none] none:none
none|none none none

06:45:00 WinXP 60.40.76.95 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:539 hits: 01-05 to 11-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

06:46:00 WinXP 93.156.139.245 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox:14 hits: 10-29 to 11-09] none[none] none:none
none|none none none

T:06:46:00 WinXP 93.156.139.245 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox:14 hits: 10-29 to 11-09] none[none] none:none
none|none none none

T:07:03:00 WinXP 151.65.252.145 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a UA:citi-bank.ru
DE:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a8c10e184d
[Firefox: 4 hits: 11-03 to 11-08] none[none] none:none
none|none none none

T:07:12:00 WinXP 124.104.244.201 (PLDT.NET):
BATC7300I01_CONSUMER,
PH. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:15:00 WinXP 81.198.232.109 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 985b9b9708
[Firefox: 3 hits: 10-25 to 10-28] none[none] none:none
none|none none none

07:15:00 Win2K-f 218.235.220.87 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:20:00 WinXP 222.85.1.14 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3547866dc3
NEW none[none] none:none
none|none none none

07:27:00 WinXP 72.139.121.218 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
CA. 67.43.236.98:1863 :xx.nadnadzz.info
CA:xx.enterhere.biz
CA:alwayssam.com
CA:zonetech.info
CA:72.10.166.195:80 135 pcap raw alerts
ruleset irc
http
335 lines Yeah : 1.8
profile none summary
tarball 36 of 36 dd9420ffa0
NEW none[none] none:none
none|none none none

T:07:33:00 Win2K-f 220.230.144.50 (-):
CJCABLENETJUNGBUSAN2,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:32 hits: 07-29 to 11-09] none[none] none:none
none|none none none

T:07:36:00 Win2K-f 125.26.122.84 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 34 c50e298b27
[Firefox:16 hits: 10-26 to 11-09] none[none] none:none
none|none none none

T:07:38:00 WinXP 90.150.113.17 (PERMONLINE.RU):
PFES.FOR ADSL USERS,
PERM', PERMSKAYA OBLAST', RU. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b81df3157e
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

07:46:00 WinXP 89.233.205.161 (RP80.SE):
WEBTECH NORD ZITIUS STOCKHOLM,
STOCKHOLM, STOCKHOLM, SE. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9d1dc5ba91
NEW none[none] none:none
none|none none none

07:53:00 WinXP 85.186.144.125 (-):
ASTRAL MANGALIA CPE,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:21 hits: 10-20 to 11-07] none[none] none:none
none|none none none

07:55:00 Win2K-f 85.211.228.244 (PIPEX.COM):
ADSL DYNAMIC IP ADDRESS POOL,
LONDON, ENGLAND, UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:29 hits: 07-13 to 11-07] none[none] none:none
none|none none none

T:07:56:00 WinXP 89.44.207.86 (JUMP.RO):
SC AZURE SOFTWARE SRL,
RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 0d2740acc9
[Firefox: 7 hits: 10-14 to 11-08] none[none] none:none
none|none none none

07:57:00 Win2K-f 218.191.195.40 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 114d93b412
[Firefox:10 hits: 10-22 to 11-07] none[none] none:none
none|none none none

08:09:00 WinXP 170.51.17.204 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

08:22:00 WinXP 83.213.137.138 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BASAURI, PAIS VASCO, ES. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1e3cef226f
[Firefox:11 hits: 11-04 to 11-09] none[none] none:none
none|none none none

T:08:38:00 WinXP 118.217.74.127 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 2d146934f1
[Firefox: 4 hits: 09-26 to 11-07] none[none] none:none
none|none none none

08:44:00 WinXP 62.11.35.226 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
FLORENCE, TOSCANA, IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad 445 pcap raw alerts
ruleset http
http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:312 hits: 01-01 to 11-09] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

08:54:00 WinXP 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09]
e07c29c4ae
[Firefox:826 hits: 06-19 to 11-09] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:01:00 Win2K-f 62.107.153.241 (REV.STOFANET.DK):
STOFANET-KOLD-NET,
SLAGELSE, VESTSJALLAND, DK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 1689d1d6c8
NEW none[none] none:none
none|none none none

T:09:07:00 WinXP 93.184.224.101 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 eca9a5fa95
[Firefox:60 hits: 08-09 to 11-02] none[none] none:none
none|none none none

09:18:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:19:00 Win2K-f 64.201.85.36 (80-LHTOT.COM):
LAUREL HIGHLAND TELEPHONE COMPANY,
STAHLSTOWN, PENNSYLVANIA, US. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 a537edc44b
[Firefox: 6 hits: 09-26 to 11-06] none[none] none:none
none|none none none

09:25:00 WinXP 4.253.135.49 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5c7a2bd95a
[Firefox: 2 hits: 11-04 to 11-09] none[none] none:none
none|none none none

09:35:00 Win2K-f 89.137.183.238 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 d17330db37
[Firefox:11 hits: 10-22 to 11-09] none[none] none:none
none|none none none

T:09:39:00 WinXP 82.250.196.233 (PROXAD.NET):
PROXAD / FREE SAS,
NANTES, PAYS DE LA LOIRE, FR. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:welcome3.smile.co.uk
:wpad
US:spi.domainsponsor.com
GB:195.92.84.198:80
US:208.73.210.121:80
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:618 hits: 01-01 to 11-09] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

09:45:00 Win2K-f 88.165.87.123 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:16 hits: 09-26 to 11-07] none[none] none:none
none|none none none

T:09:52:00 WinXP 69.71.121.33 (SPEAKEASY.NET):
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 393d3a40db
[Firefox:16 hits: 02-14 to 10-30] 8a0ff8065a [0] ASM:Graph
PolyEnE| lines=76 trace

09:57:00 WinXP 41.214.166.93 (-):
. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4e2a96bf05
NEW none[none] none:none
none|none none none

10:03:00 WinXP 58.236.105.7 (-):
THRUNET-INFRA-INCHEON09,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 fe92f5afc8
[Firefox: 2 hits: 10-26 to 11-09] none[none] none:none
none|none none none

10:04:00 Win2K-f 88.30.98.153 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:31 hits: 08-15 to 11-09] none[none] none:none
none|none none none

10:06:00 WinXP 87.246.62.152 (-):
CMTS CLIENTS IN SOFIA,
SOFIA, SOFIYA, BG. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 06a5e31b47
[Firefox: 7 hits: 10-28 to 11-09] none[none] none:none
none|none none none

T:10:07:00 WinXP 218.171.171.180 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 34 747de612f3
[Firefox: 2 hits: 11-02 to 11-04] none[none] none:none
none|none none none

T:10:07:00 WinXP 117.96.143.38 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

T:10:14:00 WinXP 83.97.148.199 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:30 hits: 10-21 to 11-09] none[none] none:none
none|none none none

T:10:16:00 Win2K-f 75.79.24.164 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:204.160.104.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:16:00 WinXP 91.126.57.19 (RP80.SE):
WEBTECH NORD JHAB STOCKHOLM,
STOCKHOLM, STOCKHOLM, SE. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9d1dc5ba91
NEW none[none] none:none
none|none none none

10:23:00 Win2K-f 70.184.121.105 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. n/a US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36 bea8cb1865
[Firefox:37 hits: 08-11 to 11-01]
fac78fde16
[Firefox:16 hits: 09-13 to 11-01] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:10:24:00 WinXP 88.132.9.96 (-):
PRTELECOM,
MISKOLC, BORSOD-ABAUJ-ZEMPLEN, HU. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 db45e65cdc
[Firefox: 2 hits: 11-05 to 11-05] none[none] none:none
none|none none none

T:10:26:00 Win2K-f 118.218.21.111 (-):
. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:204.160.126.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
[Firefox:42 hits: 06-21 to 11-09]
58c343a8d8
[Firefox:46 hits: 06-21 to 11-09] none[4]
58c343a8d8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:10:59:00 WinXP 12.107.247.157 (DTCCOM.NET):
DEKALB TELEPHONE COOPERATIVE,
SMITHVILLE, TENNESSEE, US. (DIAL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:08:00 Win2K-f 76.161.70.144 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 135 pcap raw alerts
ruleset http
130 lines Yeah : 1.3
profile none summary
tarball 33 of 36
0 of 32
33 of 36 812cec1061
NEW
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09]
f15da9c38a
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

11:08:00 WinXP 98.141.160.84 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

11:15:00 WinXP 78.34.16.226 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 d526bf5a3f
[Firefox: 5 hits: 10-12 to 11-09] none[none] none:none
none|none none none

T:11:17:00 WinXP 61.100.101.157 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:31 hits: 08-15 to 11-09] none[none] none:none
none|none none none

11:21:00 WinXP 195.174.206.173 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
IZMIR, IZMIR, TR. 195.174.206.173:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball none none none none none none none

11:28:00 Win2K-f 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:11:30:00 Win2K-f 83.215.87.90 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

T:11:33:00 WinXP 193.69.96.141 (BLUECOM.NO):
CATCH COMMUNCIATIONS ASA,
NO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 4b440bbb53
NEW none[none] none:none
none|none none none

11:33:00 Win2K-f 208.105.110.125 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 30 of 36
32 of 36 bcd096625a
NEW
cf67e03686
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:11:34:00 WinXP 137.118.218.35 (NEONOVA.NET):
NEONOVA NETWORK SERVICES,
SHERIDAN, WYOMING, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 3c327faa32
NEW none[none] none:none
none|none none none

T:11:37:00 WinXP 82.207.55.36 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN KIEV,
UA. n/a RU:moscow-advokat.ru
SE:qis.md.us.dal.net
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
:lulea.se.eu.undernet.org
AT:graz.at.eu.undernet.org
US:lia.zanet.net
:los-angeles.ca.us.undernet.org
SE:vancouver.dal.net
:washington.dc.us.undernet.org
SE:coins.dal.net
SE:ozbytes.dal.net
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org
:gaspode.zanet.org.za
:caen.fr.eu.undernet.org
SE:viking.dal.net
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

11:49:00 WinXP 189.72.168.154 (-):
. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e93f779791
NEW none[none] none:none
none|none none none

T:11:54:00 WinXP 201.221.116.61 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:39 hits: 10-03 to 11-09] none[none] none:none
none|none none none

11:55:00 WinXP 79.206.115.222 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:539 hits: 01-05 to 11-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

11:57:00 Win2K-f 118.140.165.247 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

T:11:58:00 WinXP 62.107.153.241 (REV.STOFANET.DK):
STOFANET-KOLD-NET,
SLAGELSE, VESTSJALLAND, DK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 1689d1d6c8
NEW none[none] none:none
none|none none none

T:12:07:00 WinXP 81.84.215.206 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 0d7e34e329
[Firefox: 3 hits: 11-07 to 11-09] none[none] none:none
none|none none none

12:17:00 WinXP 88.28.239.112 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 ca2ad7875a
NEW none[none] none:none
none|none none none

T:12:23:00 WinXP 96.52.172.65 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

12:23:00 Win2K-f 98.141.162.205 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:32:00 Win2K-f 222.85.1.14 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3547866dc3
NEW none[none] none:none
none|none none none

12:37:00 WinXP 94.28.141.230 (-):
. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 04ed4d2967
NEW none[none] none:none
none|none none none

12:42:00 WinXP 85.85.238.239 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

T:12:45:00 WinXP 67.150.15.26 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 445 pcap raw alerts
ruleset http
http
http
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:618 hits: 01-01 to 11-09] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

12:47:00 WinXP 79.124.104.47 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b07a9f08ba
NEW none[none] none:none
none|none none none

12:52:00 WinXP 89.36.214.186 (-):
SC TV ADLER TRADING SRL,
RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 e1d61ca6e5
NEW none[none] none:none
none|none none none

12:57:00 Win2K-f 70.184.153.236 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36 bea8cb1865
[Firefox:37 hits: 08-11 to 11-01]
fac78fde16
[Firefox:16 hits: 09-13 to 11-01] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

12:57:00 WinXP 92.41.121.167 (IKBCC.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 959f56f218
NEW none[none] none:none
none|none none none

T:13:05:00 WinXP 221.125.77.15 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:34 hits: 08-15 to 11-09] none[none] none:none
none|none none none

13:11:00 WinXP 80.96.145.114 (-):
SC-GENIUS-NETWORK-SRL,
GALATI, GALATI, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:43 hits: 08-15 to 11-09] none[none] none:none
none|none none none

13:17:00 WinXP 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09]
e07c29c4ae
[Firefox:826 hits: 06-19 to 11-09] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

13:20:00 Win2K-f 79.66.182.167 (AS9105.COM):
TELINCO,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 5a38a2e599
[Firefox: 5 hits: 10-28 to 11-07] none[none] none:none
none|none none none

T:13:24:00 WinXP 80.218.20.151 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 ad592e0c24
NEW none[none] none:none
none|none none none

13:25:00 WinXP 80.218.20.151 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 ad592e0c24
NEW none[none] none:none
none|none none none

13:26:00 Win2K-f 198.147.197.136 (TSSI.COM):
TAILORED SOFTWARE SERVICES INC,
LINCOLN, NEBRASKA, US. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:29 hits: 07-13 to 11-07] none[none] none:none
none|none none none

T:13:33:00 Win2K-f 125.230.82.225 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:24 hits: 10-27 to 11-09] none[none] none:none
none|none none none

13:40:00 WinXP 82.242.24.203 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:30 hits: 08-02 to 11-05] none[none] none:none
none|none none none

T:13:44:00 WinXP 83.144.149.118 (CLIENTS.EASYNET.FR):
PROVIDER LOCAL REGISTRY,
LEIRIA, LEIRIA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:78 hits: 09-13 to 11-08] none[none] none:none
none|none none none

T:13:48:00 WinXP 201.69.67.37 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:52:00 WinXP 198.174.212.92 (WIKTEL.COM):
WIKSTROM TELEPHONE,
THIEF RIVER FALLS, MINNESOTA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:196 hits: 01-01 to 11-09] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:13:53:00 Win2K-f 221.125.14.151 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 625144cee4
[Firefox:32 hits: 09-26 to 11-09] none[none] none:none
none|none none none

13:55:00 WinXP 70.118.226.184 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:14:00:00 WinXP 83.97.242.66 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 5 hits: 10-26 to 11-08] none[none] none:none
none|none none none

14:14:00 WinXP 12.74.21.133 (ATT.NET):
AT&T WORLDNET SERVICES,
SAN ANGELO, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:529 hits: 12-31 to 11-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:14:16:00 WinXP 79.66.182.167 (AS9105.COM):
TELINCO,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 5a38a2e599
[Firefox: 5 hits: 10-28 to 11-07] none[none] none:none
none|none none none

14:19:00 WinXP 83.213.126.219 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BILBAO, PAIS VASCO, ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

14:19:00 Win2K-f 125.232.242.195 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:44 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:14:22:00 WinXP 81.84.217.42 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
COIMBRA, COIMBRA, PT. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:20 hits: 10-03 to 11-09] none[none] none:none
none|none none none

14:22:00 WinXP 81.84.217.42 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
COIMBRA, COIMBRA, PT. n/a RU:moscow-advokat.ru
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
HR:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:ced.dal.net
SE:viking.dal.net
:gaspode.zanet.org.za
:caen.fr.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:broadway.ny.us.dal.net
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:20 hits: 10-03 to 11-09] none[none] none:none
none|none none none

T:14:27:00 WinXP 87.58.217.175 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 ddb3bd55db
[Firefox: 4 hits: 10-29 to 11-09] none[none] none:none
none|none none none

14:29:00 WinXP 87.58.217.175 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 ddb3bd55db
[Firefox: 4 hits: 10-29 to 11-09] none[none] none:none
none|none none none

14:45:00 WinXP 75.143.192.218 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:36 hits: 10-01 to 11-09] none[none] none:none
none|none none none

14:47:00 WinXP 201.21.137.198 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 533435553d
NEW none[none] none:none
none|none none none

T:14:48:00 WinXP 201.21.137.198 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 533435553d
NEW none[none] none:none
none|none none none

14:51:00 WinXP 12.76.47.44 (ATT.NET):
AT&T WORLDNET SERVICES,
POUGHKEEPSIE, NEW YORK, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1483 hits: 12-31 to 11-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:55:00 WinXP 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.44.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:06:00 WinXP 204.193.219.159 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 34 a7003c5a33
[Firefox:21 hits: 10-21 to 11-08] none[none] none:none
none|none none none

15:29:00 WinXP 88.161.220.195 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

T:15:29:00 WinXP 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.70.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:29:00 WinXP 88.161.220.195 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

T:15:32:00 WinXP 79.138.193.65 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:35:00 WinXP 189.24.72.122 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:539 hits: 01-05 to 11-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

15:36:00 Win2K-f 64.139.110.70 (JCURRY):
NCI DATA.COM INC,
OROVILLE, WASHINGTON, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.37.123:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:40:00 WinXP 82.233.136.174 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

T:15:40:00 WinXP 82.233.136.174 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

T:15:45:00 WinXP 4.137.213.165 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CANTON, GEORGIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.70.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
127 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
b7082104e4
[Firefox:261 hits: 06-18 to 11-09] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:16:01:00 WinXP 212.152.96.189 (-):
TIM HELLAS TELECOMMUNICATIONS S.A,
GR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:78 hits: 09-13 to 11-08] none[none] none:none
none|none none none

16:07:00 Win2K-f 66.127.54.45 (PACBELL.NET):
RBACK1.SNFC21 PPPOX,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.220.124:80
US:204.160.126.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:10:00 Win2K-f 66.127.54.45 (PACBELL.NET):
RBACK1.SNFC21 PPPOX,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.220.124:80
US:204.160.126.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:15:00 WinXP 98.141.161.133 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:20:00 WinXP 96.52.166.79 (-):
. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:19 hits: 11-02 to 11-09] none[none] none:none
none|none none none

T:16:23:00 WinXP 189.126.16.230 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 289d74b4ce
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

16:24:00 WinXP 76.169.142.24 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:126 hits: 07-13 to 11-07] none[none] none:none
none|none none none

16:29:00 WinXP 81.84.96.183 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

T:16:29:00 WinXP 81.84.96.183 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 2 hits: 11-09 to 11-09] none[none] none:none
none|none none none

16:41:00 WinXP 69.134.245.157 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:529 hits: 12-31 to 11-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:16:44:00 WinXP 93.126.116.18 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1483 hits: 12-31 to 11-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:50:00 WinXP 12.73.209.92 (ATT.NET):
AT&T WORLDNET SERVICES,
CHICAGO, ILLINOIS, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f502585714
[Firefox:54 hits: 01-02 to 11-06] ae590430c5 [0] ASM:Graph
PolyEnE| lines=63 trace

16:50:00 WinXP 12.73.209.92 (ATT.NET):
AT&T WORLDNET SERVICES,
CHICAGO, ILLINOIS, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 f502585714
[Firefox:54 hits: 01-02 to 11-06] ae590430c5 [0] ASM:Graph
PolyEnE| lines=63 trace

T:16:58:00 WinXP 41.214.180.210 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:17:02:00 Win2K-f 78.131.86.205 (-):
EMKTV BUDAPEST VLAN 11 DOCSIS,
BUDAPEST, BUDAPEST, HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 94156f67b0
[Firefox:27 hits: 08-15 to 11-09] none[none] none:none
none|none none none

17:04:00 Win2K-f 4.183.170.195 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAKELAND, FLORIDA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:24:00 WinXP 41.214.147.14 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:25:00 WinXP 41.214.147.14 (-):
. n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 fb4831bb39
NEW none[none] none:none
none|none none none

T:17:27:00 WinXP 75.82.184.80 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:197 hits: 01-08 to 11-09] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

17:28:00 WinXP 96.10.59.186 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

17:35:00 WinXP 122.121.6.48 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:25 hits: 09-26 to 11-07] none[none] none:none
none|none none none

17:41:00 WinXP 190.17.227.22 (COM.AR):
CABLEVISION S.A,
AR. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

T:17:41:00 WinXP 190.17.227.22 (COM.AR):
CABLEVISION S.A,
AR. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
:brussels.be.eu.undernet.org
US:lia.zanet.net
SE:broadway.ny.us.dal.net
:lulea.se.eu.undernet.org
SE:ozbytes.dal.net
SE:viking.dal.net
SE:qis.md.us.dal.net
:flanders.be.eu.undernet.org
NO:london.uk.eu.undernet.org
AT:graz.at.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

17:55:00 WinXP 213.89.167.27 (COMHEM.SE):
COM HEM STOCKHOLM CUSTOMER BROADBAND ACCESS,
STOCKHOLM, STOCKHOLM, SE. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:21 hits: 10-27 to 11-09] none[none] none:none
none|none none none

T:17:56:00 WinXP 213.89.167.27 (COMHEM.SE):
COM HEM STOCKHOLM CUSTOMER BROADBAND ACCESS,
STOCKHOLM, STOCKHOLM, SE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:21 hits: 10-27 to 11-09] none[none] none:none
none|none none none

17:58:00 Win2K-f 24.76.34.184 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
261 lines Yeah : 1.3
profile none summary
tarball 31 of 35 a93ff1217b
[Firefox: 3 hits: 10-25 to 10-28] none[none] none:none
none|none none none

18:08:00 WinXP 92.41.117.52 (IKBCC.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 2b78d6647e
[Firefox: 2 hits: 10-26 to 11-06] none[none] none:none
none|none none none

T:18:11:00 WinXP 220.144.229.28 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:676 hits: 01-01 to 11-09] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

18:12:00 WinXP 122.55.220.121 (PLDT.NET):
IPG,
PH. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 9c0ad0c1cf
NEW none[none] none:none
none|none none none

18:18:00 WinXP 209.177.126.131 (GVNI.COM):
GLOBAL VALLEY NETWORKS,
TURLOCK, CALIFORNIA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

T:18:18:00 WinXP 209.177.126.131 (GVNI.COM):
GLOBAL VALLEY NETWORKS,
TURLOCK, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

18:25:00 Win2K-f 69.110.138.133 (PACBELL.NET):
AT&T INTERNET SERVICES,
LOS ANGELES, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:25:00 Win2K-f 88.165.87.123 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:16 hits: 09-26 to 11-07] none[none] none:none
none|none none none

18:28:00 WinXP 70.15.70.173 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:50 hits: 10-05 to 11-09] none[none] none:none
none|none none none

18:29:00 WinXP 190.137.178.186 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a196399c91
NEW none[none] none:none
none|none none none

18:34:00 WinXP 125.230.82.225 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:24 hits: 10-27 to 11-09] none[none] none:none
none|none none none

T:18:38:00 WinXP 190.191.129.72 (-):
. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 805afbac09
[Firefox: 4 hits: 10-31 to 11-06] none[none] none:none
none|none none none

18:41:00 WinXP 190.224.56.201 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox: 9 hits: 10-20 to 11-08] none[none] none:none
none|none none none

T:18:41:00 WinXP 190.224.56.201 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox: 9 hits: 10-20 to 11-08] none[none] none:none
none|none none none

T:18:50:00 WinXP 63.17.156.218 (UU.NET):
UUNET TECHNOLOGIES INC,
NEW YORK, NEW YORK, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:18:50:00 WinXP 89.136.249.66 (-):
ASTRAL CURTEA DE ARGES DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c37468ce14
[Firefox: 5 hits: 11-06 to 11-07] none[none] none:none
none|none none none

T:19:17:00 WinXP 118.140.165.247 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:32 hits: 09-26 to 11-07] none[none] none:none
none|none none none

T:19:22:00 WinXP 66.50.29.220 (PRTC.NET):
PRTC RAS,
SAN JUAN, PUERTO RICO, PR. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:851 hits: 12-31 to 11-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

19:23:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.70.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:33:00 WinXP 68.145.13.106 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

19:33:00 WinXP 68.145.13.106 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a RU:moscow-advokat.ru
SE:ced.dal.net
AT:graz.at.eu.undernet.org
SE:vancouver.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:64 hits: 10-08 to 11-09] none[none] none:none
none|none none none

T:19:33:00 Win2K-f 66.184.21.46 (LDMI.COM):
TALK AMERICA,
RESTON, VIRGINIA, US. n/a US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.46.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33 3690b64ca2
[Firefox:11 hits: 06-18 to 10-29]
a6fb77fd26
[Firefox:11 hits: 06-18 to 10-29] none[4]
a6fb77fd26[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=82 trace
trace

19:46:00 Win2K-f 68.184.103.181 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:199.93.53.125:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:03:00 Win2K-f 64.253.12.167 (HARGRAY.NET):
HARGRAY COMMUNICATIONS,
SHELTON, CONNECTICUT, US. n/a 135 pcap raw alerts
ruleset other
259 lines Yeah : 1.3
profile none summary
tarball 33 of 36 ca8494a01c
NEW none[none] none:none
none|none none none

T:20:21:00 Win2K-f 70.65.195.196 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:20:22:00 WinXP 24.197.139.25 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 c91dfdf79a
[Firefox: 7 hits: 10-20 to 11-05] none[none] none:none
none|none none none

20:33:00 WinXP 166.165.157.235 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. (DIAL) 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f5828fff0c
NEW none[none] none:none
none|none none none

20:33:00 Win2K-f 24.82.158.41 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PORTAGE, MANITOBA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:207.123.37.123:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:43:00 WinXP 80.104.163.220 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
ANCONA, MARCHE, IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1483 hits: 12-31 to 11-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:20:49:00 WinXP 80.104.163.220 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
ANCONA, MARCHE, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1483 hits: 12-31 to 11-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

20:52:00 Win2K-f 4.225.23.57 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:55:00 WinXP 71.106.14.69 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:539 hits: 01-05 to 11-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:26:00 Win2K-f 69.125.168.222 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
TOTOWA, NEW JERSEY, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.44.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:26:00 WinXP 61.220.116.19 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.44.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 cfcb83b235
[Firefox: 2 hits: 10-27 to 10-29]
d73359368b
[Firefox: 2 hits: 10-27 to 10-29] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:35:00 WinXP 71.104.54.169 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ONTARIO, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
95 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:35:00 Win2K-f 63.246.123.246 (SPEAKEASY.NET):
US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:52:00 WinXP 76.255.71.237 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a73c16ccd0
[Firefox: 3 hits: 01-03 to 07-26] none[none] none:none
none|none none none

21:55:00 WinXP 210.4.105.30 (-):
COMCLARK,
ROXAS, CAPIZ, PH. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b81df3157e
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

T:21:55:00 WinXP 210.4.105.30 (-):
COMCLARK,
ROXAS, CAPIZ, PH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b81df3157e
[Firefox: 9 hits: 11-03 to 11-09] none[none] none:none
none|none none none

22:01:00 WinXP 117.99.48.223 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

T:22:01:00 WinXP 117.99.48.223 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:40 hits: 10-10 to 11-09] none[none] none:none
none|none none none

T:22:14:00 Win2K-f 75.79.51.88 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.222.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:20:00 WinXP 72.174.96.50 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 9026691b97
[Firefox: 2 hits: 10-28 to 11-05] none[none] none:none
none|none none none

22:20:00 WinXP 72.174.96.50 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 9026691b97
[Firefox: 2 hits: 10-28 to 11-05] none[none] none:none
none|none none none

22:37:00 Win2K-f 76.170.185.139 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
b7082104e4
[Firefox:261 hits: 06-18 to 11-09] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:22:45:00 WinXP 68.148.10.132 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

22:48:00 Win2K-f 67.64.30.245 (WBSNET.NET):
WHEATLAND ELECTRIC COOP,
SCOTT CITY, KANSAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.53.125:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
a08f3b74a4
[Firefox:1379 hits: 06-18 to 11-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:13:00 Win2K-f 61.222.2.212 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
57ce4acac2
[Firefox:335 hits: 06-17 to 11-09] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:42:00 WinXP 211.13.11.254 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:676 hits: 01-01 to 11-09] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

23:43:00 WinXP 79.126.12.222 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:676 hits: 01-01 to 11-09] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:23:53:00 Win2K-f 98.174.0.4 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3854 hits: 06-17 to 11-09]
73f1082158
[Firefox:1916 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1104 hits: 06-20 to 11-09] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace