Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 November 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:08:00 WinXP 59.104.250.138 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f4bffb9e96
[Firefox: 3 hits: 11-06 to 11-13] none[none] none:none
none|none none none

T:00:22:00 WinXP 221.191.250.205 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.43.236.66:8080 72.10.172.211:8080 CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info
CA:67.43.226.242:8080
CA:67.43.236.66:8080
CA:72.10.172.211:8080 445 pcap raw alerts
ruleset shell
ftp
irc
http
27 lines Yeah : 1.8
profile none summary
tarball 21 of 36
15 of 36
34 of 36 41b9df60db
[Firefox: 8 hits: 11-03 to 11-14]
cada8d5adf
[Firefox: 7 hits: 11-03 to 11-12]
cf860c219a
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

00:38:00 WinXP 222.235.110.158 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 0 of 33
30 of 32 4c3df24b32
[Firefox:249 hits: 06-17 to 11-14]
8390780c27
[Firefox:45 hits: 06-18 to 11-12] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:00:40:00 Win2K-f 24.66.225.237 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:28:00 WinXP 218.39.236.90 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:198.78.220.124:80
US:207.123.42.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
162 lines Yeah : 1.3
profile none summary
tarball 34 of 36
34 of 36 33351b3fc9
[Firefox: 2 hits: 11-13 to 11-13]
cdcc5dca6c
[Firefox: 2 hits: 11-13 to 11-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

01:29:00 WinXP 24.30.171.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:198.78.220.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:49:00 WinXP 222.150.30.1 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 34 of 35 e604210b1a
[Firefox: 2 hits: 11-13 to 11-14] none[none] none:none
none|none none none

T:01:51:00 WinXP 117.99.14.88 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 8055e4589d
NEW none[none] none:none
none|none none none

T:02:04:00 WinXP 79.132.193.97 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 4f759cd83d
NEW none[none] none:none
none|none none none

T:02:08:00 WinXP 118.83.9.105 (-):
. 72.10.172.218:7763 CA:fuck.urpal43sourpalhuh.com
CA:72.10.169.26:80 135 pcap raw alerts
ruleset irc
626 lines Yeah : 1.8
profile none summary
tarball 34 of 36 ad530b3aaf
NEW none[none] none:none
none|none none none

T:02:10:00 Win2K-f 114.201.124.85 (-):
. n/a US:microsoft.com
EU:proxima.ircgalaxy.pl
US:download.microsoft.com
US:204.160.126.126:80
US:4.23.60.125:80
EU:79.132.211.24:65520
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 168aab35a3
[Firefox:190 hits: 06-17 to 11-13]
667f0c59f3
[Firefox:33 hits: 07-04 to 11-07] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:02:15:00 Win2K-f 4.229.189.47 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BATTLE CREEK, MICHIGAN, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.70.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:17:00 WinXP 83.213.3.12 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BILBAO, PAIS VASCO, ES. 72.10.172.218:7763 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 fb4831bb39
[Firefox: 3 hits: 11-10 to 11-14] none[none] none:none
none|none none none

T:02:24:00 WinXP 85.179.147.144 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1cc50efd1f
[Firefox: 2 hits: 11-12 to 11-14] none[none] none:none
none|none none none

T:02:25:00 Win2K-f 140.239.40.37 (XO.NET):
XO COMMUNICATIONS,
CHELMSFORD, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:207.123.42.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
89 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 73ce2b74da
[Firefox:35 hits: 06-18 to 11-14]
79c01ec060
[Firefox:79 hits: 06-18 to 11-14] 73ce2b74da [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

02:28:00 Win2K-f 72.174.65.214 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:207.123.42.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:38:00 WinXP 201.172.246.186 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. n/a DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:229 hits: 04-06 to 11-14] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:02:45:00 WinXP 80.218.99.110 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 35d06cf047
NEW none[none] none:none
none|none none none

02:55:00 WinXP 82.254.98.25 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox:14 hits: 10-26 to 11-15] none[none] none:none
none|none none none

T:03:11:00 WinXP 83.41.107.88 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a51c225c89
NEW none[none] none:none
none|none none none

03:13:00 WinXP 97.77.49.110 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 5b901e64d0
[Firefox: 5 hits: 11-13 to 11-15] none[none] none:none
none|none none none

T:03:13:00 WinXP 97.77.49.110 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5b901e64d0
[Firefox: 5 hits: 11-13 to 11-15] none[none] none:none
none|none none none

T:03:27:00 WinXP 219.162.9.133 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:547 hits: 04-15 to 11-15] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

03:50:00 WinXP 79.138.177.28 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1ed69f0ca4
[Firefox: 2 hits: 11-03 to 11-15] none[none] none:none
none|none none none

03:52:00 WinXP 85.86.209.181 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
SAN SEBASTIAN, PAIS VASCO, ES. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 f3f1ed8b36
[Firefox:29 hits: 11-02 to 11-13] none[none] none:none
none|none none none

03:52:00 Win2K-f 70.237.179.20 (-):
BARREWOODS,
KANSAS CITY, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

03:55:00 Win2K-f 118.86.73.230 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
125 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0b951c2832
[Firefox:11 hits: 08-19 to 11-09]
e4ed4df0f0
[Firefox:11 hits: 08-19 to 11-09] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

04:03:00 WinXP 87.57.182.251 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:31 hits: 08-02 to 11-10] none[none] none:none
none|none none none

T:04:03:00 WinXP 87.57.182.251 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:31 hits: 08-02 to 11-10] none[none] none:none
none|none none none

T:04:20:00 WinXP 60.34.229.10 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:22:00 Win2K-f 218.117.136.125 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
JP. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:25:00 WinXP 87.1.87.83 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
AVELLINO, CAMPANIA, IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 289d74b4ce
[Firefox:15 hits: 11-03 to 11-15] none[none] none:none
none|none none none

T:04:25:00 WinXP 87.1.87.83 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
AVELLINO, CAMPANIA, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 289d74b4ce
[Firefox:15 hits: 11-03 to 11-15] none[none] none:none
none|none none none

04:29:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:30:00 WinXP 4.191.74.156 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:205.128.73.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
154 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:01:00 WinXP 41.214.155.248 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bf9f26628c
[Firefox:17 hits: 10-11 to 11-15] none[none] none:none
none|none none none

05:19:00 WinXP 92.41.195.207 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:59 hits: 10-05 to 11-15] none[none] none:none
none|none none none

T:05:25:00 WinXP 83.236.101.212 (QSC.DE):
QSC AG DYNAMIC IP ADDRESSES,
DE. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:229 hits: 04-06 to 11-14] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:05:25:00 WinXP 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:351 hits: 06-17 to 11-15] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

05:32:00 WinXP 118.111.45.102 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 34 of 36 40973a3480
[Firefox: 2 hits: 11-15 to 11-15] none[none] none:none
none|none none none

05:37:00 Win2K-f 211.203.31.16 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
2 of 36 8ec6129efe
[Firefox:27 hits: 06-24 to 11-15]
d9766a3162
[Firefox: 6 hits: 08-29 to 11-15] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

05:46:00 WinXP 24.87.163.116 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.126.124:80
US:205.128.73.126:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
125 lines Yeah : 1.3
profile none summary
tarball 31 of 36
33 of 36 28ce5fc467
[Firefox: 9 hits: 09-12 to 11-04]
e7335cb667
[Firefox: 9 hits: 09-12 to 11-04] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

06:09:00 WinXP 222.161.104.154 (NEW218.JL.CN):
CNCGROUP JILIN PROVINCE NETWORK,
JILIN, JILIN, CN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4b440bbb53
[Firefox: 6 hits: 11-10 to 11-15] none[none] none:none
none|none none none

06:34:00 WinXP 61.94.125.42 (TELKOM.NET.ID):
PT TELKOM INDONESIA,
SURABAYA, JAWA TIMUR (DJAWA TIMUR), ID. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
EU:ebookfinaltrash.ru
:wpad
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
17 lines Yeah : 0.8
profile none summary
tarball 29 of 29 0ada72d805
[Firefox:14 hits: 04-12 to 10-02] 239ec78f15 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:06:37:00 WinXP 119.31.19.3 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 75347e3aaf
[Firefox:15 hits: 10-11 to 11-09] none[none] none:none
none|none none none

T:07:07:00 WinXP 92.41.195.138 (IKBCC.COM):
EU-ZZ,
UK. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 35 42cdf265dc
NEW none[none] none:none
none|none none none

T:07:16:00 WinXP 88.164.69.136 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 a1ffe20f3d
NEW none[none] none:none
none|none none none

T:07:31:00 WinXP 85.138.230.123 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 a96b94fdb6
NEW none[none] none:none
none|none none none

07:40:00 WinXP 41.210.209.168 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:20 hits: 11-01 to 11-14] none[none] none:none
none|none none none

07:53:00 Win2K-f 202.161.189.43 (ALAPCOM.COM):
ALAP COMMUNICATION LTD. DATA/INTERNET SERVICE,
BD. n/a EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
335 lines Yeah : 1.3
profile none summary
tarball 32 of 36 3ea3e1ad41
NEW none[none] none:none
none|none none none

07:58:00 WinXP 85.86.98.42 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
SAN SEBASTIAN, PAIS VASCO, ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:86 hits: 09-13 to 11-15] none[none] none:none
none|none none none

T:07:58:00 WinXP 85.86.98.42 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
SAN SEBASTIAN, PAIS VASCO, ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:86 hits: 09-13 to 11-15] none[none] none:none
none|none none none

T:08:09:00 WinXP 190.26.153.39 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
63 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:09:00 WinXP 84.247.45.225 (-):
GENIUS NETWORK SYSTEM SRL,
GALATI, GALATI, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:13:00 Win2K-f 190.225.113.82 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:15:00 Win2K-f 88.134.133.220 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
LANDAU, RHEINLAND-PFALZ, DE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 24 of 33 814b221f75
[Firefox: 2 hits: 07-08 to 07-08] none[none] none:none
none|none none none

T:08:18:00 WinXP 200.86.113.159 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:18:00 Win2K-f 91.134.1.126 (-):
TELENET LTD ASSIGMENT,
BG. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 24 of 33 814b221f75
[Firefox: 2 hits: 07-08 to 07-08] none[none] none:none
none|none none none

08:19:00 Win2K-f 92.255.164.12 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:19:00 WinXP 94.181.210.21 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:23:00 WinXP 94.181.109.96 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:27:00 Win2K-f 94.181.96.175 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:27:00 WinXP 91.64.27.46 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 29 of 36 fef28da553
NEW none[none] none:none
none|none none none

T:08:30:00 Win2K-f 78.131.121.236 (-):
EMKTV DOROG DOCSIS,
HU. n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:30:00 Win2K-f 190.138.140.245 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:32:00 Win2K-f 91.179.101.96 (ISP.BELGACOM.BE):
BELGACOM,
BE. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:33:00 Win2K-f 91.65.33.129 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:34:00 WinXP 77.254.132.178 (COM.PL):
NETIA,
PL. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
66 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:35:00 Win2K-f 90.150.127.63 (PERMONLINE.RU):
PFES.FOR ADSL USERS,
RU. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

08:42:00 WinXP 80.234.23.185 (-):
POLICOM SPA IS AN INTERNET SERVICE PROVIDER,
VENICE, VENETO, IT. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
66 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cf159382c2
NEW none[none] none:none
none|none none none

T:08:48:00 WinXP 115.83.184.237 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox:14 hits: 10-26 to 11-15] none[none] none:none
none|none none none

T:08:53:00 WinXP 91.134.1.126 (-):
TELENET LTD ASSIGMENT,
BG. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 24 of 33 814b221f75
[Firefox: 2 hits: 07-08 to 07-08] none[none] none:none
none|none none none

08:56:00 Win2K-f 92.255.166.1 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:08:58:00 WinXP 94.181.103.153 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:01:00 Win2K-f 203.222.210.97 (HIMAWARINET.NE.JP):
NISHIKYUSYU ELECTRICAL EQUIPMENT,
JP. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:02:00 Win2K-f 201.83.241.29 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:03:00 Win2K-f 78.97.43.94 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:03:00 WinXP 91.65.33.129 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:03:00 Win2K-f 190.225.113.82 (-):
. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:07:00 WinXP 189.87.214.237 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:07:00 WinXP 91.66.171.34 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 69.42.216.108:2010 :f.unicat.org
US:aflam.100free.com
US:adware.rxmods.net
US:208.73.210.121:80 445 pcap raw alerts
ruleset ftp
irc
http
501 lines Yeah : 1.3
profile none summary
tarball 18 of 35
13 of 31 cd75030ece
[Firefox:21 hits: 07-29 to 08-30]
e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

09:08:00 WinXP 91.67.17.75 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 69.42.216.108:2010 :f.unicat.org
US:aflam.100free.com
US:adware.rxmods.net
US:208.73.210.121:80 445 pcap raw alerts
ruleset ftp
irc
http
519 lines Yeah : 1.3
profile none summary
tarball 18 of 35
13 of 31 cd75030ece
[Firefox:21 hits: 07-29 to 08-30]
e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] none[none]
fda109a6fd[0] none:none
ASM:Graph
none|none
ASProtect| none
lines=583
embedded dns none
trace

09:09:00 WinXP 94.181.96.175 (-):
. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:18:00 Win2K-f 91.67.17.75 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:19:00 Win2K-f 212.104.115.192 (BULSATTV.COM):
TELECABLE PAZARDJIK,
PLOVDIV, PLOVDIV, BG. (DSL) n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:29:00 Win2K-f 91.66.190.28 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
78 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:32:00 WinXP 77.20.37.101 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:32:00 Win2K-f 203.222.210.97 (HIMAWARINET.NE.JP):
NISHIKYUSYU ELECTRICAL EQUIPMENT,
JP. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
96 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:33:00 WinXP 77.92.200.135 (RYCHLY-NET.CZ):
INEXT,
CZ. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
86 lines Yeah : 1.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:09:37:00 WinXP 90.150.127.63 (PERMONLINE.RU):
PFES.FOR ADSL USERS,
RU. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:37:00 Win2K-f 89.245.162.78 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
91 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:37:00 WinXP 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:38:00 Win2K-f 91.179.101.96 (ISP.BELGACOM.BE):
BELGACOM,
BE. 69.42.216.108:9890 :f.unicat.org
US:aflam.100free.com 445 pcap raw alerts
ruleset ftp
irc
84 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

09:43:00 WinXP 201.83.241.29 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:53:00 WinXP 78.97.48.30 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:05:00 Win2K-f 85.186.62.71 (ASTRAL.RO):
ASTRAL ODORHEI CABLE,
SIMERIA, HUNEDOARA, RO. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d83d2022a6
NEW none[none] none:none
none|none none none

T:10:07:00 Win2K-f 91.66.182.46 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:09:00 WinXP 88.200.162.41 (SYZRAN.RU):
JSC VOLGATELECOM SAMARA BRANCH SYZRAN MRZES,
RU. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 32 of 36 cf159382c2
NEW none[none] none:none
none|none none none

T:10:09:00 WinXP 94.181.106.164 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:10:00 Win2K-f 212.104.115.192 (BULSATTV.COM):
TELECABLE PAZARDJIK,
PLOVDIV, PLOVDIV, BG. (DSL) 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:12:00 Win2K-f 92.255.170.126 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a :f.unicat.org 445 pcap raw alerts
ruleset ftp
15 lines Yeah : 0.8
profile none summary
tarball 26 of 36 18d92193f9
NEW none[none] none:none
none|none none none

T:10:13:00 Win2K-f 77.92.200.135 (RYCHLY-NET.CZ):
INEXT,
CZ. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

10:23:00 Win2K-f 91.66.182.46 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:10:25:00 WinXP 91.66.41.213 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:435 hits: 12-31 to 11-15] 048df78048 [0] ASM:Graph
none|none lines=61 trace

10:28:00 WinXP 78.97.4.245 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 32 of 36 16049df2e0
NEW none[none] none:none
none|none none none

10:29:00 WinXP 217.200.26.121 (-):
TELECOM ITALIA MOBILE,
IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3b8b96d0db
[Firefox: 4 hits: 11-09 to 11-15] none[none] none:none
none|none none none

T:10:29:00 WinXP 217.200.26.121 (-):
TELECOM ITALIA MOBILE,
IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 3b8b96d0db
[Firefox: 4 hits: 11-09 to 11-15] none[none] none:none
none|none none none

T:10:53:00 Win2K-f 89.137.168.193 (-):
ASTRAL BRAILA DOCSIS NETWORK,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 e7801a316b
[Firefox: 6 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:10:53:00 Win2K-f 89.137.20.143 (-):
ASTRAL DEVA DOCSIS,
SIMERIA, HUNEDOARA, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
[Firefox:13 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:10:53:00 WinXP 83.215.214.219 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:51 hits: 08-01 to 11-14] none[none] none:none
none|none none none

T:10:56:00 WinXP 85.84.75.212 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
ES. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:50 hits: 08-15 to 11-14] none[none] none:none
none|none none none

11:02:00 Win2K-f 61.228.47.5 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox:13 hits: 10-22 to 11-14] none[none] none:none
none|none none none

11:04:00 WinXP 85.186.136.152 (UPCNET.RO):
ASTRAL-UPC,
TIMISOARA, TIMIS, RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:15 hits: 10-22 to 11-14] none[none] none:none
none|none none none

11:04:00 Win2K-f 84.112.31.3 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 6b28308388
[Firefox: 8 hits: 11-05 to 11-13] none[none] none:none
none|none none none

11:06:00 Win2K-f 88.170.183.211 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:30 hits: 10-27 to 11-14] none[none] none:none
none|none none none

T:11:09:00 Win2K-f 82.234.252.104 (PROXAD.NET):
PROXAD / FREE SAS,
ROUEN, HAUTE-NORMANDIE, FR. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 33 of 36 2ed1d790f6
NEW none[none] none:none
none|none none none

T:11:10:00 WinXP 80.218.97.74 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
NL:london.uk.eu.undernet.org
US:lia.zanet.net
SE:vancouver.dal.net
:brussels.be.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:coins.dal.net
SE:broadway.ny.us.dal.net
SE:viking.dal.net
:gaspode.zanet.org.za
SE:ced.dal.net
:caen.fr.eu.undernet.org
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 217de26957
[Firefox: 5 hits: 10-27 to 11-13] none[none] none:none
none|none none none

T:11:14:00 WinXP 89.136.81.252 (UPCNET.RO):
ASTRAL-UPC BOTOSANI,
CLUJ-NAPOCA, CLUJ, RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 49d3ae6498
NEW none[none] none:none
none|none none none

11:16:00 Win2K-f 83.215.12.162 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
[Firefox:31 hits: 09-26 to 11-14] none[none] none:none
none|none none none

T:11:20:00 WinXP 130.13.133.142 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 eb1fe45c8b
NEW none[none] none:none
none|none none none

T:11:21:00 WinXP 89.136.15.4 (-):
ASTRAL BUZAU DOCSIS NETWORK,
BUZAU, BUZAU, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d17330db37
[Firefox:13 hits: 10-22 to 11-14] none[none] none:none
none|none none none

11:23:00 Win2K-f 72.234.47.158 (HAWAIIANTEL.NET):
HAWAIIAN TELCOM SERVICES COMPANY INC,
HONOLULU, HAWAII, US. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 3eeb212cb1
[Firefox:13 hits: 10-22 to 11-13] none[none] none:none
none|none none none

11:24:00 WinXP 78.97.2.236 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ed84068c1f
[Firefox: 3 hits: 11-05 to 11-06] none[none] none:none
none|none none none

T:11:26:00 Win2K-f 122.125.80.4 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

11:31:00 WinXP 89.137.3.232 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 e5dab5f4ec
[Firefox:26 hits: 09-26 to 11-13] none[none] none:none
none|none none none

11:34:00 Win2K-f 89.137.3.12 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 35 ddb8dcfe6a
[Firefox:14 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:11:45:00 Win2K-f 86.52.136.124 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
TAASTRUP, VESTSJALLAND, DK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

11:45:00 WinXP 61.4.223.165 (-):
CJ CABLENET PUKINCHEON BROADCASTING,
INCHON, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0fb74a16d5
[Firefox: 6 hits: 11-05 to 11-13] none[none] none:none
none|none none none

11:46:00 Win2K-f 88.118.136.5 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
LT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox:38 hits: 07-29 to 11-14] none[none] none:none
none|none none none

11:48:00 Win2K-f 89.136.24.179 (UPCNET.RO):
ASTRAL-UPC ROMAN,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 a8fbb623bc
NEW none[none] none:none
none|none none none

11:49:00 Win2K-f 58.234.56.101 (-):
THRUNET-INFRA-SEOUL15,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

T:11:49:00 WinXP 85.67.42.169 (-):
FIBERNET,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 cd712316e7
[Firefox:11 hits: 10-26 to 11-14] none[none] none:none
none|none none none

11:50:00 WinXP 85.67.91.241 (-):
FIBERNET,
HU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ead12a6c02
[Firefox:42 hits: 09-26 to 11-14] none[none] none:none
none|none none none

11:50:00 WinXP 83.215.17.56 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:129 hits: 07-13 to 11-14] none[none] none:none
none|none none none

T:11:55:00 Win2K-f 88.172.248.71 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 36 0db664089d
[Firefox:13 hits: 10-27 to 11-07] none[none] none:none
none|none none none

T:11:57:00 Win2K-f 90.30.77.179 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
CANNES, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:36 hits: 08-01 to 11-14] none[none] none:none
none|none none none

T:12:10:00 WinXP 78.96.215.132 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 49d3ae6498
NEW none[none] none:none
none|none none none

T:12:16:00 WinXP 83.97.173.55 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bf9f26628c
[Firefox:17 hits: 10-11 to 11-15] none[none] none:none
none|none none none

T:12:22:00 Win2K-f 217.162.121.107 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 63.173.172.98:6668 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 2473f89c70
NEW none[none] none:none
none|none none none

12:22:00 WinXP 186.9.51.209 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 35 24e4c28fdb
[Firefox: 9 hits: 10-25 to 11-15] none[none] none:none
none|none none none

12:23:00 Win2K-f 88.111.175.115 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:26 hits: 09-26 to 11-14] none[none] none:none
none|none none none

T:12:23:00 WinXP 85.186.61.38 (ASTRAL.RO):
ASTRAL ODORHEI CABLE,
TIMISOARA, TIMIS, RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:15 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:12:23:00 WinXP 186.9.51.209 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 35 24e4c28fdb
[Firefox: 9 hits: 10-25 to 11-15] none[none] none:none
none|none none none

12:25:00 WinXP 85.186.62.71 (ASTRAL.RO):
ASTRAL ODORHEI CABLE,
SIMERIA, HUNEDOARA, RO. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d83d2022a6
NEW none[none] none:none
none|none none none

12:25:00 Win2K-f 211.208.82.15 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:23 hits: 10-20 to 11-14] none[none] none:none
none|none none none

T:12:26:00 WinXP 88.111.175.115 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 44ea4d3c7c
[Firefox:26 hits: 09-26 to 11-14] none[none] none:none
none|none none none

12:31:00 WinXP 84.112.111.199 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 24 of 36 31f5dd22e3
NEW none[none] none:none
none|none none none

T:12:31:00 WinXP 79.175.204.118 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a537edc44b
[Firefox: 7 hits: 09-26 to 11-10] none[none] none:none
none|none none none

12:31:00 Win2K-f 58.233.184.73 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 50649fc087
[Firefox:34 hits: 07-29 to 11-13] none[none] none:none
none|none none none

12:43:00 Win2K-f 218.235.23.150 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 e14f12a7bb
NEW none[none] none:none
none|none none none

12:46:00 WinXP 89.136.25.72 (UPCNET.RO):
ASTRAL-UPC ROMAN,
TIMISOARA, TIMIS, RO. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 76b7a2a0ad
[Firefox: 8 hits: 11-05 to 11-09] none[none] none:none
none|none none none

12:51:00 WinXP 82.240.243.178 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 584c38b8ff
NEW none[none] none:none
none|none none none

T:12:54:00 Win2K-f 79.175.200.129 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox:13 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:12:58:00 WinXP 87.56.146.151 (BROADBAND.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
RU:www.bbin.ru 445 pcap raw alerts
ruleset http
http
http
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:394 hits: 04-01 to 11-15] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

13:02:00 WinXP 88.168.36.212 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 32 of 36 6fbf4d04c6
NEW none[none] none:none
none|none none none

T:13:03:00 WinXP 41.210.217.165 (-):
. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 e3e8735196
NEW none[none] none:none
none|none none none

T:13:10:00 WinXP 211.209.205.121 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:27 hits: 10-20 to 11-14] none[none] none:none
none|none none none

13:10:00 Win2K-f 85.204.186.191 (UPCNET.RO):
SC UPC ROMANIA SA,
TIMISOARA, TIMIS, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:27 hits: 10-20 to 11-14] none[none] none:none
none|none none none

13:13:00 WinXP 89.195.14.3 (-):
ORANGE,
UK. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:14:00 Win2K-f 81.251.240.214 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:50 hits: 08-15 to 11-14] none[none] none:none
none|none none none

13:17:00 Win2K-f 89.137.56.55 (UPCNET.RO):
ASTRAL-UPC ROMAN,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 918355cad9
[Firefox:13 hits: 10-26 to 11-07] none[none] none:none
none|none none none

13:20:00 WinXP 211.243.195.223 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 35 767239d076
NEW none[none] none:none
none|none none none

T:13:22:00 Win2K-f 83.56.155.12 (RIMA-TDE.NET):
TELEFONICA DE ESPANA (NCC#2005070725),
BARCELONA, CATALUñA, ES. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 bcae797d03
[Firefox:36 hits: 08-01 to 11-14] none[none] none:none
none|none none none

13:25:00 WinXP 88.180.38.15 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 67.43.236.99:1863 CA:xx.enterhere.biz
CA:zonetech.info
CA:alwayssam.com
CA:67.43.236.98:1863
CA:72.10.167.74:80 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 33 of 36 3945f6b40f
NEW none[none] none:none
none|none none none

13:34:00 Win2K-f 58.227.64.159 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 42ad686798
NEW none[none] none:none
none|none none none

T:13:43:00 WinXP 58.239.72.241 (-):
THRUNET-INFRA-BUSAN18,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 34 c50e298b27
[Firefox:20 hits: 10-26 to 11-14] none[none] none:none
none|none none none

13:49:00 WinXP 93.149.108.26 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:84 hits: 10-08 to 11-15] none[none] none:none
none|none none none

T:13:50:00 WinXP 68.149.152.19 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 c26fc3c9a3
[Firefox: 8 hits: 09-21 to 11-04] none[none] none:none
none|none none none

13:53:00 WinXP 116.45.40.192 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 6e8aae553c
NEW none[none] none:none
none|none none none

T:13:54:00 Win2K-f 212.10.104.182 (REV.STOFANET.DK):
TELIA STOFA A/S,
NAESTVED, STORSTROM, DK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 625144cee4
[Firefox:35 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:13:58:00 Win2K-f 75.62.6.115 (SBCGLOBAL.NET):
PPPOX POOL - RBACK33.SNFC,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15]
b5919931fe
[Firefox:1139 hits: 06-20 to 11-15] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

14:02:00 Win2K-f 84.112.66.30 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox:17 hits: 10-21 to 11-13] none[none] none:none
none|none none none

14:04:00 WinXP 76.186.112.59 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.46.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:06:00 Win2K-f 69.111.37.248 (PACBELL.NET):
IRVNCA ADSL RBACK4 PPPOX,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.46.125:80
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:07:00 Win2K-f 113.32.2.8 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:18 hits: 09-26 to 11-10] none[none] none:none
none|none none none

14:07:00 WinXP 88.108.227.24 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:31 hits: 09-26 to 11-14] none[none] none:none
none|none none none

14:12:00 Win2K-f 116.46.96.120 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 24 of 36 35d78b8e04
NEW none[none] none:none
none|none none none

T:14:13:00 WinXP 170.51.9.74 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:23 hits: 10-14 to 11-15] none[none] none:none
none|none none none

14:19:00 Win2K-f 114.44.23.191 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 32 of 36 13b045107b
NEW none[none] none:none
none|none none none

T:14:21:00 WinXP 217.201.169.164 (-):
TELECOM ITALIA MOBILE,
IT. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4840d5ef28
NEW none[none] none:none
none|none none none

T:14:22:00 Win2K-f 80.218.7.218 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 63.173.172.98:6668 79.132.211.24:65520 EU:proxim.ircgalaxy.pl
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 d249638a14
NEW none[none] none:none
none|none none none

14:25:00 Win2K-f 85.67.51.53 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 ca172c3868
[Firefox:13 hits: 10-22 to 11-09] none[none] none:none
none|none none none

T:14:33:00 WinXP 61.4.223.165 (-):
CJ CABLENET PUKINCHEON BROADCASTING,
INCHON, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 0fb74a16d5
[Firefox: 6 hits: 11-05 to 11-13] none[none] none:none
none|none none none

14:35:00 WinXP 90.24.71.23 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1d988e57e4
[Firefox:28 hits: 09-26 to 11-14] none[none] none:none
none|none none none

T:14:43:00 WinXP 219.95.147.42 (TM.NET.MY):
ADSL-STREAMYX-TMNET,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 8a7d408c85
NEW none[none] none:none
none|none none none

T:14:44:00 WinXP 88.168.219.143 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 27 of 35 e019377a4f
[Firefox: 7 hits: 10-28 to 11-14] none[none] none:none
none|none none none

T:14:46:00 WinXP 218.191.151.56 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 edd41bea6e
[Firefox: 2 hits: 10-22 to 11-10] none[none] none:none
none|none none none

14:47:00 Win2K-f 85.186.165.149 (ASTRAL.RO):
ASTRAL-BR-AIPA,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 6b28308388
[Firefox: 8 hits: 11-05 to 11-13] none[none] none:none
none|none none none

14:51:00 WinXP 114.44.112.248 (-):
. n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:04:00 Win2K-f 61.217.240.74 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:15 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:15:04:00 WinXP 85.67.101.129 (-):
FIBERNET,
HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 22 of 36 6c35a86ecd
NEW none[none] none:none
none|none none none

T:15:11:00 WinXP 76.169.142.24 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:129 hits: 07-13 to 11-14] none[none] none:none
none|none none none

15:12:00 WinXP 79.138.226.236 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1113 hits: 12-31 to 11-15] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

15:12:00 WinXP 41.214.164.236 (-):
. n/a EU:proxim.ircgalaxy.pl
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 17606f84ff
NEW none[none] none:none
none|none none none

15:19:00 Win2K-f 80.218.7.218 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 36 d249638a14
NEW none[none] none:none
none|none none none

T:15:20:00 WinXP 41.214.169.67 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5b901e64d0
[Firefox: 5 hits: 11-13 to 11-15] none[none] none:none
none|none none none

15:20:00 WinXP 41.214.169.67 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 5b901e64d0
[Firefox: 5 hits: 11-13 to 11-15] none[none] none:none
none|none none none

15:23:00 Win2K-f 207.5.163.119 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:207.123.46.125:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:26:00 WinXP 118.140.160.231 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:23 hits: 10-20 to 11-14] none[none] none:none
none|none none none

15:37:00 WinXP 79.175.193.85 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a537edc44b
[Firefox: 7 hits: 09-26 to 11-10] none[none] none:none
none|none none none

T:15:38:00 Win2K-f 173.16.128.165 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
b5919931fe
[Firefox:1139 hits: 06-20 to 11-15]
b7082104e4
[Firefox:269 hits: 06-18 to 11-15] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

15:42:00 Win2K-f 61.34.136.118 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33 3690b64ca2
[Firefox:12 hits: 06-18 to 11-10]
a6fb77fd26
[Firefox:12 hits: 06-18 to 11-10] none[4]
a6fb77fd26[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=82 trace
trace

15:47:00 WinXP 59.104.252.21 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
SE:viking.dal.net
SE:qis.md.us.dal.net
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f4bffb9e96
[Firefox: 3 hits: 11-06 to 11-13] none[none] none:none
none|none none none

15:47:00 WinXP 83.42.100.203 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b3ce57c019
[Firefox:23 hits: 08-15 to 11-14] none[none] none:none
none|none none none

T:15:48:00 WinXP 59.104.252.21 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
US:lia.zanet.net
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f4bffb9e96
[Firefox: 3 hits: 11-06 to 11-13] none[none] none:none
none|none none none

15:50:00 WinXP 170.51.26.37 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:23 hits: 10-14 to 11-15] none[none] none:none
none|none none none

T:15:50:00 WinXP 170.51.26.37 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 428ae15458
[Firefox:23 hits: 10-14 to 11-15] none[none] none:none
none|none none none

15:52:00 WinXP 61.217.240.74 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 28 of 36 c3be2ee601
[Firefox:15 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:15:58:00 Win2K-f 116.121.43.226 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 115404b48a
[Firefox: 2 hits: 11-06 to 11-14] none[none] none:none
none|none none none

T:16:06:00 WinXP 211.208.82.15 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 36 28b1bbe949
[Firefox:23 hits: 10-20 to 11-14] none[none] none:none
none|none none none

16:07:00 Win2K-f 218.173.13.195 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox:51 hits: 08-01 to 11-14] none[none] none:none
none|none none none

16:18:00 WinXP 81.251.240.214 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 d142a982d2
[Firefox:50 hits: 08-15 to 11-14] none[none] none:none
none|none none none

16:20:00 WinXP 122.124.133.153 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:44 hits: 08-15 to 11-14] none[none] none:none
none|none none none

16:22:00 Win2K-f 4.153.20.60 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:25:00 Win2K-f 122.125.80.4 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

16:30:00 WinXP 210.166.20.127 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox:14 hits: 10-26 to 11-15] none[none] none:none
none|none none none

T:16:38:00 WinXP 4.224.75.25 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ELIZABETHTOWN, KENTUCKY, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:56 hits: 10-10 to 11-15] none[none] none:none
none|none none none

16:42:00 Win2K-f 211.236.144.126 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 c8e3f53f50
[Firefox: 3 hits: 10-27 to 11-06] none[none] none:none
none|none none none

T:16:48:00 WinXP 98.141.161.69 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:55:00 WinXP 75.53.40.235 (SBCGLOBAL.NET):
PPPOX POOL - BRAS25 RCSNTX,
US. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
US:spi.domainsponsor.com
US:208.73.210.121:80
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:394 hits: 04-01 to 11-15] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:17:04:00 Win2K-f 58.237.174.29 (-):
THRUNET-INFRA-DAEGU11,
SEOUL, KYONGGI-DO, KR. n/a EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:199.93.44.124:80
EU:79.132.211.24:65520
US:8.12.222.126:80 135 pcap raw alerts
ruleset other
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
34 of 36 168aab35a3
[Firefox:190 hits: 06-17 to 11-13]
58828b2adc
[Firefox: 3 hits: 09-20 to 11-13] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

17:06:00 WinXP 116.121.43.226 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 36 115404b48a
[Firefox: 2 hits: 11-06 to 11-14] none[none] none:none
none|none none none

T:17:06:00 WinXP 72.174.154.62 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 96d089e522
[Firefox:84 hits: 10-08 to 11-15] none[none] none:none
none|none none none

17:12:00 WinXP 72.2.242.171 (SPEAKEASY.NET):
US. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d4eed7b000
[Firefox: 8 hits: 11-03 to 11-13] none[none] none:none
none|none none none

17:26:00 Win2K-f 4.236.141.172 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80 135 pcap raw alerts
ruleset http
113 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:26:00 Win2K-f 122.121.11.57 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 13b148296b
[Firefox:31 hits: 09-26 to 11-14] none[none] none:none
none|none none none

T:17:30:00 WinXP 98.105.22.111 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:115 hits: 04-07 to 11-14] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

17:33:00 WinXP 122.43.68.74 (-):
POWERCOMM,
KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 ba68f8eaea
NEW none[none] none:none
none|none none none

T:17:35:00 WinXP 62.169.78.210 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
[Firefox:56 hits: 10-10 to 11-15] none[none] none:none
none|none none none

17:38:00 WinXP 210.192.222.68 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 32 of 36 99797e2b75
[Firefox:19 hits: 09-26 to 11-09] none[none] none:none
none|none none none

17:43:00 Win2K-f 211.209.205.121 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:27 hits: 10-20 to 11-14] none[none] none:none
none|none none none

17:45:00 Win2K-f 65.183.137.165 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
CLOQUET, MINNESOTA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.37.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 36 9e9244a382
NEW
d518b500dd
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:46:00 WinXP 79.119.0.28 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:44 hits: 08-15 to 11-14] none[none] none:none
none|none none none

17:55:00 WinXP 89.137.206.237 (-):
ASTRAL ROMAN DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 35 885d9d9090
[Firefox: 5 hits: 10-26 to 11-14] none[none] none:none
none|none none none

T:17:58:00 WinXP 79.119.0.28 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 31 of 34 aa268ff3a9
[Firefox:44 hits: 08-15 to 11-14] none[none] none:none
none|none none none

T:18:06:00 WinXP 99.130.186.44 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:129 hits: 07-13 to 11-14] none[none] none:none
none|none none none

18:08:00 Win2K-f 208.118.80.151 (BIGPIPEINC.COM):
BIG PIPE INC,
CALGARY, ALBERTA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:192.221.99.124:80
US:199.93.53.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:10:00 WinXP 203.238.49.91 (-):
ENTERPRISENET-MAN-PUSANCATV,
PUSAN, PUSAN-GWANGYOKSI, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 3a322fdf34
[Firefox:19 hits: 09-26 to 11-07] none[none] none:none
none|none none none

T:18:12:00 Win2K-f 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:17:00 WinXP 170.51.229.83 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 35 19430a0ad4
NEW none[none] none:none
none|none none none

T:18:19:00 Win2K-f 61.228.47.5 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f9fbdd5ce8
[Firefox:13 hits: 10-22 to 11-14] none[none] none:none
none|none none none

T:18:21:00 WinXP 114.58.84.32 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1113 hits: 12-31 to 11-15] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

18:24:00 Win2K-f 125.230.86.152 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 21 of 36 d73bdf4a0e
[Firefox:30 hits: 10-27 to 11-14] none[none] none:none
none|none none none

T:18:26:00 WinXP 24.65.134.215 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
225 lines Yeah : 1.3
profile none summary
tarball 33 of 36
32 of 36 c295ae7d97
[Firefox: 4 hits: 09-21 to 09-29]
dd1fe232e8
[Firefox: 4 hits: 09-21 to 09-29] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:42:00 Win2K-f 99.130.186.44 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:129 hits: 07-13 to 11-14] none[none] none:none
none|none none none

T:18:49:00 WinXP 98.135.92.103 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 771f87c713
[Firefox: 5 hits: 11-02 to 11-12] none[none] none:none
none|none none none

18:50:00 Win2K-f 123.111.141.74 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:206.33.45.125:80
US:4.23.60.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0c3d1ec2df
[Firefox:13 hits: 08-11 to 11-09]
8de905030e
[Firefox:13 hits: 08-11 to 11-09] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:00:00 Win2K-f 93.123.125.23 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 67.43.236.98:5190 :xx.nadnadzz.info
CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
CA:ns.enterhere.biz 139 pcap raw alerts
ruleset ftp
irc
http
24 lines Yeah : 1.3
profile none summary
tarball 21 of 36
29 of 36
15 of 36 41b9df60db
[Firefox: 8 hits: 11-03 to 11-14]
875a3741ef
NEW
cada8d5adf
[Firefox: 7 hits: 11-03 to 11-12] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

19:09:00 WinXP 70.68.27.133 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b9876f20f8
NEW none[none] none:none
none|none none none

T:19:09:00 WinXP 70.68.27.133 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b9876f20f8
NEW none[none] none:none
none|none none none

19:28:00 Win2K-f 122.146.224.107 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:207.123.46.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
262 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 dd98c3c108
[Firefox:13 hits: 06-24 to 11-09]
e98746deb1
[Firefox:12 hits: 06-24 to 11-09] dd98c3c108 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

19:30:00 WinXP 208.105.170.203 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 49858f7103
NEW none[none] none:none
none|none none none

T:19:32:00 Win2K-f 61.192.32.66 (ZAQ.NE.JP):
J-COM KANSAI CO. LTD,
TOKYO, TOKYO, JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 36 13b148296b
[Firefox:31 hits: 09-26 to 11-14] none[none] none:none
none|none none none

T:19:33:00 WinXP 70.44.146.143 (PTD.NET):
PENTELEDATA INC. - CABLE,
PALMERTON, PENNSYLVANIA, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 b3a9397884
NEW none[none] none:none
none|none none none

19:39:00 WinXP 63.18.105.198 (UU.NET):
UUNET TECHNOLOGIES INC,
AULT, COLORADO, US. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:19:40:00 WinXP 118.167.20.157 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

19:40:00 Win2K-f 140.239.41.22 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 73ce2b74da
[Firefox:35 hits: 06-18 to 11-14]
79c01ec060
[Firefox:79 hits: 06-18 to 11-14] 73ce2b74da [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

19:41:00 Win2K-f 94.181.98.80 (-):
. n/a :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:19:42:00 Win2K-f 77.22.146.215 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

19:42:00 WinXP 208.105.172.35 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:47:00 WinXP 24.87.139.128 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:204.160.126.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 33 of 36
31 of 35 4bd8e539ab
NEW
fb97e82c81
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:52:00 Win2K-f 190.174.11.148 (-):
. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:04:00 WinXP 118.167.20.157 (-):
. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:12:00 Win2K-f 122.122.219.85 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 27 of 36 3fd97e6955
NEW none[none] none:none
none|none none none

20:15:00 Win2K-f 218.166.75.204 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:26:00 WinXP 77.22.146.215 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:720 hits: 04-02 to 11-01] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:38:00 WinXP 203.94.239.222 (-):
MAHANAGAR TELEPHONE NIGAM LTD. ISP DIVISION NEW DELHI,
MUMBAI, MAHARASHTRA, IN. n/a 135 pcap raw alerts
ruleset other
37 lines Yeah : 1.3
profile none summary
tarball 2 of 36 8e98b95967
NEW none[none] none:none
none|none none none

20:40:00 Win2K-f 89.137.162.151 (-):
ASTRAL ROMAN DOCSIS NETWORK,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 36 f4296e2474
[Firefox: 3 hits: 11-06 to 11-10] none[none] none:none
none|none none none

20:52:00 Win2K-f 113.32.2.8 (-):
. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 33 of 36 413c9ac28b
[Firefox:18 hits: 09-26 to 11-10] none[none] none:none
none|none none none

20:56:00 Win2K-f 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:56:00 WinXP 66.53.223.105 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1113 hits: 12-31 to 11-15] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

21:08:00 WinXP 61.220.116.19 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a EU:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.37.125:80
US:4.23.60.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
255 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 cfcb83b235
[Firefox: 3 hits: 10-27 to 11-10]
d73359368b
[Firefox: 3 hits: 10-27 to 11-10] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:12:00 Win2K-f 118.166.217.52 (-):
. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:15:00 WinXP 220.215.221.164 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:547 hits: 04-15 to 11-15] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:34:00 WinXP 24.144.34.28 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox:24 hits: 10-11 to 11-10] none[none] none:none
none|none none none

T:21:37:00 WinXP 24.144.34.28 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox:24 hits: 10-11 to 11-10] none[none] none:none
none|none none none

T:21:37:00 WinXP 4.224.24.8 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CINCINNATI, OHIO, US. (DIAL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 1e3cef226f
[Firefox:13 hits: 11-04 to 11-14] none[none] none:none
none|none none none

T:21:43:00 WinXP 98.135.155.54 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 b872c76081
[Firefox:86 hits: 09-13 to 11-15] none[none] none:none
none|none none none

21:55:00 Win2K-f 61.216.244.189 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

T:21:56:00 WinXP 211.187.189.137 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a EU:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.99.126:80
US:204.160.104.126:80
EU:79.132.211.24:65520 135 pcap raw alerts
ruleset other
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 776985f561
[Firefox:23 hits: 06-24 to 11-01]
8ec6129efe
[Firefox:27 hits: 06-24 to 11-15] 776985f561 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

21:57:00 WinXP 68.184.110.59 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:57:00 WinXP 68.184.110.59 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 2bfe47019a
NEW none[none] none:none
none|none none none

T:22:09:00 Win2K-f 203.88.184.93 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:11:00 Win2K-f 84.112.61.53 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 30 of 36 9d31d168bd
[Firefox:27 hits: 10-20 to 11-14] none[none] none:none
none|none none none

T:22:11:00 WinXP 68.146.8.46 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 33 of 36 2009aa9f53
[Firefox: 2 hits: 11-01 to 11-13] none[none] none:none
none|none none none

T:22:21:00 Win2K-f 99.224.122.19 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
73f1082158
[Firefox:1982 hits: 06-18 to 11-15]
b5919931fe
[Firefox:1139 hits: 06-20 to 11-15] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:30:00 WinXP 121.73.144.108 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 10c3e12a46
[Firefox:20 hits: 11-01 to 11-14] none[none] none:none
none|none none none

22:34:00 Win2K-f 4.243.1.134 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
EUGENE, OREGON, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
b7082104e4
[Firefox:269 hits: 06-18 to 11-15] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:22:41:00 Win2K-f 84.112.66.30 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 35 ac25ac39b4
[Firefox:17 hits: 10-21 to 11-13] none[none] none:none
none|none none none

22:44:00 WinXP 125.101.83.144 (UCOM.NE.JP):
G-KG0008N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

23:02:00 Win2K-f 203.75.203.221 (ARTSUN.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
1012 lines Yeah : 1.3
profile none summary
tarball 21 of 36 2903878cc1
NEW none[none] none:none
none|none none none

23:08:00 WinXP 85.67.42.169 (-):
FIBERNET,
HU. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ce2e70986d
NEW none[none] none:none
none|none none none

23:25:00 WinXP 122.125.80.4 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 34 e362f1c062
[Firefox:48 hits: 08-15 to 11-14] none[none] none:none
none|none none none

23:28:00 WinXP 219.174.36.53 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.53.125:80
US:204.160.104.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:3995 hits: 06-17 to 11-15]
a08f3b74a4
[Firefox:1431 hits: 06-18 to 11-15] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:32:00 Win2K-f 64.181.82.220 (WVFIBERNET.NET):
FIBERNET OF WV,
SPENCER, WEST VIRGINIA, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:38:00 WinXP 87.121.169.4 (NETERRA.NET):
NETERRAIP,
BG. n/a EU:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
EU:79.132.211.24:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 805afbac09
[Firefox: 9 hits: 10-31 to 11-14] none[none] none:none
none|none none none

T:23:40:00 WinXP 122.36.56.134 (-):
POWERCOMM,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a3874f570b
NEW none[none] none:none
none|none none none

23:51:00 WinXP 89.41.89.131 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. 194.54.90.246:80 EU:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:79.132.211.24:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
[Firefox:14 hits: 10-26 to 11-15] none[none] none:none
none|none none none