Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

13 November 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:05:00 WinXP 4.158.84.159 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MERRILLVILLE, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.73.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

00:15:00 WinXP 78.159.33.131 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 24e4c28fdb
[Firefox: 5 hits: 10-25 to 11-12] none[none] none:none
none|none none none

00:26:00 Win2K-f 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a 135 pcap raw alerts
ruleset other
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:34:00 Win2K-f 78.106.41.202 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:35:00 WinXP 41.214.172.22 (-):
. n/a RU:moscow-advokat.ru
SE:ced.dal.net
SE:viking.dal.net
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:ozbytes.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:00:36:00 WinXP 97.77.49.110 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5b901e64d0
NEW none[none] none:none
none|none none none

00:51:00 Win2K-f 121.73.117.16 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.46.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
348 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 7f89b38665
[Firefox:36 hits: 08-02 to 11-09]
a51a50404e
[Firefox:36 hits: 08-02 to 11-09] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:00:55:00 WinXP 70.61.104.192 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
e07c29c4ae
[Firefox:833 hits: 06-19 to 11-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

00:58:00 WinXP 76.73.239.195 (-):
. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:205.128.70.126:80
US:207.123.37.123:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
109 lines Yeah : 1.8
profile none summary
tarball 32 of 36
35 of 36 01dcca5633
NEW
c885b182d0
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

01:20:00 Win2K-f 116.125.8.252 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com
US:204.160.126.124:80
US:205.128.70.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset irc
127 lines Yeah : 1.8
profile none summary
tarball 28 of 33
31 of 33 06f27eb5cb
[Firefox: 8 hits: 07-02 to 08-19]
d27dfd506b
[Firefox: 8 hits: 07-02 to 08-19] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:01:23:00 Win2K-f 140.239.41.83 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 73ce2b74da
[Firefox:32 hits: 06-18 to 11-04]
79c01ec060
[Firefox:76 hits: 06-18 to 11-09]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] 73ce2b74da [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

01:50:00 WinXP 222.159.0.21 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:540 hits: 04-15 to 11-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

01:50:00 Win2K-f 80.175.220.2 (NEWNET.CO.UK):
ACHKEY LTD,
LONDON, ENGLAND, UK. (DSL) 79.132.211.24:65520
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:51:00 WinXP 79.11.190.67 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:28 hits: 10-27 to 11-12] none[none] none:none
none|none none none

01:51:00 WinXP 79.11.190.67 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:28 hits: 10-27 to 11-12] none[none] none:none
none|none none none

T:02:02:00 WinXP 217.219.164.54 (-):
RAH-E-JAHAN SARI,
SARI, MAZANDARAN, IR. (100Mbps) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

02:12:00 WinXP 217.184.65.201 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
GB:new.egg.com
RU:www.vtb.ru 445 pcap raw alerts
ruleset http
http
http
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:222 hits: 04-06 to 11-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

02:13:00 Win2K-f 94.198.234.144 (-):
. 79.132.211.24:65520 CN:fleshkatera.cn
CN:lolika.cn
CN:www.upononjob.cn
CN:mulfika.cn
US:do-power-scan.com
:av-pro-2009.com
EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
http
20 lines Yeah : 1.3
profile none summary
tarball 17 of 36
18 of 36
11 of 36 51164ac34a
NEW
be2d362745
NEW
fb8f82fcb3
[Firefox:29 hits: 10-24 to 11-12] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

02:17:00 WinXP 89.165.247.197 (HERTZA.RO):
HERTZA COMPUTERS SRL,
RO. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 34 224b0dbe6b
NEW none[none] none:none
none|none none none

02:18:00 WinXP 41.214.156.86 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 1595515522
[Firefox:13 hits: 10-09 to 11-08] none[none] none:none
none|none none none

T:02:21:00 Win2K-f 98.175.171.32 (-):
. n/a 135 pcap raw alerts
ruleset other
164 lines Yeah : 1.3
profile none summary
tarball 33 of 36 fe9d1f5028
NEW none[none] none:none
none|none none none

T:02:52:00 WinXP 78.31.59.61 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

02:52:00 WinXP 78.31.59.61 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

T:02:54:00 WinXP 118.231.74.182 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 0c99fe274d
[Firefox: 2 hits: 10-28 to 10-29] none[none] none:none
none|none none none

02:55:00 WinXP 93.156.106.84 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 3f4618b880
[Firefox: 2 hits: 11-08 to 11-08] none[none] none:none
none|none none none

T:03:04:00 WinXP 79.138.149.39 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:03:18:00 Win2K-f 76.160.85.70 (CAVTEL.NET):
CAVALIER TELEPHONE,
US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 33 of 36
0 of 32
33 of 36 812cec1061
NEW
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12]
f15da9c38a
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

03:30:00 WinXP 89.44.145.215 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
RO. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
16 lines Yeah : 1.3
profile none summary
tarball 35 of 36 04ed4d2967
[Firefox: 3 hits: 11-08 to 11-12] none[none] none:none
none|none none none

03:31:00 WinXP 70.61.104.192 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
e07c29c4ae
[Firefox:833 hits: 06-19 to 11-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:41:00 Win2K-f 58.230.192.35 (-):
THRUNET-INFRA-SEOUL03,
SEOUL, KYONGGI-DO, KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.125:80
US:207.123.47.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 27 of 33
31 of 33 1951eee0cd
[Firefox:17 hits: 06-18 to 11-08]
e5e0dbde57
[Firefox:17 hits: 06-18 to 11-08] 1951eee0cd [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

03:55:00 Win2K-f 41.214.167.38 (-):
. 79.132.211.24:65520 445 pcap raw alerts
ruleset irc
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:57:00 WinXP 125.229.175.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:59:00 WinXP 91.149.117.107 (SKYLINK.RU):
MOSCOW CELLULAR COMMUNICATIONS,
MOSCOW, MOSKVA, RU. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 35 of 36 f4bffb9e96
[Firefox: 2 hits: 11-06 to 11-08] none[none] none:none
none|none none none

T:04:09:00 WinXP 114.201.171.51 (-):
. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:207.123.42.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
111 lines Yeah : 1.8
profile none summary
tarball 31 of 33
34 of 36 168aab35a3
[Firefox:189 hits: 06-17 to 11-12]
58828b2adc
[Firefox: 2 hits: 09-20 to 10-14] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

04:11:00 WinXP 114.48.166.135 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 33 of 36 64d359864b
[Firefox: 6 hits: 10-20 to 11-02] none[none] none:none
none|none none none

04:18:00 Win2K-f 77.222.125.19 (-):
INTERSVYAZ,
RU. 79.132.211.24:65520
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
7 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:19:00 WinXP 94.191.152.58 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:04:25:00 WinXP 86.123.128.215 (RDSNET.RO):
RCS-RDS-FIBERLINK,
BUCHAREST, BUCURESTI, RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6d30ad4b30
NEW none[none] none:none
none|none none none

04:29:00 WinXP 71.109.24.246 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
COVINA, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.96.126:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:35:00 Win2K-f 89.245.0.25 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
DE. 79.132.211.24:65520
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:51:00 WinXP 195.174.242.89 (TTNET.NET.TR):
TELEKOM,
ANKARA, ANKARA, TR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9d1dc5ba91
[Firefox: 2 hits: 11-10 to 11-10] none[none] none:none
none|none none none

T:04:54:00 WinXP 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12]
e07c29c4ae
[Firefox:833 hits: 06-19 to 11-12] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

05:06:00 Win2K-f 219.95.27.145 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
KULIM, KEDAH, MY. 79.132.211.24:65520
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset irc
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:14:00 WinXP 92.115.31.250 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 15093b4cc0
[Firefox: 8 hits: 11-09 to 11-10] none[none] none:none
none|none none none

T:05:20:00 WinXP 66.72.68.25 (AMERITECH.NET):
AT&T INTERNET SERVICES,
BLOOMINGTON, INDIANA, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

05:20:00 Win2K-f 218.164.128.44 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:20:00 WinXP 93.102.8.20 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 09639134e5
NEW none[none] none:none
none|none none none

T:05:22:00 WinXP 93.102.8.20 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 09639134e5
NEW none[none] none:none
none|none none none

T:05:26:00 WinXP 85.100.170.239 (TTNET.NET.TR):
ADSL-ALC-ACIBADEM-DYNAMIC POOL,
BURSA, BURSA, TR. (DSL) n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 0548660ce6
NEW none[none] none:none
none|none none none

05:43:00 WinXP 60.35.209.106 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 34 of 35 e604210b1a
NEW none[none] none:none
none|none none none

05:55:00 WinXP 61.2.222.140 (NDL1NMS-A.SANCHARNET.IN):
NATIONAL INTERNET BACKBONE,
KOVUR, ANDHRA PRADESH, IN. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:427 hits: 12-31 to 11-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:03:00 WinXP 122.2.217.4 (PLDT.NET):
IPG,
PH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:16 hits: 11-01 to 11-09] none[none] none:none
none|none none none

06:11:00 WinXP 79.163.177.105 (-):
IDEA,
PL. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0f470723d6
NEW none[none] none:none
none|none none none

T:06:12:00 WinXP 79.138.197.184 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

06:52:00 WinXP 79.163.178.11 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:31 hits: 10-21 to 11-10] none[none] none:none
none|none none none

T:06:53:00 WinXP 79.163.178.11 (-):
IDEA,
PL. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox:31 hits: 10-21 to 11-10] none[none] none:none
none|none none none

07:04:00 WinXP 61.229.142.70 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 35 ce1a18eaa8
[Firefox: 4 hits: 11-04 to 11-05] none[none] none:none
none|none none none

T:07:06:00 WinXP 61.229.142.70 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 ce1a18eaa8
[Firefox: 4 hits: 11-04 to 11-05] none[none] none:none
none|none none none

T:07:28:00 WinXP 88.176.146.142 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 6 hits: 10-26 to 11-10] none[none] none:none
none|none none none

07:35:00 WinXP 124.43.175.146 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
COLOMBO, CENTRAL, LK. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

07:47:00 WinXP 63.17.217.18 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:52:00 WinXP 89.36.212.92 (-):
SC TV ADLER TRADING SRL,
RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 e6a0635705
NEW none[none] none:none
none|none none none

T:08:05:00 WinXP 93.149.108.18 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

T:08:09:00 WinXP 78.34.24.185 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. n/a EU:proxima.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 c392067a90
[Firefox:14 hits: 10-06 to 11-12] none[none] none:none
none|none none none

08:19:00 Win2K-f 61.38.118.130 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 57ce4acac2
[Firefox:341 hits: 06-17 to 11-12]
83f26f5044
[Firefox:37 hits: 06-20 to 11-07] 57ce4acac2 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

08:25:00 WinXP 41.214.150.162 (-):
. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
irc
22 lines Yeah : 1.3
profile none summary
tarball 34 of 36 fb4831bb39
NEW none[none] none:none
none|none none none

T:08:31:00 WinXP 124.195.149.191 (-):
. 67.43.236.98:5190 EU:proxima.ircgalaxy.pl
CA:xx.sqlteam.info
CA:zonetech.info
CA:alwayssam.com
CA:72.10.166.195:80 135 pcap raw alerts
ruleset irc
http
385 lines Yeah : 1.8
profile none summary
tarball 21 of 36
35 of 36 41b9df60db
[Firefox: 6 hits: 11-03 to 11-12]
c9bc6af5e1
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

08:36:00 WinXP 87.58.9.59 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 31b8bb70f7
[Firefox: 5 hits: 10-06 to 11-04] none[none] none:none
none|none none none

T:08:36:00 WinXP 87.58.9.59 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 31b8bb70f7
[Firefox: 5 hits: 10-06 to 11-04] none[none] none:none
none|none none none

T:08:54:00 WinXP 116.59.182.107 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

08:55:00 WinXP 116.59.182.107 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

08:58:00 WinXP 86.99.253.58 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 eca9a5fa95
[Firefox:61 hits: 08-09 to 11-10] none[none] none:none
none|none none none

08:58:00 WinXP 80.218.99.210 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a RU:moscow-advokat.ru
SE:vancouver.dal.net
SE:broadway.ny.us.dal.net
AT:graz.at.eu.undernet.org
SE:coins.dal.net
:caen.fr.eu.undernet.org
NL:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
:flanders.be.eu.undernet.org
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
:lulea.se.eu.undernet.org
SE:ced.dal.net
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 217de26957
[Firefox: 4 hits: 10-27 to 11-04] none[none] none:none
none|none none none

08:59:00 Win2K-f 98.141.162.205 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:01:00 WinXP 78.156.206.59 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:51 hits: 10-10 to 11-12] none[none] none:none
none|none none none

T:09:01:00 WinXP 78.156.206.59 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:51 hits: 10-10 to 11-12] none[none] none:none
none|none none none

09:01:00 Win2K-f 218.39.221.102 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.99.126:80
US:198.78.201.126:80 135 pcap raw alerts
ruleset irc
http
172 lines Yeah : 1.8
profile none summary
tarball 34 of 36
0 of 32
34 of 36 33351b3fc9
NEW
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12]
cdcc5dca6c
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

09:15:00 WinXP 76.10.25.178 (PAVLOVMEDIA.COM):
VILLAGE AT CHANDLER CROSSING,
EAST LANSING, MICHIGAN, US. n/a UA:citi-bank.ru
EU:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a334368630
NEW none[none] none:none
none|none none none

T:09:26:00 WinXP 94.50.37.244 (-):
. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d4eed7b000
[Firefox: 7 hits: 11-03 to 11-09] none[none] none:none
none|none none none

T:09:32:00 WinXP 66.52.227.235 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SEATTLE, WASHINGTON, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:540 hits: 04-15 to 11-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:09:32:00 WinXP 122.2.150.138 (PLDT.NET):
IPG,
PH. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3dc936f5f1
[Firefox: 4 hits: 11-05 to 11-10] none[none] none:none
none|none none none

09:37:00 WinXP 4.88.27.24 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
COLUMBIA, SOUTH CAROLINA, US. (DIAL) n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
:www.proxy-socks.net
US:208.73.210.121:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:222 hits: 04-06 to 11-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

09:47:00 Win2K-f 173.16.77.89 (-):
. 67.43.236.98:5190 CA:xx.sqlteam.info
CA:zonetech.info
CA:alwayssam.com
CA:72.10.166.195:80 135 pcap raw alerts
ruleset irc
http
243 lines Yeah : 1.8
profile none summary
tarball 36 of 36 bd7c6ba540
NEW none[none] none:none
none|none none none

09:48:00 Win2K-f 209.226.103.44 (BELL.CA):
BELL CANADA,
OWEN SOUND, ONTARIO, CA. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
176 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:11:00 Win2K-f 75.185.184.196 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:13:00 Win2K-f 70.60.10.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NASHPORT, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.124:80
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:17:00 WinXP 117.96.164.251 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

10:19:00 WinXP 89.233.204.95 (RP80.SE):
WEBTECH NORD ZITIUS STOCKHOLM,
STOCKHOLM, STOCKHOLM, SE. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9d1dc5ba91
[Firefox: 2 hits: 11-10 to 11-10] none[none] none:none
none|none none none

10:27:00 WinXP 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
59 lines Yeah : 1.3
profile none summary
tarball 30 of 33 3cd7958258
[Firefox:37 hits: 06-17 to 11-05] none[4] none:none
tElock| none trace

10:33:00 WinXP 211.60.151.130 (BORA.NET):
BORANET-NET,
SONGNAM, KYONGGI-DO, KR. 79.132.211.24:65520 US:microsoft.com
US:download.microsoft.com
EU:proxim.ircgalaxy.pl
US:198.78.201.126:80
US:204.160.126.124:80 135 pcap raw alerts
ruleset irc
225 lines Yeah : 1.8
profile none summary
tarball 34 of 36
32 of 35 3945dde54a
NEW
e5ba8b88e1
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:10:57:00 WinXP 64.53.89.246 (COMPORIUM.NET):
ROCK HILL TELEPHONE COMPANY,
ROCK HILL, SOUTH CAROLINA, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 f665a37b6c
[Firefox:11 hits: 10-13 to 11-08] none[none] none:none
none|none none none

11:11:00 WinXP 89.44.207.86 (JUMP.RO):
SC AZURE SOFTWARE SRL,
RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0d2740acc9
[Firefox: 8 hits: 10-14 to 11-10] none[none] none:none
none|none none none

T:11:18:00 WinXP 92.47.57.22 (IKBCC.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 a0012f058f
[Firefox:11 hits: 10-20 to 11-07] none[none] none:none
none|none none none

T:11:18:00 WinXP 79.206.93.92 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:540 hits: 04-15 to 11-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

11:25:00 Win2K-f 65.185.123.119 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

11:28:00 WinXP 82.236.192.79 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a EU:proxim.ircgalaxy.pl
US:mx1.hotmail.com
US:mailin-04.mx.aol.com
SE:ftp.icq.com
US:yutunrz.1dumb.com
US:mailin-02.mx.aol.com
US:ftp.newaol.com
UA:citi-bank.ru
US:64.12.138.57:25
US:69.31.121.50:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
http
71 lines Yeah : 0.8
profile none summary
tarball 1 of 36
31 of 33 ac854866d0
NEW
ef95595bfc
NEW none[none]
none [4] none:none
none:none
none|none
PolyEnE| none
none none
trace

T:11:28:00 WinXP 82.236.192.79 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a EU:proxim.ircgalaxy.pl
US:mx1.hotmail.com
BE:ftp.scarlet.be
US:yutunrz.1dumb.com
US:maila.microsoft.com
US:mailin-04.mx.aol.com
UA:citi-bank.ru
UA:194.54.90.246:80
US:65.54.245.8:25
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
http
irc
79 lines Yeah : 0.8
profile none summary
tarball 31 of 33 ef95595bfc
NEW none[4] none:none
PolyEnE| none trace

T:11:33:00 WinXP 78.84.82.150 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:33:00 WinXP 78.84.82.150 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 35 of 36 ec7fc74364
NEW none[none] none:none
none|none none none

T:11:34:00 Win2K-f 24.189.30.113 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:11:58:00 WinXP 88.161.17.137 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c27df123c8
NEW none[none] none:none
none|none none none

T:12:03:00 WinXP 217.203.128.132 (-):
TELECOM ITALIA MOBILE,
IT. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 86ea4f19a4
NEW none[none] none:none
none|none none none

12:18:00 WinXP 80.104.96.218 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
BOLOGNA, EMILIA-ROMAGNA, IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4ed6926c35
NEW none[none] none:none
none|none none none

12:21:00 Win2K-f 68.74.65.49 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:36:00 Win2K-f 66.65.73.236 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.99.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:38:00 WinXP 119.31.47.84 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:16 hits: 11-01 to 11-09] none[none] none:none
none|none none none

T:12:45:00 WinXP 92.40.59.128 (IKBCC.COM):
EU-ZZ,
UK. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:52 hits: 10-05 to 11-12] none[none] none:none
none|none none none

12:45:00 Win2K-f 4.173.254.82 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
120 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:55:00 WinXP 91.124.148.104 (UKRTEL.NET):
UKRTELECOM,
BROVARY, KYYIVS'KA OBLAST', UA. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 b872c76081
[Firefox:84 hits: 09-13 to 11-12] none[none] none:none
none|none none none

12:59:00 Win2K-f 61.221.45.246 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
57ce4acac2
[Firefox:341 hits: 06-17 to 11-12] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:01:00 Win2K-f 24.85.45.15 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
380 lines Yeah : 1.3
profile none summary
tarball 31 of 35 cfe42c471f
[Firefox: 6 hits: 08-10 to 09-17] none[none] none:none
none|none none none

13:03:00 WinXP 83.132.133.228 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:28 hits: 11-02 to 11-12] none[none] none:none
none|none none none

13:04:00 WinXP 70.233.93.241 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12.MRDNCT,
CONNECTICUT, US. (DSL) n/a US:www.altavista.com
:www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
SE:www.kavkazcenter.com
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:wpad
:ryryodokm.ru
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
EU:crutop.nu
:okskyyn.ru
:pnlkria.ru
:kargai.ru
RU:alfabank.ru
:kfwfceki.ru
US:prodexteam.net
:nhuwxyuw.ru
:udluzuq.ru
:fiazpvnne.ru
DE:kavkaz.co.uk
GB:www.candidateverifier.com
:ppxuub.ru
:lvwgdhwlj.ru
:raxeqajrf.ru
:dhagunb.ru
RU:www.cbr.ru
:zpwmktjv.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 bb7681eca8
[Firefox:15 hits: 09-26 to 11-05] none[none] none:none
none|none none none

13:06:00 WinXP 72.191.163.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. n/a RU:moscow-advokat.ru
NO:london.uk.eu.undernet.org
SE:vancouver.dal.net
:washington.dc.us.undernet.org
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
US:lia.zanet.net
NL:diemen.nl.eu.undernet.org
:brussels.be.eu.undernet.org
SE:viking.dal.net
:lulea.se.eu.undernet.org
:gaspode.zanet.org.za
AT:graz.at.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:13:06:00 WinXP 72.191.163.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

13:09:00 Win2K-f 72.192.60.220 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
CN:fleshkatera.cn
CN:lolika.cn
CN:www.upononjob.cn
CN:mulfika.cn
US:do-power-scan.com
:av-pro-2009.com
US:207.123.37.123:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset irc
http
272 lines Yeah : 1.3
profile none summary
tarball 18 of 36
none
18 of 36
11 of 36
none be2d362745
NEW
d218d71e66
NEW
f990637b31
NEW
fb8f82fcb3
[Firefox:29 hits: 10-24 to 11-12]
fc2c568173
NEW none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

13:24:00 Win2K-f 4.167.135.122 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUSTIN, TEXAS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
140 lines Yeah : 1.3
profile none summary
tarball 33 of 36 294c04047a
NEW none[none] none:none
none|none none none

13:34:00 WinXP 98.149.79.254 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f502585714
[Firefox:41 hits: 04-22 to 11-10] ae590430c5 [0] ASM:Graph
PolyEnE| lines=63 trace

13:35:00 Win2K-f 122.146.80.170 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:35:00 WinXP 98.149.79.254 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f502585714
[Firefox:41 hits: 04-22 to 11-10] ae590430c5 [0] ASM:Graph
PolyEnE| lines=63 trace

T:13:38:00 WinXP 117.96.131.217 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 aa298099d5
NEW 550e313c33 [0] ASM:Graph
PolyEnE| lines=68 trace

13:50:00 Win2K-f 4.225.22.84 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

13:56:00 WinXP 86.105.65.253 (UPCNET.RO):
UPC ROMANIA SA,
TIMISOARA, TIMIS, RO. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

14:05:00 Win2K-f 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. n/a 135 pcap raw alerts
ruleset other
40 lines Yeah : 1.3
profile none summary
tarball 2 of 36 9b5c7dbcd4
NEW none[none] none:none
none|none none none

14:08:00 WinXP 85.87.93.43 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 691f7f1c33
NEW none[none] none:none
none|none none none

14:19:00 WinXP 70.77.38.229 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PRINCE GEORGE, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 33 53b761b7e5
NEW
b5d90567a9
NEW
e07c29c4ae
[Firefox:833 hits: 06-19 to 11-12] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

14:19:00 Win2K-f 70.61.108.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:14:53:00 WinXP 206.82.91.189 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

14:54:00 WinXP 206.82.91.189 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

15:00:00 WinXP 80.29.225.91 (-):
TELEFONICA MOVILES ESPANA (NCC#2006042768),
ES. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 306d92a705
NEW none[none] none:none
none|none none none

15:00:00 WinXP 63.21.102.209 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
28 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:385 hits: 04-01 to 11-12] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:15:00:00 WinXP 80.29.225.91 (-):
TELEFONICA MOVILES ESPANA (NCC#2006042768),
ES. (DSL) 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 306d92a705
NEW none[none] none:none
none|none none none

T:15:01:00 WinXP 84.72.1.240 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 eaa9422755
[Firefox:10 hits: 10-31 to 11-08] none[none] none:none
none|none none none

15:04:00 Win2K-f 85.242.229.179 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LEIRIA, LEIRIA, PT. (DSL) 84.244.6.253:2345 :qtas.net
SE:dzuc.net 445 pcap raw alerts
ruleset http
irc
52 lines Yeah : 1.3
profile none summary
tarball 4 of 36 72af1c83f6
NEW none[none] none:none
none|none none none

15:05:00 WinXP 68.146.8.46 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 194.54.90.246:80 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 33 of 36 2009aa9f53
NEW none[none] none:none
none|none none none

T:15:13:00 WinXP 70.66.252.89 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COURTENAY, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 1fb1718d64
NEW
8c5ee6d275
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:21:00 WinXP 62.169.124.145 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 24e4c28fdb
[Firefox: 5 hits: 10-25 to 11-12] none[none] none:none
none|none none none

T:15:27:00 WinXP 91.67.98.55 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:28 hits: 10-27 to 11-12] none[none] none:none
none|none none none

T:15:28:00 WinXP 190.225.64.186 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

15:32:00 WinXP 65.173.138.42 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:32:00 WinXP 65.173.138.42 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

15:32:00 Win2K-f 70.183.164.236 (COX.NET):
COX COMMUNICATIONS,
WARWICK, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:207.123.46.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:36:00 WinXP 41.214.165.9 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:72 hits: 10-08 to 11-12] none[none] none:none
none|none none none

T:15:55:00 Win2K-f 218.39.221.102 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.126:80
US:204.160.126.124:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
178 lines Yeah : 1.8
profile none summary
tarball 34 of 36
34 of 36 33351b3fc9
NEW
cdcc5dca6c
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:58:00 WinXP 69.85.116.52 (SPEAKEASY.NET):
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:07:00 Win2K-f 172.130.63.21 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
155 lines Yeah : 1.3
profile none summary
tarball 29 of 33 1c3210698a
[Firefox:16 hits: 07-13 to 11-08] none[none] none:none
none|none none none

16:08:00 Win2K-f 219.248.164.82 (HANANET.NET):
HANARO TELECOM INC,
BUCHEON CITY, SOUL-T'UKPYOLSI, KR. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.96.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset irc
118 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:46 hits: 06-20 to 11-12]
9276c8b36b
[Firefox:46 hits: 06-20 to 11-12] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:09:00 WinXP 66.65.193.30 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
CA:www.bank-banque-canada.ca
EU:hyper-space-fuel.ru
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
17 lines Yeah : 0.8
profile none summary
tarball 0 of 35
29 of 29 02f2355e16
NEW
df17a625ee
[Firefox:222 hits: 04-06 to 11-10] none[none]
9bbdd086c5[0] none:none
ASM:Graph
none|none
ASPack| none
lines=186
embedded dns none
trace

T:16:11:00 WinXP 89.195.11.224 (-):
ORANGE,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 fd113df0bb
[Firefox: 5 hits: 10-25 to 11-09] none[none] none:none
none|none none none

T:16:13:00 Win2K-f 89.137.155.127 (-):
ASTRAL SUCEAVA DOCSIS NETWORK,
RO. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 445 pcap raw alerts
ruleset irc
27 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:13:00 WinXP 210.4.124.144 (-):
COMCLARK,
ROXAS, CAPIZ, PH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 b81df3157e
[Firefox:14 hits: 11-03 to 11-10] none[none] none:none
none|none none none

16:15:00 WinXP 210.4.124.144 (-):
COMCLARK,
ROXAS, CAPIZ, PH. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b81df3157e
[Firefox:14 hits: 11-03 to 11-10] none[none] none:none
none|none none none

T:16:15:00 Win2K-f 66.65.73.236 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:204.160.126.124:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:22:00 WinXP 190.208.123.60 (-):
. 194.54.90.246:80 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 36 2d815d2be3
[Firefox: 6 hits: 09-25 to 11-09] none[none] none:none
none|none none none

T:16:22:00 WinXP 190.208.123.60 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 2d815d2be3
[Firefox: 6 hits: 09-25 to 11-09] none[none] none:none
none|none none none

T:16:23:00 WinXP 99.164.111.103 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:25:00 Win2K-f 59.104.75.205 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 79.132.211.24:65520
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset irc
8 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f8b86a7df2
NEW none[none] none:none
none|none none none

16:27:00 WinXP 72.235.145.4 (HAWAIIANTEL.NET):
HAWAIIAN TELCOM SERVICES COMPANY INC,
HANA, HAWAII, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1149931cfa
NEW none[none] none:none
none|none none none

T:16:29:00 WinXP 70.64.5.116 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:51 hits: 10-10 to 11-12] none[none] none:none
none|none none none

T:16:54:00 WinXP 65.240.138.137 (-):
WS/HART TELEPHONE CO,
HARTWELL, GEORGIA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:56:00 Win2K-f 200.100.150.66 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 79.132.211.24:65520 445 pcap raw alerts
ruleset irc
20 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:57:00 WinXP 72.188.105.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
US:204.13.161.51:80
US:208.73.210.121:80 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:222 hits: 04-06 to 11-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

17:19:00 Win2K-f 70.182.79.248 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset irc
317 lines Yeah : 1.8
profile none summary
tarball 33 of 36 119cdb01eb
[Firefox: 5 hits: 10-11 to 11-04] none[none] none:none
none|none none none

T:17:23:00 WinXP 24.28.166.50 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. (100Mbps) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 1fcc146d70
[Firefox:49 hits: 04-02 to 11-06] 258fafe892 [0] ASM:Graph
PolyEnE| lines=68 trace

17:25:00 WinXP 172.163.41.190 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.53.125:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:26:00 WinXP 72.188.105.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:222 hits: 04-06 to 11-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

17:36:00 Win2K-f 24.144.20.64 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) 79.132.211.24:65520 445 pcap raw alerts
ruleset irc
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:40:00 Win2K-f 76.188.43.228 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW PHILADELPHIA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:17:51:00 WinXP 70.15.70.173 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:52 hits: 10-05 to 11-12] none[none] none:none
none|none none none

17:52:00 Win2K-f 207.145.156.202 (MEGAPATH.NET):
MEGAPATH NETWORKS INC,
COSTA MESA, CALIFORNIA, US. 79.132.211.24:65520 135 pcap raw alerts
ruleset irc
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:06:00 Win2K-f 210.245.222.158 (NWTGIGALINK.COM):
NEW WORLD TELEPHONE,
HONG KONG, HONG KONG (SAR), HK. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:12:00 WinXP 60.168.199.121 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 63f13fe223
NEW none[none] none:none
none|none none none

18:26:00 WinXP 218.101.74.238 (CLEAR.NET.NZ):
TELSTRACLEAR NZ LTD,
AUCKLAND, AUCKLAND, NZ. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:29:00 Win2K-f 96.49.16.166 (-):
. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80 135 pcap raw alerts
ruleset irc
http
293 lines Yeah : 1.3
profile none summary
tarball 27 of 32
34 of 36 b455f223d6
[Firefox: 8 hits: 06-20 to 11-09]
f6a98dbff3
[Firefox: 2 hits: 11-05 to 11-09] b455f223d6 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

18:29:00 Win2K-f 24.78.226.53 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SQUAMISH, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 0115338c8b
[Firefox:34 hits: 09-12 to 11-08]
321f4fc27d
[Firefox:34 hits: 09-12 to 11-08] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:30:00 WinXP 190.190.127.57 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 35 04e8fef258
NEW none[none] none:none
none|none none none

T:18:30:00 WinXP 70.64.210.75 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MOOSE JAW, SASKATCHEWAN, CA. (DSL) n/a RU:moscow-advokat.ru
SE:broadway.ny.us.dal.net
SE:ced.dal.net
:flanders.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
NL:london.uk.eu.undernet.org
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
US:lia.zanet.net
AT:graz.at.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 6d7baa9138
[Firefox: 5 hits: 10-29 to 11-07] none[none] none:none
none|none none none

T:18:33:00 WinXP 4.165.132.101 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MAYBEE, MICHIGAN, US. (DIAL) 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:205.128.73.126:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset irc
143 lines Yeah : 1.8
profile none summary
tarball 33 of 36
34 of 36 294c04047a
NEW
e93bb7ddfb
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:18:41:00 WinXP 121.73.82.86 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1085 hits: 12-31 to 11-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:18:42:00 WinXP 75.143.207.93 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:37 hits: 10-01 to 11-10] none[none] none:none
none|none none none

T:18:52:00 WinXP 69.208.1.75 (AMERITECH.NET):
RBACK3.AKRNOH,
CANTON, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:207.123.46.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:06:00 WinXP 76.181.243.228 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

19:10:00 WinXP 76.200.145.104 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:199 hits: 04-16 to 11-12] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:19:16:00 Win2K-f 144.139.57.107 (TMNS.NET.AU):
TELSTRAINTERNET32,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12]
b7082104e4
[Firefox:266 hits: 06-18 to 11-12] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

19:16:00 WinXP 74.215.163.63 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:737 hits: 12-31 to 11-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

19:20:00 Win2K-f 144.139.57.107 (TMNS.NET.AU):
TELSTRAINTERNET32,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. (DIAL) n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:26:00 WinXP 93.156.8.120 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
CN:fleshkatera.cn
CN:lolika.cn
CN:www.upononjob.cn
CN:mulfika.cn 445 pcap raw alerts
ruleset http
irc
36 lines Yeah : 1.3
profile none summary
tarball 35 of 36
18 of 36
11 of 36 7fd7475c63
[Firefox:17 hits: 10-29 to 11-12]
f990637b31
NEW
fb8f82fcb3
[Firefox:29 hits: 10-24 to 11-12] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

19:37:00 WinXP 116.126.199.70 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
125 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:46 hits: 06-20 to 11-12]
9276c8b36b
[Firefox:46 hits: 06-20 to 11-12] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:40:00 WinXP 94.50.175.24 (-):
. 194.54.90.246:80 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 36 6a7be324a0
NEW none[none] none:none
none|none none none

T:19:50:00 Win2K-f 72.214.56.45 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. 79.132.211.24:65520 US:microsoft.com
EU:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.96.126:80
US:192.221.99.124:80
US:198.78.220.126:80 135 pcap raw alerts
ruleset irc
137 lines Yeah : 1.8
profile none summary
tarball 32 of 36
35 of 36 bea8cb1865
[Firefox:39 hits: 08-11 to 11-10]
fac78fde16
[Firefox:18 hits: 09-13 to 11-10] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:57:00 WinXP 202.134.243.125 (AINS.NET.AU):
AINS INTERNET SERVICE PROVIDER,
MELBOURNE, VICTORIA, AU. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 a3d4d26e6e
NEW none[none] none:none
none|none none none

T:20:01:00 WinXP 68.146.186.151 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a957fc6133
NEW none[none] none:none
none|none none none

T:20:21:00 Win2K-f 71.12.89.235 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:20:30:00 Win2K-f 65.202.207.198 (ALTER.NET):
MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS,
NEW YORK, NEW YORK, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12]
b5919931fe
[Firefox:1113 hits: 06-20 to 11-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:30:00 WinXP 116.0.230.149 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:540 hits: 04-15 to 11-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

20:39:00 WinXP 213.22.0.101 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 dfbb616361
NEW none[none] none:none
none|none none none

T:20:44:00 WinXP 24.46.79.82 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
NEW HYDE PARK, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:03:00 WinXP 70.69.57.21 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MAPLE RIDGE, BRITISH COLUMBIA, CA. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
irc
1483 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36
0 of 33 b6fcb8300d
NEW
d45b7df48a
NEW
e07c29c4ae
[Firefox:833 hits: 06-19 to 11-12] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

21:36:00 Win2K-f 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
73f1082158
[Firefox:1941 hits: 06-18 to 11-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:40:00 WinXP 122.146.83.19 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:45:00 Win2K-f 222.233.62.160 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:204.160.126.126:80
US:205.128.70.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
http
123 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33 b74e792974
[Firefox:16 hits: 06-18 to 11-07]
f0e73c39a8
[Firefox:17 hits: 06-18 to 11-07] b74e792974 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

22:00:00 Win2K-f 172.162.118.7 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:01:00 WinXP 201.172.246.186 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
GB:new.egg.com 445 pcap raw alerts
ruleset http
http
http
http
40 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:222 hits: 04-06 to 11-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

22:08:00 Win2K-f 95.24.157.172 (-):
. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520
US:8.12.202.125:80 445 pcap raw alerts
ruleset irc
23 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:22:00 WinXP 94.191.174.89 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:171 hits: 04-10 to 11-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

22:28:00 WinXP 78.84.153.178 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:427 hits: 12-31 to 11-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

22:31:00 WinXP 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:205.128.70.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
57ce4acac2
[Firefox:341 hits: 06-17 to 11-12] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:31:00 Win2K-f 125.26.133.221 (TOTBB.NET):
TOT ADSL IP ADDRESS POOL,
BANGKOK, KRUNG THEP MAHANAKHON, TH. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 34 c50e298b27
[Firefox:18 hits: 10-26 to 11-10] none[none] none:none
none|none none none

22:32:00 Win2K-f 58.239.162.251 (-):
THRUNET-INFRA-BUSAN18,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d2af01dc55
NEW none[none] none:none
none|none none none

22:32:00 Win2K-f 124.111.140.93 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 82dca35d94
NEW none[none] none:none
none|none none none

T:22:33:00 WinXP 221.125.205.43 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:20 hits: 08-15 to 11-09] none[none] none:none
none|none none none

22:34:00 WinXP 88.162.29.84 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:35:00 WinXP 210.94.97.3 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 6b28308388
[Firefox: 7 hits: 11-05 to 11-07] none[none] none:none
none|none none none

22:36:00 Win2K-f 211.253.229.229 (KRLINE.NET):
KRNIC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 36 4264cb2c1c
[Firefox: 2 hits: 10-26 to 11-06] none[none] none:none
none|none none none

22:40:00 WinXP 211.236.218.56 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
INCHON, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0fb74a16d5
[Firefox: 4 hits: 11-05 to 11-09] none[none] none:none
none|none none none

22:41:00 Win2K-f 88.222.177.13 (-):
KAUNAS MEGANET AREA22 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:45:00 WinXP 83.45.145.9 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:20 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:22:47:00 WinXP 70.184.102.222 (COX.NET):
COX COMMUNICATIONS,
CHANDLER, ARIZONA, US. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:207.123.37.123:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset irc
136 lines Yeah : 1.8
profile none summary
tarball 32 of 36
35 of 36 bea8cb1865
[Firefox:39 hits: 08-11 to 11-10]
fac78fde16
[Firefox:18 hits: 09-13 to 11-10] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

22:47:00 Win2K-f 120.143.167.87 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:34 hits: 07-29 to 11-07] none[none] none:none
none|none none none

T:22:48:00 Win2K-f 59.147.3.74 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:34 hits: 08-15 to 11-10] none[none] none:none
none|none none none

T:22:49:00 Win2K-f 88.106.64.108 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox:33 hits: 07-29 to 11-10] none[none] none:none
none|none none none

23:00:00 WinXP 211.214.234.241 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e14e129be1
NEW none[none] none:none
none|none none none

T:23:00:00 Win2K-f 78.155.160.237 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:34 hits: 08-15 to 11-10] none[none] none:none
none|none none none

23:06:00 Win2K-f 118.218.99.104 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 36 2d146934f1
[Firefox: 5 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:23:07:00 WinXP 115.41.142.186 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 885d9d9090
[Firefox: 3 hits: 10-26 to 11-07] none[none] none:none
none|none none none

T:23:11:00 WinXP 62.178.16.4 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 3eeb212cb1
[Firefox:12 hits: 10-22 to 11-09] none[none] none:none
none|none none none

23:13:00 WinXP 211.212.169.16 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox:25 hits: 09-26 to 11-09] none[none] none:none
none|none none none

T:23:17:00 WinXP 222.238.40.217 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:45 hits: 08-15 to 11-10] none[none] none:none
none|none none none

23:21:00 WinXP 222.238.40.217 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:45 hits: 08-15 to 11-10] none[none] none:none
none|none none none

23:21:00 Win2K-f 4.163.172.155 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLEARFIELD, UTAH, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:26:00 WinXP 69.208.1.75 (AMERITECH.NET):
RBACK3.AKRNOH,
CANTON, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3910 hits: 06-17 to 11-12]
a08f3b74a4
[Firefox:1399 hits: 06-18 to 11-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:26:00 Win2K-f 58.233.199.40 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 2ca0ba6bbe
NEW none[none] none:none
none|none none none

T:23:27:00 WinXP 217.162.122.120 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 33 of 36 2473f89c70
NEW none[none] none:none
none|none none none

23:28:00 Win2K-f 58.237.238.169 (-):
THRUNET-INFRA-DAEGU11,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cd712316e7
[Firefox: 8 hits: 10-26 to 11-09] none[none] none:none
none|none none none

23:30:00 WinXP 211.58.100.89 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:37 hits: 08-15 to 11-10] none[none] none:none
none|none none none

T:23:30:00 WinXP 211.203.169.142 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:33 hits: 07-29 to 11-09] none[none] none:none
none|none none none

T:23:38:00 WinXP 4.246.160.12 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:40:00 Win2K-f 117.58.141.218 (-):
TAEGU CABLE NETWORK CO. LTD,
TAEGU, KYONGSANG-BUKTO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 4054b98033
NEW none[none] none:none
none|none none none

T:23:43:00 Win2K-f 88.208.156.184 (HELIWEB.DE):
HELI NET TELEKOMMUNIKATION GMBH & CO. KG,
HAMM, NORDRHEIN-WESTFALEN, DE. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:33 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:23:43:00 Win2K-f 210.192.193.56 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox:16 hits: 10-21 to 11-09] none[none] none:none
none|none none none

23:46:00 Win2K-f 218.190.78.46 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 d7f9f0a8f7
NEW none[none] none:none
none|none none none

T:23:55:00 WinXP 211.236.218.56 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
INCHON, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0fb74a16d5
[Firefox: 4 hits: 11-05 to 11-09] none[none] none:none
none|none none none