Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

14 November 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:12:00 Win2K-f 78.96.186.233 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 35 3f4f3c33fe
[Firefox: 5 hits: 10-28 to 11-09] none[none] none:none
none|none none none

00:14:00 Win2K-f 58.231.109.157 (-):
THRUNET-INFRA-SEOUL08,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 29 of 36 af782db102
[Firefox: 2 hits: 10-26 to 11-07] none[none] none:none
none|none none none

00:14:00 WinXP 119.149.81.160 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 885d9d9090
[Firefox: 4 hits: 10-26 to 11-13] none[none] none:none
none|none none none

00:15:00 Win2K-f 124.241.145.23 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 32 of 33
9 of 33
0 of 32 2851817490
[Firefox: 9 hits: 06-27 to 11-01]
624c441842
[Firefox: 6 hits: 06-27 to 11-01]
b5919931fe
[Firefox:1124 hits: 06-20 to 11-13] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

00:16:00 Win2K-f 222.234.216.85 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox:33 hits: 08-15 to 11-09] none[none] none:none
none|none none none

00:16:00 WinXP 58.234.14.3 (-):
THRUNET-INFRA-SEOUL15,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:37 hits: 09-26 to 11-10] none[none] none:none
none|none none none

00:20:00 WinXP 123.204.143.138 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:00:20:00 WinXP 94.96.80.194 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:00:22:00 WinXP 58.233.132.135 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 af782db102
[Firefox: 2 hits: 10-26 to 11-07] none[none] none:none
none|none none none

T:00:25:00 Win2K-f 211.211.206.52 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 5b7b606a3c
NEW none[none] none:none
none|none none none

T:00:30:00 WinXP 58.236.100.161 (-):
THRUNET-INFRA-INCHEON09,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 16fe4d40d8
[Firefox: 4 hits: 10-29 to 11-07] none[none] none:none
none|none none none

T:00:46:00 Win2K-f 222.233.29.38 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:35 hits: 08-01 to 11-07] none[none] none:none
none|none none none

T:00:49:00 Win2K-f 78.96.169.174 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 27 of 35 e019377a4f
[Firefox: 6 hits: 10-28 to 11-07] none[none] none:none
none|none none none

00:57:00 Win2K-f 61.125.248.114 (ASAHI-NET.OR.JP):
ASAHI NET,
JP. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 b724b621a2
[Firefox:15 hits: 10-26 to 11-07] none[none] none:none
none|none none none

01:00:00 Win2K-f 219.255.111.145 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 af782db102
[Firefox: 2 hits: 10-26 to 11-07] none[none] none:none
none|none none none

01:01:00 WinXP 87.61.171.80 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:228 hits: 04-06 to 11-13] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:01:04:00 Win2K-f 218.238.193.115 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 29 of 36 72c08ed557
[Firefox: 2 hits: 10-22 to 11-05] none[none] none:none
none|none none none

01:06:00 Win2K-f 61.4.212.40 (-):
CJ CABLENET PUKINCHEON BROADCASTING,
INCHON, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 cc8840e4b7
[Firefox: 9 hits: 10-20 to 11-09] none[none] none:none
none|none none none

T:01:07:00 WinXP 122.53.105.33 (PLDT.NET):
IPG,
PH. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 289d74b4ce
[Firefox:12 hits: 11-03 to 11-12] none[none] none:none
none|none none none

01:12:00 WinXP 122.221.154.189 (UCOM.NE.JP):
UCOM CORP,
JP. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox:35 hits: 07-29 to 11-13] none[none] none:none
none|none none none

T:01:13:00 WinXP 218.37.231.173 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 021884fd26
NEW none[none] none:none
none|none none none

01:14:00 Win2K-f 211.209.39.79 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 e28f44cb36
NEW none[none] none:none
none|none none none

01:14:00 WinXP 219.74.16.237 (SINGNET.COM.SG):
SINGNET PTE LTD,
SINGAPORE, SINGAPORE, SG. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 3a95dbdc43
NEW none[none] none:none
none|none none none

01:17:00 Win2K-f 219.251.192.245 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
EU:proxima.ircgalaxy.pl
US:204.160.126.126:80
US:207.123.42.126:80
US:4.23.60.125:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 30 of 32
33 of 33 5364c612fa
[Firefox: 8 hits: 07-06 to 09-21]
53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

01:24:00 Win2K-f 67.223.137.107 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:49 hits: 08-01 to 11-09] none[none] none:none
none|none none none

T:01:28:00 WinXP 125.230.196.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:27 hits: 10-27 to 11-10] none[none] none:none
none|none none none

T:01:29:00 WinXP 119.230.46.147 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:200 hits: 04-16 to 11-13] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:01:34:00 WinXP 90.13.53.173 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
[Firefox:13 hits: 10-22 to 11-10] none[none] none:none
none|none none none

T:01:37:00 WinXP 85.179.149.220 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1cc50efd1f
NEW none[none] none:none
none|none none none

01:40:00 Win2K-f 118.216.235.34 (-):
. 79.132.211.24:65520
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:45:00 Win2K-f 59.115.235.237 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:127 hits: 07-13 to 11-10] none[none] none:none
none|none none none

01:47:00 WinXP 58.236.105.7 (-):
THRUNET-INFRA-INCHEON09,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 fe92f5afc8
[Firefox: 3 hits: 10-26 to 11-10] none[none] none:none
none|none none none

T:01:49:00 Win2K-f 211.214.18.31 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 67fdfe7cdc
NEW none[none] none:none
none|none none none

01:49:00 WinXP 62.215.44.116 (-):
FAST TELCO INFRA STRUCTURE WEB ACCESS USERS,
KUWAIT, AL KUWAYT, KW. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
NO:london.uk.eu.undernet.org
SE:coins.dal.net
:los-angeles.ca.us.undernet.org
:caen.fr.eu.undernet.org
:lulea.se.eu.undernet.org
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 c452c94e2f
NEW none[none] none:none
none|none none none

T:01:52:00 WinXP 219.251.43.53 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 34 of 36 dda776c17d
NEW none[none] none:none
none|none none none

01:52:00 Win2K-f 222.233.133.188 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:49 hits: 08-01 to 11-09] none[none] none:none
none|none none none

T:01:53:00 Win2K-f 78.96.218.252 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 35 3f4f3c33fe
[Firefox: 5 hits: 10-28 to 11-09] none[none] none:none
none|none none none

01:54:00 WinXP 59.147.3.74 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:36 hits: 08-15 to 11-13] none[none] none:none
none|none none none

01:55:00 Win2K-f 86.96.54.40 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 79.132.211.24:65520 US:microsoft.com
US:download.microsoft.com
EU:proxima.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:01:58:00 WinXP 78.97.124.189 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 4d4e951db2
[Firefox: 2 hits: 11-06 to 11-06] none[none] none:none
none|none none none

T:02:00:00 WinXP 85.186.0.20 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
[Firefox:13 hits: 10-22 to 11-10] none[none] none:none
none|none none none

02:01:00 WinXP 78.96.186.233 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 35 3f4f3c33fe
[Firefox: 5 hits: 10-28 to 11-09] none[none] none:none
none|none none none

02:02:00 Win2K-f 113.32.31.245 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 89d021262b
[Firefox:34 hits: 07-29 to 11-13] none[none] none:none
none|none none none

T:02:04:00 WinXP 211.58.100.89 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

02:11:00 WinXP 198.147.197.136 (TSSI.COM):
TAILORED SOFTWARE SERVICES INC,
LINCOLN, NEBRASKA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:31 hits: 07-13 to 11-10] none[none] none:none
none|none none none

T:02:11:00 Win2K-f 58.77.148.178 (-):
POW-HFC-KANGSEO,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 8c4880c33f
NEW none[none] none:none
none|none none none

02:12:00 Win2K-f 211.49.45.189 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 56ff95a310
NEW none[none] none:none
none|none none none

T:02:12:00 Win2K-f 88.165.241.146 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 36 ea39b7911d
[Firefox:36 hits: 08-15 to 11-13] none[none] none:none
none|none none none

02:23:00 WinXP 213.55.70.170 (TELECOM.NET.ET):
ETHIOPIAN TELECOMMUNICATION CORPORATION,
ADDIS ABABA, ADDIS ABABA, ET. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1e3cef226f
[Firefox:12 hits: 11-04 to 11-10] none[none] none:none
none|none none none

T:02:23:00 WinXP 84.75.29.232 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:23:00 WinXP 211.200.241.82 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

T:02:24:00 WinXP 218.234.52.167 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 dda776c17d
NEW none[none] none:none
none|none none none

02:32:00 Win2K-f 219.255.46.214 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 115404b48a
NEW none[none] none:none
none|none none none

T:02:34:00 Win2K-f 221.118.253.87 (NIIGATA-U.AC.JP):
JAPAN NETWORK INFORMATION CENTER,
JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 94156f67b0
[Firefox:28 hits: 08-15 to 11-10] none[none] none:none
none|none none none

T:02:35:00 Win2K-f 88.173.211.70 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:25 hits: 10-20 to 11-10] none[none] none:none
none|none none none

02:35:00 WinXP 84.75.29.232 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

02:42:00 Win2K-f 89.136.80.176 (UPCNET.RO):
ASTRAL-UPC BOTOSANI,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c37468ce14
[Firefox: 8 hits: 11-06 to 11-10] none[none] none:none
none|none none none

02:56:00 Win2K-f 89.136.81.252 (UPCNET.RO):
ASTRAL-UPC BOTOSANI,
CLUJ-NAPOCA, CLUJ, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:58:00 WinXP 211.109.132.60 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:34 hits: 07-29 to 11-13] none[none] none:none
none|none none none

T:03:07:00 WinXP 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.110.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
57ce4acac2
[Firefox:344 hits: 06-17 to 11-13] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:03:08:00 Win2K-f 222.234.216.85 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none af222ae6db
[Firefox:33 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:03:08:00 WinXP 200.127.58.75 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:13:00 WinXP 211.177.41.34 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 9 hits: 10-22 to 11-06] none[none] none:none
none|none none none

T:03:14:00 WinXP 211.59.183.221 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:4.23.60.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset http
irc
135 lines Yeah : 1.8
profile none summary
tarball 30 of 33
31 of 33 2ef9098242
[Firefox: 6 hits: 07-05 to 11-12]
d789c8d157
[Firefox: 7 hits: 07-05 to 11-12] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

03:19:00 WinXP 92.124.55.27 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
SE:coins.dal.net
SE:ced.dal.net
SE:broadway.ny.us.dal.net
SE:viking.dal.net
SE:vancouver.dal.net
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:32 hits: 05-29 to 11-03] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

03:20:00 WinXP 114.200.125.49 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox:33 hits: 08-15 to 11-09] none[none] none:none
none|none none none

T:03:28:00 WinXP 212.92.173.3 (KIS.RU):
BUSINESS COMMUNICATION AGENCY LTD,
NIZHNIY NOVGOROD, NIZHEGORODSKAYA OBLAST', RU. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:22 hits: 10-20 to 11-07] none[none] none:none
none|none none none

03:29:00 Win2K-f 210.127.97.196 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b57908f1ca
NEW none[none] none:none
none|none none none

T:03:29:00 WinXP 222.85.1.14 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3547866dc3
[Firefox: 2 hits: 11-10 to 11-10] none[none] none:none
none|none none none

T:03:35:00 Win2K-f 78.96.162.234 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

03:35:00 WinXP 88.168.133.87 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

03:40:00 WinXP 58.239.143.72 (-):
THRUNET-INFRA-BUSAN18,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 2afee40276
NEW none[none] none:none
none|none none none

T:03:40:00 Win2K-f 61.17.42.36 (ETH.NET):
VIDESH SANCHAR NIGAM LTD - INDIA,
TRIVANDRUM, KERALA, IN. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:45:00 Win2K-f 125.230.196.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:27 hits: 10-27 to 11-10] none[none] none:none
none|none none none

T:03:48:00 WinXP 123.212.157.43 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

03:51:00 WinXP 221.125.204.251 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 24 of 36 c505f4d54a
NEW none[none] none:none
none|none none none

03:52:00 Win2K-f 89.25.234.15 (3S.PL):
TELEKOMUNIKACJA KOPALN PIASKU S.A,
PL. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 17e0d9aa63
[Firefox:13 hits: 10-22 to 11-10] none[none] none:none
none|none none none

T:03:52:00 WinXP 91.67.160.113 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:03:57:00 Win2K-f 219.255.111.145 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 af782db102
[Firefox: 2 hits: 10-26 to 11-07] none[none] none:none
none|none none none

T:04:00:00 WinXP 88.168.20.250 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:13 hits: 10-22 to 11-10] none[none] none:none
none|none none none

04:01:00 Win2K-f 82.194.151.176 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:22 hits: 08-15 to 11-13] none[none] none:none
none|none none none

T:04:05:00 Win2K-f 71.136.17.66 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 73ce2b74da
[Firefox:33 hits: 06-18 to 11-13]
79c01ec060
[Firefox:77 hits: 06-18 to 11-13]
b5919931fe
[Firefox:1124 hits: 06-20 to 11-13] 73ce2b74da [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

T:04:10:00 WinXP 85.84.201.189 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
GETXO, PAIS VASCO, ES. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 36 6c35a86ecd
NEW none[none] none:none
none|none none none

04:15:00 Win2K-f 58.20.119.2 (-):
CNC GROUP HUNAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:47 hits: 08-15 to 11-13] none[none] none:none
none|none none none

04:18:00 WinXP 118.218.91.115 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 e07befe036
NEW none[none] none:none
none|none none none

04:20:00 WinXP 208.126.3.156 (NETINS.NET):
HEART OF IOWA COMMUNICATIONS,
MARENGO, IOWA, US. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 4b440bbb53
NEW none[none] none:none
none|none none none

T:04:20:00 WinXP 208.126.3.156 (NETINS.NET):
HEART OF IOWA COMMUNICATIONS,
MARENGO, IOWA, US. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 4b440bbb53
NEW none[none] none:none
none|none none none

04:21:00 Win2K-f 24.85.145.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.201.126:80
US:207.123.37.124:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset irc
226 lines Yeah : 1.8
profile none summary
tarball 34 of 36
31 of 36 32ec2bd075
NEW
436cdc34a4
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:21:00 Win2K-f 61.4.212.40 (-):
CJ CABLENET PUKINCHEON BROADCASTING,
INCHON, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 cc8840e4b7
[Firefox: 9 hits: 10-20 to 11-09] none[none] none:none
none|none none none

04:25:00 WinXP 125.232.102.238 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:47 hits: 08-15 to 11-13] none[none] none:none
none|none none none

T:04:39:00 WinXP 4.152.180.112 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NASHVILLE, TENNESSEE, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:429 hits: 12-31 to 11-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

04:43:00 WinXP 24.76.68.83 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 135 pcap raw alerts
ruleset other
884 lines Yeah : 1.8
profile none summary
tarball 32 of 36 d2af6753cc
[Firefox: 6 hits: 10-26 to 11-05] none[none] none:none
none|none none none

04:47:00 Win2K-f 88.186.44.130 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:127 hits: 07-13 to 11-10] none[none] none:none
none|none none none

T:04:50:00 WinXP 124.60.42.40 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 36 8c30a51c05
NEW none[none] none:none
none|none none none

T:04:56:00 Win2K-f 124.57.6.210 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:56:00 Win2K-f 78.106.88.12 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset irc
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:11:00 WinXP 70.118.226.184 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:05:13:00 Win2K-f 121.73.21.143 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:199.93.41.126:80
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
348 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 7f89b38665
[Firefox:37 hits: 08-02 to 11-13]
a51a50404e
[Firefox:37 hits: 08-02 to 11-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:05:13:00 Win2K-f 198.147.197.136 (TSSI.COM):
TAILORED SOFTWARE SERVICES INC,
LINCOLN, NEBRASKA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:31 hits: 07-13 to 11-10] none[none] none:none
none|none none none

05:16:00 WinXP 211.178.109.118 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:34 hits: 07-29 to 11-13] none[none] none:none
none|none none none

05:22:00 WinXP 89.137.168.193 (-):
ASTRAL BRAILA DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 e7801a316b
[Firefox: 5 hits: 10-22 to 11-07] none[none] none:none
none|none none none

05:28:00 Win2K-f 122.46.164.19 (-):
POWERCOMM,
KR. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 34 f8301b28d8
NEW none[none] none:none
none|none none none

T:05:28:00 WinXP 83.95.126.223 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
VEDBAEK, COPENHAGEN, DK. (DSL) n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
SE:viking.dal.net
SE:coins.dal.net
:brussels.be.eu.undernet.org
US:lia.zanet.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:22 hits: 10-03 to 11-10] none[none] none:none
none|none none none

T:05:29:00 WinXP 87.121.37.127 (NETERRA.NET):
NETERRAIP,
BG. n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
http
http
33 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:386 hits: 04-01 to 11-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

05:31:00 WinXP 203.184.0.205 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
HAMILTON, WAIKATO, NZ. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:114 hits: 04-07 to 11-12] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:05:36:00 Win2K-f 129.128.133.249 (UALBERTA.CA):
UNIVERSITY OF ALBERTA,
EDMONTON, ALBERTA, CA. (100Mbps) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ea38ae2cb2
[Firefox:34 hits: 09-26 to 11-13] none[none] none:none
none|none none none

T:05:39:00 WinXP 210.3.189.140 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:27 hits: 10-27 to 11-10] none[none] none:none
none|none none none

T:05:51:00 Win2K-f 89.136.34.160 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 35 ddb8dcfe6a
[Firefox:13 hits: 10-22 to 11-09] none[none] none:none
none|none none none

05:51:00 WinXP 114.200.73.108 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:24 hits: 09-26 to 11-09] none[none] none:none
none|none none none

05:52:00 Win2K-f 218.37.231.173 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 021884fd26
NEW none[none] none:none
none|none none none

T:06:05:00 WinXP 89.41.110.19 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
CN:fleshkatera.cn
CN:lolika.cn
CN:www.upononjob.cn
:mulfika.cn
US:do-power-scan.com
:av-pro-2009.com
:wpad
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
irc
22 lines Yeah : 1.3
profile none summary
tarball 35 of 36
18 of 36
18 of 36
11 of 36 7fd7475c63
[Firefox:18 hits: 10-29 to 11-13]
be2d362745
[Firefox: 2 hits: 11-13 to 11-13]
f990637b31
[Firefox: 2 hits: 11-13 to 11-13]
fb8f82fcb3
[Firefox:32 hits: 10-24 to 11-13] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

06:08:00 WinXP 222.85.1.14 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3547866dc3
[Firefox: 2 hits: 11-10 to 11-10] none[none] none:none
none|none none none

06:15:00 Win2K-f 71.136.17.66 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.46.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 73ce2b74da
[Firefox:33 hits: 06-18 to 11-13]
79c01ec060
[Firefox:77 hits: 06-18 to 11-13] 73ce2b74da [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

06:16:00 Win2K-f 115.138.64.27 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 33 4d0983b833
NEW none[none] none:none
none|none none none

06:18:00 WinXP 79.206.120.141 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 28 of 36 e96823d223
NEW none[none] none:none
none|none none none

T:06:22:00 WinXP 221.139.74.137 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 34 of 36 6eb64c5610
NEW none[none] none:none
none|none none none

T:06:25:00 WinXP 211.203.31.16 (HANANET.NET):
HANARO TELECOM INC,
KR. 79.132.211.24:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:205.128.73.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset irc
94 lines Yeah : 1.8
profile none summary
tarball 31 of 33
2 of 36 8ec6129efe
[Firefox:25 hits: 06-24 to 11-06]
d9766a3162
[Firefox: 4 hits: 08-29 to 11-06] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:06:31:00 Win2K-f 82.240.5.225 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

T:06:38:00 Win2K-f 122.121.11.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:28 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:06:40:00 WinXP 87.51.229.11 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:113 hits: 04-04 to 11-12] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:06:42:00 WinXP 92.114.196.49 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b81df3157e
[Firefox:16 hits: 11-03 to 11-13] none[none] none:none
none|none none none

T:06:48:00 WinXP 213.22.172.155 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 0a351b0b88
NEW none[none] none:none
none|none none none

T:06:52:00 Win2K-f 122.124.129.149 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

06:52:00 WinXP 220.128.129.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.44.124:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset other
109 lines Yeah : 1.3
profile none summary
tarball 31 of 36
29 of 32 76fca37e3a
NEW
83f26f5044
[Firefox:38 hits: 06-20 to 11-13] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

06:57:00 Win2K-f 85.186.28.203 (-):
ASTRAL MANGALIA DOCSIS,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 cd712316e7
[Firefox: 9 hits: 10-26 to 11-13] none[none] none:none
none|none none none

06:58:00 Win2K-f 118.220.102.161 (-):
. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:205.128.70.126:80
US:207.123.46.125:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
[Firefox:43 hits: 06-21 to 11-10]
58c343a8d8
[Firefox:47 hits: 06-21 to 11-10] none[4]
58c343a8d8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

06:58:00 WinXP 88.172.213.144 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a8d74af6d5
[Firefox: 5 hits: 10-04 to 11-03] none[none] none:none
none|none none none

06:58:00 WinXP 122.121.11.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:28 hits: 09-26 to 11-10] none[none] none:none
none|none none none

07:21:00 Win2K-f 209.252.105.169 (MCLEODUSA.NET):
MDI ACCESS,
ROCHESTER, MINNESOTA, US. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset irc
http
117 lines Yeah : 1.8
profile none summary
tarball 28 of 36
35 of 36
0 of 32 495aff77e9
NEW
6fcefc1f4f
NEW
b5919931fe
[Firefox:1124 hits: 06-20 to 11-13] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:07:23:00 WinXP 200.100.252.43 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:79 hits: 10-08 to 11-13] none[none] none:none
none|none none none

07:23:00 WinXP 87.58.213.10 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:07:24:00 WinXP 87.58.213.10 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:07:32:00 Win2K-f 58.147.101.130 (TTTMAXNET.COM):
MAXNET INTERNET SERVICE PROVIDER BANGKOK,
TH. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:46 hits: 08-15 to 11-10] none[none] none:none
none|none none none

07:44:00 Win2K-f 88.168.20.250 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:13 hits: 10-22 to 11-10] none[none] none:none
none|none none none

T:07:47:00 WinXP 78.63.197.176 (ZEBRA.LT):
LIETUVOS,
LT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 7 hits: 10-14 to 10-29] none[none] none:none
none|none none none

07:48:00 WinXP 78.63.197.176 (ZEBRA.LT):
LIETUVOS,
LT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a917b38976
[Firefox: 7 hits: 10-14 to 10-29] none[none] none:none
none|none none none

T:07:49:00 WinXP 60.250.90.31 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a RU:moscow-advokat.ru
SE:ced.dal.net
:lulea.se.eu.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
:gaspode.zanet.org.za
:washington.dc.us.undernet.org
SE:broadway.ny.us.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 28c846728f
NEW none[none] none:none
none|none none none

08:00:00 WinXP 91.126.58.165 (RP80.SE):
WEBTECH NORD JHAB STOCKHOLM,
STOCKHOLM, STOCKHOLM, SE. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9d1dc5ba91
[Firefox: 4 hits: 11-10 to 11-13] none[none] none:none
none|none none none

08:11:00 WinXP 203.130.184.220 (-):
TAEGU NAMSAN 4-DONG JUNG-GU DAEGU,
TAEGU, KYONGSANG-BUKTO, KR. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 052ac5379e
[Firefox: 3 hits: 10-26 to 11-07] none[none] none:none
none|none none none

T:08:13:00 WinXP 218.175.28.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 9 hits: 10-22 to 11-06] none[none] none:none
none|none none none

08:17:00 Win2K-f 89.137.58.116 (UPCNET.RO):
ASTRAL-UPC ROMAN,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 cd712316e7
[Firefox: 9 hits: 10-26 to 11-13] none[none] none:none
none|none none none

08:21:00 WinXP 85.85.36.155 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 7 hits: 10-26 to 11-13] none[none] none:none
none|none none none

08:25:00 Win2K-f 220.225.22.172 (PHOTONINFOTECH.COM):
RELIANCE INFOCOM LTD,
IN. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 36
30 of 36 2a05c3c4ab
NEW
7c4d492da0
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

08:29:00 WinXP 63.17.178.223 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.53.126:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:08:31:00 WinXP 72.35.52.18 (CASS.NET):
D&P COMMUNICATIONS,
DUNDEE, MICHIGAN, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 7 hits: 10-26 to 11-13] none[none] none:none
none|none none none

08:31:00 WinXP 72.35.52.18 (CASS.NET):
D&P COMMUNICATIONS,
DUNDEE, MICHIGAN, US. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 7 hits: 10-26 to 11-13] none[none] none:none
none|none none none

08:32:00 Win2K-f 222.255.213.249 (LOCALHOST):
VIETNAM DATA COMMUNICATION COMPANY,
VN. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 27 of 36 5dd4ada1e9
[Firefox: 2 hits: 10-28 to 10-28] none[none] none:none
none|none none none

08:54:00 WinXP 78.96.162.234 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

08:55:00 WinXP 217.43.90.236 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:429 hits: 12-31 to 11-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

08:58:00 Win2K-f 211.214.43.10 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 2b2342b5c2
NEW none[none] none:none
none|none none none

T:09:02:00 Win2K-f 221.125.77.15 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:38 hits: 08-15 to 11-13] none[none] none:none
none|none none none

T:09:09:00 WinXP 76.235.98.113 (SBCGLOBAL.NET):
PPPOX POOL - SE1.COVLIL,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.70.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:09:14:00 WinXP 70.183.164.236 (COX.NET):
COX COMMUNICATIONS,
WARWICK, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:206.33.45.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:09:17:00 WinXP 189.48.221.109 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
7 lines Yeah : 1.3
profile none summary
tarball 33 of 34 bd776955f7
NEW none[none] none:none
none|none none none

T:09:18:00 WinXP 87.78.196.201 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. (DSL) 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
irc
11 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7fd7475c63
[Firefox:18 hits: 10-29 to 11-13] none[none] none:none
none|none none none

09:23:00 WinXP 195.174.17.22 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ISTANBUL, ISTANBUL, TR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 32 883ebad119
[Firefox: 5 hits: 04-06 to 08-20] 11cb10abde [0] ASM:Graph
PolyEnE| lines=68 trace

T:09:24:00 WinXP 200.117.108.204 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

09:38:00 WinXP 89.218.126.145 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 348149f9f6
[Firefox: 4 hits: 10-30 to 11-04] none[none] none:none
none|none none none

09:39:00 Win2K-f 85.84.201.189 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
GETXO, PAIS VASCO, ES. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball 24 of 35 c473331f51
NEW none[none] none:none
none|none none none

09:44:00 WinXP 221.125.77.15 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
[Firefox:33 hits: 08-15 to 11-09] none[none] none:none
none|none none none

09:45:00 Win2K-f 83.103.171.167 (-):
ASTRAL PLOIESTI WIRELESS NETWORK,
PLOIESTI, PRAHOVA, RO. (100Mbps) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:37 hits: 09-26 to 11-10] none[none] none:none
none|none none none

09:49:00 WinXP 78.97.57.187 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:09:51:00 WinXP 91.67.96.82 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b1c85cee4b
[Firefox:31 hits: 10-27 to 11-13] none[none] none:none
none|none none none

09:51:00 Win2K-f 24.87.130.45 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:37 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:10:14:00 WinXP 190.30.33.211 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 7 hits: 10-26 to 11-13] none[none] none:none
none|none none none

10:15:00 Win2K-f 84.112.61.53 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:25 hits: 10-20 to 11-10] none[none] none:none
none|none none none

10:17:00 WinXP 85.86.173.72 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 122092e8e3
NEW none[none] none:none
none|none none none

10:23:00 WinXP 118.165.128.111 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:479 hits: 04-01 to 11-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

10:27:00 Win2K-f 58.147.101.130 (TTTMAXNET.COM):
MAXNET INTERNET SERVICE PROVIDER BANGKOK,
TH. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:46 hits: 08-15 to 11-10] none[none] none:none
none|none none none

10:28:00 WinXP 78.92.128.61 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 646b072687
NEW none[none] none:none
none|none none none

10:31:00 WinXP 61.59.151.253 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
SE:ced.dal.net
SE:viking.dal.net
:los-angeles.ca.us.undernet.org
AT:graz.at.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
:washington.dc.us.undernet.org
NO:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:coins.dal.net
US:lia.zanet.net
SE:qis.md.us.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 cbaf7255c4
NEW none[none] none:none
none|none none none

10:34:00 WinXP 92.41.171.125 (IKBCC.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
DE:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 48b9f498e7
NEW none[none] none:none
none|none none none

T:10:46:00 WinXP 89.137.183.238 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
[Firefox:12 hits: 10-22 to 11-10] none[none] none:none
none|none none none

10:46:00 WinXP 87.5.43.117 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:kidos-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:18 hits: 11-01 to 11-13] none[none] none:none
none|none none none

T:10:47:00 WinXP 87.5.43.117 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MILANO, LOMBARDIA, IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
2 lines Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:18 hits: 11-01 to 11-13] none[none] none:none
none|none none none

T:10:54:00 WinXP 58.236.7.51 (-):
THRUNET-INFRA-INCHEON03,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 bc4e8366af
NEW none[none] none:none
none|none none none

T:11:12:00 WinXP 86.52.132.61 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
TAASTRUP, VESTSJALLAND, DK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:37 hits: 09-26 to 11-10] none[none] none:none
none|none none none

11:14:00 Win2K-f 80.108.96.93 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:47 hits: 08-15 to 11-13] none[none] none:none
none|none none none

11:15:00 WinXP 63.22.216.252 (UU.NET):
UUNET TECHNOLOGIES INC,
DALLAS, TEXAS, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:745 hits: 12-31 to 11-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:11:50:00 WinXP 190.48.237.221 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 06a5e31b47
[Firefox:12 hits: 10-28 to 11-12] none[none] none:none
none|none none none

11:54:00 WinXP 90.8.129.232 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
ORLEANS, CENTRE, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:27 hits: 09-26 to 11-07] none[none] none:none
none|none none none

11:54:00 Win2K-f 78.96.162.234 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

12:03:00 Win2K-f 68.146.119.219 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.44.126:80
US:207.123.37.123:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 30 of 35
33 of 36 6df8da6fb7
[Firefox: 2 hits: 10-31 to 11-02]
d5c7b042b7
[Firefox: 2 hits: 10-31 to 11-02] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:12:03:00 WinXP 217.201.72.38 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 817c4faa32
NEW none[none] none:none
none|none none none

12:10:00 WinXP 213.137.111.48 (ADSL1-010.PTT.YU):
JP PTTS SRBIJA,
CS. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:54 hits: 10-05 to 11-13] none[none] none:none
none|none none none

T:12:22:00 WinXP 78.96.162.234 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

T:12:29:00 WinXP 41.210.200.172 (-):
. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
irc
20 lines Yeah : 1.3
profile none summary
tarball 35 of 36 04ed4d2967
[Firefox: 4 hits: 11-08 to 11-13] none[none] none:none
none|none none none

T:12:29:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
57ce4acac2
[Firefox:344 hits: 06-17 to 11-13]
b5919931fe
[Firefox:1124 hits: 06-20 to 11-13] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:32:00 WinXP 24.109.218.128 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 66fc934479
NEW none[none] none:none
none|none none none

T:12:41:00 WinXP 89.152.34.32 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 0a351b0b88
NEW none[none] none:none
none|none none none

12:47:00 WinXP 82.7.208.140 (NTL.COM):
NTLI,
NOTTINGHAM, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 36 of 36 b7a2b9be2a
[Firefox: 3 hits: 08-27 to 10-25] none[none] none:none
none|none none none

T:13:01:00 WinXP 217.68.165.7 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:19 hits: 10-14 to 11-12] none[none] none:none
none|none none none

13:02:00 WinXP 217.68.165.7 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:19 hits: 10-14 to 11-12] none[none] none:none
none|none none none

T:13:05:00 WinXP 82.245.111.18 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 fcba0b7717
NEW none[none] none:none
none|none none none

13:05:00 WinXP 82.245.111.18 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 fcba0b7717
NEW none[none] none:none
none|none none none

13:13:00 WinXP 81.84.190.142 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PORTO, PORTO, PT. 72.10.172.211:8080 CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info 139 pcap raw alerts
ruleset ftp
irc
http
30 lines Yeah : 1.3
profile none summary
tarball 21 of 36
29 of 36 41b9df60db
[Firefox: 7 hits: 11-03 to 11-13]
875a3741ef
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:15:00 Win2K-f 216.166.152.42 (TRITEL.NET):
TCT WEST,
LIBBY, MONTANA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.53.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 955ecf16fc
NEW
9e8a4e25b2
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:17:00 WinXP 87.110.145.15 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 06a5e31b47
[Firefox:12 hits: 10-28 to 11-12] none[none] none:none
none|none none none

T:13:19:00 Win2K-f 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.53.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:37:00 WinXP 72.251.92.205 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 ca47a36342
[Firefox:32 hits: 05-29 to 11-03] c3a58f69c6 [0] ASM:Graph
PolyEnE| lines=89
embedded dns trace

13:48:00 Win2K-f 70.245.156.133 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:49:00 WinXP 186.9.135.90 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 dd19428f27
NEW none[none] none:none
none|none none none

T:13:53:00 WinXP 190.190.129.31 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3c484a14db
NEW none[none] none:none
none|none none none

14:03:00 WinXP 87.246.62.152 (-):
CMTS CLIENTS IN SOFIA,
SOFIA, SOFIYA, BG. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 06a5e31b47
[Firefox:12 hits: 10-28 to 11-12] none[none] none:none
none|none none none

14:13:00 Win2K-f 88.165.39.66 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:34 hits: 07-29 to 11-13] none[none] none:none
none|none none none

T:14:16:00 WinXP 189.123.56.215 (-):
. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 33 of 35 e50d19ea22
[Firefox: 7 hits: 10-21 to 11-12] none[none] none:none
none|none none none

14:34:00 WinXP 212.220.85.222 (URTC.RU):
JSC 10000 BOOKS,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:39:00 Win2K-f 4.138.32.111 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NORTH CAROLINA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:41:00 Win2K-f 24.79.221.200 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 52af456775
NEW
8cb03991f2
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:42:00 WinXP 12.41.130.43 (PRCINTERNET.NET):
PRC INTERNET CORP,
SAN JUAN, PUERTO RICO, PR. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:479 hits: 04-01 to 11-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

14:43:00 Win2K-f 70.182.172.13 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:46:00 WinXP 201.5.25.28 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:745 hits: 12-31 to 11-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:14:48:00 WinXP 82.244.240.35 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 d17ec31c05
NEW none[none] none:none
none|none none none

14:55:00 WinXP 190.138.130.152 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox:11 hits: 10-20 to 11-10] none[none] none:none
none|none none none

T:14:56:00 WinXP 190.138.130.152 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 5e4f6ad9dc
[Firefox:11 hits: 10-20 to 11-10] none[none] none:none
none|none none none

T:14:57:00 WinXP 70.182.172.13 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:15:00 Win2K-f 208.45.117.80 (QWEST.NET):
QWEST COMMUNICATIONS,
BOISE, IDAHO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:17:00 WinXP 216.211.242.84 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:19:00 WinXP 114.48.21.248 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 8e6e0ab8d8
NEW none[none] none:none
none|none none none

15:32:00 WinXP 62.120.18.237 (-):
EUNET,
FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4b440bbb53
NEW none[none] none:none
none|none none none

T:15:32:00 WinXP 62.120.18.237 (-):
EUNET,
FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 4b440bbb53
NEW none[none] none:none
none|none none none

15:53:00 Win2K-f 76.79.177.218 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a 135 pcap raw alerts
ruleset other
1010 lines Yeah : 1.3
profile none summary
tarball 6 of 36
7 of 36 2c0902a088
NEW
435638f87d
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:58:00 WinXP 82.67.147.8 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 68c7eb1805
NEW none[none] none:none
none|none none none

16:11:00 WinXP 82.15.41.177 (NTL.COM):
NTL INFRASTRUCTURE - BAGULEY,
HARTLEPOOL, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:429 hits: 12-31 to 11-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

16:15:00 Win2K-f 218.175.28.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 9 hits: 10-22 to 11-06] none[none] none:none
none|none none none

16:28:00 WinXP 41.214.188.244 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:745 hits: 12-31 to 11-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:16:35:00 WinXP 61.221.45.246 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 34 c50e298b27
[Firefox:19 hits: 10-26 to 11-13] none[none] none:none
none|none none none

T:16:36:00 WinXP 71.85.120.146 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

16:39:00 WinXP 71.85.120.146 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

16:49:00 WinXP 92.113.0.49 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a957fc6133
NEW none[none] none:none
none|none none none

17:02:00 WinXP 69.85.106.219 (ELLIJAY.COM):
ELLIJAY COMMUNITY TELEVISION,
BLUE RIDGE, GEORGIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:07:00 Win2K-f 218.175.28.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox: 9 hits: 10-22 to 11-06] none[none] none:none
none|none none none

17:08:00 WinXP 65.7.81.36 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
SAGINAW, MICHIGAN, US. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4fbdefea7b
NEW none[none] none:none
none|none none none

17:11:00 Win2K-f 222.236.225.18 (HANANET.NET):
HANARO TELECOM INC,
KR. 79.132.211.24:65520 US:microsoft.com
EU:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.96.126:80 135 pcap raw alerts
ruleset irc
http
113 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33 b74e792974
[Firefox:17 hits: 06-18 to 11-13]
f0e73c39a8
[Firefox:18 hits: 06-18 to 11-13] b74e792974 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

17:20:00 Win2K-f 70.61.158.35 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:21:00 WinXP 76.247.46.156 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:200 hits: 04-16 to 11-13] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:17:38:00 WinXP 190.138.25.154 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 0.8
profile none summary
tarball 34 of 36 805afbac09
[Firefox: 8 hits: 10-31 to 11-12] none[none] none:none
none|none none none

17:45:00 Win2K-f 70.62.226.28 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAIRFIELD, OHIO, US. n/a 135 pcap raw alerts
ruleset other
1010 lines Yeah : 1.3
profile none summary
tarball 6 of 36
7 of 36 2c0902a088
NEW
435638f87d
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:46:00 WinXP 69.85.106.130 (ELLIJAY.COM):
ELLIJAY COMMUNITY TELEVISION,
BLUE RIDGE, GEORGIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

17:49:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.70.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
57ce4acac2
[Firefox:344 hits: 06-17 to 11-13] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:51:00 WinXP 74.62.103.126 (RR.COM):
ROAD RUNNER HOLDCO LLC,
APPLETON, WISCONSIN, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1c544ae06d
[Firefox: 4 hits: 09-25 to 10-20] none[none] none:none
none|none none none

17:55:00 WinXP 219.174.36.53 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13]
e07c29c4ae
[Firefox:838 hits: 06-19 to 11-13] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:18:05:00 WinXP 211.74.112.179 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox: 7 hits: 10-26 to 11-13] none[none] none:none
none|none none none

T:18:11:00 Win2K-f 24.85.208.53 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:11:00 WinXP 74.71.71.11 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EAST SYRACUSE, NEW YORK, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
EU:ebookfinaltrash.ru
:wpad
GB:new.egg.com
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
http
25 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:386 hits: 04-01 to 11-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

18:16:00 WinXP 4.138.35.199 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NORTH CAROLINA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.220.124:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:30:00 WinXP 190.240.48.102 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 3fdf407c13
NEW none[none] none:none
none|none none none

T:18:31:00 WinXP 66.217.37.106 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:745 hits: 12-31 to 11-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:18:35:00 WinXP 200.225.164.217 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a5fb35c9fd
NEW none[none] none:none
none|none none none

T:18:35:00 WinXP 117.99.26.244 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
20 lines Yeah : 1.3
profile none summary
tarball 34 of 36 fb4831bb39
[Firefox: 2 hits: 11-10 to 11-13] none[none] none:none
none|none none none

18:40:00 WinXP 68.146.242.111 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 8055e4589d
NEW none[none] none:none
none|none none none

T:18:51:00 WinXP 59.105.174.128 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f4f065e88b
NEW none[none] none:none
none|none none none

18:53:00 Win2K-f 78.96.162.234 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 a67f84f2af
[Firefox: 6 hits: 10-27 to 11-07] none[none] none:none
none|none none none

19:09:00 Win2K-f 64.250.77.185 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:205.128.70.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
118 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 632ca807a6
NEW
9c2207ef84
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:16:00 WinXP 58.233.18.182 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:24 hits: 09-26 to 11-09] none[none] none:none
none|none none none

T:19:24:00 WinXP 65.183.137.165 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
CLOQUET, MINNESOTA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:204.160.126.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 9e9244a382
NEW
d518b500dd
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:43:00 WinXP 61.20.162.17 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:51:00 WinXP 76.171.93.240 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 445 pcap raw alerts
ruleset http
http
http
17 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:386 hits: 04-01 to 11-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:19:52:00 WinXP 60.35.205.242 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 34 of 35 e604210b1a
NEW none[none] none:none
none|none none none

T:19:59:00 Win2K-f 85.95.210.118 (CALIXO.NET):
VIALIS - REGIE MUNICIPALE DE COLMAR,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
[Firefox:28 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:19:59:00 WinXP 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.42.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:10:00 WinXP 78.146.88.219 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f32b37da28
[Firefox: 2 hits: 11-06 to 11-09] none[none] none:none
none|none none none

20:10:00 WinXP 125.197.186.149 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:479 hits: 04-01 to 11-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:20:19:00 WinXP 83.103.171.167 (-):
ASTRAL PLOIESTI WIRELESS NETWORK,
PLOIESTI, PRAHOVA, RO. (100Mbps) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:37 hits: 09-26 to 11-10] none[none] none:none
none|none none none

20:19:00 WinXP 218.37.231.173 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 021884fd26
NEW none[none] none:none
none|none none none

20:34:00 Win2K-f 96.51.155.245 (-):
. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
EU:79.132.211.24:80 135 pcap raw alerts
ruleset irc
206 lines Yeah : 1.3
profile none summary
tarball 27 of 32
34 of 36 b455f223d6
[Firefox: 9 hits: 06-20 to 11-13]
f6a98dbff3
[Firefox: 3 hits: 11-05 to 11-13] b455f223d6 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

T:20:49:00 WinXP 117.99.24.228 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 34 d20f157117
NEW none[none] none:none
none|none none none

20:51:00 Win2K-f 4.231.148.145 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DEER PARK, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset irc
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:21:05:00 Win2K-f 122.146.81.239 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:06:00 WinXP 4.228.204.43 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NAMPA, IDAHO, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
262 lines Yeah : 1.3
profile none summary
tarball 33 of 36 6015e4d74d
NEW none[none] none:none
none|none none none

21:09:00 Win2K-f 24.76.239.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
27 lines Argh : 0.3
profile none summary
tarball none none none none none none none

21:12:00 Win2K-f 65.205.75.3 (LUCKYSTARCASINO.ORG):
LUCKY STAR CASINO,
OKLAHOMA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:21:00 WinXP 4.182.135.63 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VISALIA, CALIFORNIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:22:00 WinXP 118.231.104.45 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 1c43aab97a
NEW none[none] none:none
none|none none none

T:21:30:00 Win2K-f 72.215.38.211 (COX.NET):
COX COMMUNICATIONS,
NICEVILLE, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.37.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13]
b5919931fe
[Firefox:1124 hits: 06-20 to 11-13] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:40:00 WinXP 216.78.15.38 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
OPELOUSAS, LOUISIANA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:38 hits: 10-01 to 11-13] none[none] none:none
none|none none none

21:50:00 Win2K-f 116.125.78.147 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
irc
157 lines Yeah : 1.8
profile none summary
tarball 34 of 36
33 of 36 2f27f1f3ed
[Firefox: 4 hits: 08-24 to 11-08]
baa7256c07
[Firefox: 3 hits: 09-14 to 11-08] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:55:00 WinXP 118.169.218.205 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1092 hits: 12-31 to 11-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

22:00:00 WinXP 119.240.154.48 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:479 hits: 04-01 to 11-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:22:15:00 WinXP 125.4.237.224 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 2e45ae247e
[Firefox: 8 hits: 06-25 to 11-04]
53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

22:21:00 Win2K-f 118.160.24.183 (-):
. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:21:00 WinXP 63.78.122.45 (ALTER.NET):
MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS,
KANSAS CITY, MISSOURI, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:199.93.44.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
73f1082158
[Firefox:1958 hits: 06-18 to 11-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:27:00 Win2K-f 211.176.9.123 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
94 lines Yeah : 1.3
profile none summary
tarball 0 of 33
30 of 33 4c3df24b32
[Firefox:248 hits: 06-17 to 11-12]
ff2150aa95
[Firefox: 8 hits: 07-03 to 11-03] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

22:28:00 Win2K-f 70.168.9.168 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. n/a 135 pcap raw alerts
ruleset other
232 lines Yeah : 1.3
profile none summary
tarball 33 of 36 3320c728b1
[Firefox: 2 hits: 10-07 to 10-09] none[none] none:none
none|none none none

22:45:00 WinXP 62.141.201.115 (MM.PL):
MULTIMEDIA POLSKA S. A,
POZNAN, WIELKOPOLSKIE, PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5b901e64d0
NEW none[none] none:none
none|none none none

22:54:00 WinXP 122.146.81.239 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:34:00 WinXP 68.151.251.109 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 9c83cff291
NEW
e7893ad4aa
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

23:58:00 WinXP 72.215.38.211 (COX.NET):
COX COMMUNICATIONS,
NICEVILLE, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3939 hits: 06-17 to 11-13]
a08f3b74a4
[Firefox:1408 hits: 06-18 to 11-13]
e07c29c4ae
[Firefox:838 hits: 06-19 to 11-13] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

23:59:00 WinXP 83.93.97.124 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
AALBORG, NORDJYLLAND, DK. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f5ab9763ea
[Firefox:22 hits: 10-03 to 11-10] none[none] none:none
none|none none none