Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

08 June 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:09:00 WinXP 124.43.36.134 (-):
INTERNET SERVICE PROVIDER IN SRI LANKA,
LK. 		n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:264 hits: 05-05 to 06-06] 		none[4] none:none
 none|none none trace
T:00:10:00 WinXP 64.201.95.223 (80-LHTOT.COM):
LAUREL HIGHLAND TELEPHONE COMPANY,
STAHLSTOWN, PENNSYLVANIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
105 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:00:10:00 Win2K-f 122.118.162.161 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		209.250.232.240:7000 US:hail.dns2go.com
FR:members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
01:06:00 Win2K-f 82.77.219.157 (RDSNET.RO):
TEREZVAROS CABLE TELEVISION LTD,
BUDAPEST, BUDAPEST, HU. 		n/a CN:hail2.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 0.8
profile 		none summary
tarball 		15 of 32 2a80d0e111
NEW 		none[4] none:none
 none|none none trace
01:32:00 Win2K-f 62.47.165.22 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
01:52:00 WinXP 92.40.207.112 (IKBCC.COM):
EU-ZZ,
UK. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 1f7d55f6f0
NEW 		none[4] none:none
 PolyEnE| none trace
02:09:00 Win2K-f 194.102.105.243 (CONINSALT.RO):
CONINSALT SRL,
BUCHAREST, BUCURESTI, RO. 		209.250.232.240:7000 US:scorti1.dns2go.com
FR:members.lycos.co.uk
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
irc
http
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 890fb4fa10
[Firefox:48 hits: 12-27 to 06-07] 		b9c7f08a57 [0] ASM:Graph
 ASProtect| lines=393
embedded dns 		trace
02:42:00 Win2K-f 92.113.128.73 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
FR:members.lycos.co.uk
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
irc
http
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:02:00 Win2K-f 91.144.78.131 (MEGATHERM.HU):
ANTENNA TAVKOZLESI,
BUDAPEST, BUDAPEST, HU. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		18 of 32 b4ad631671
[Firefox:15 hits: 04-29 to 06-07] 		5890f017cc [0] ASM:Graph
 StarForce| lines=28 trace
03:13:00 WinXP 86.141.191.22 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:405 hits: 12-31 to 06-07] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:03:45:00 Win2K-f 41.214.151.24 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:38:00 Win2K-f 213.16.241.89 (FORTHNET.GR):
FORTHNET-NOC-THE,
THESSALONIKI, THESSALONIKI, GR. (DIAL) 		n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
04:52:00 WinXP 91.150.78.189 (ITSISP.NET):
ITSYSTEM NIS,
CS. 		n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:05:06:00 WinXP 220.105.126.75 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:624 hits: 07-11 to 06-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
05:44:00 Win2K-f 92.112.120.176 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a CN:hail2.dns2go.com 445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 5ee4121e1e
[Firefox:65 hits: 05-29 to 06-07] 		51c1525417 [0] none:none
 Obsidium| none trace
05:52:00 Win2K-f 194.88.239.45 (NETACCESS.RO):
SC NETACCESS SRL,
RO. 		209.250.232.240:7000 US:hail.dns2go.com
FR:members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32 ed458d58bb
NEW 		none[4] none:none
 none|none none trace
06:28:00 Win2K-f 83.188.176.125 (SWIP.NET):
SWIPNET,
SE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 32 136a7a90d2
NEW 		none[4] none:none
 none|none none trace
T:06:32:00 Win2K-f 88.122.133.202 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE BROADBAND POOLS,
FR. (DIAL) 		n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:99 hits: 12-27 to 05-23] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
06:57:00 WinXP 212.66.64.99 (CUST.TELE2.LU):
TELE2 LUXEMBOURG S.A,
LUXEMBOURG, LUXEMBOURG, LU. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:02:00 Win2K-f 79.202.203.245 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:10:00 Win2K-f 91.58.197.199 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		209.250.232.240:7000 US:hail.dns2go.com
US:scorti1.dns2go.com
FR:members.lycos.co.uk
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
irc
http
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:57 hits: 04-29 to 05-23] 		none[4] none:none
 none|none none trace
T:07:23:00 WinXP 193.249.181.105 (ABO.WANADOO.FR):
WANADOO FRANCE,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Argh : 0.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox: 8 hits: 12-14 to 05-19] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
07:27:00 WinXP 118.8.98.210 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:624 hits: 07-11 to 06-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
07:34:00 WinXP 75.84.222.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANAHEIM, CALIFORNIA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
US:208.73.212.12:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1038 hits: 05-01 to 06-07] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
07:40:00 WinXP 92.112.164.105 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		209.250.232.240:7000 US:scorti1.dns2go.com
FR:members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 31 c1f12e0109
[Firefox:21 hits: 04-28 to 05-17] 		none[4] none:none
 none|none none trace
07:47:00 WinXP 61.229.140.178 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:99 hits: 12-27 to 05-23] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
07:54:00 Win2K-f 85.139.168.100 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:49:00 WinXP 83.132.149.109 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
COIMBRA, COIMBRA, PT. 		n/a US:hail.dns2go.com
US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1504 hits: 04-27 to 06-07] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
08:53:00 Win2K-f 122.120.220.175 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:scorti1.dns2go.com
US:209.250.232.240:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 32 dc8e1c63cd
[Firefox:99 hits: 12-27 to 05-23] 		e0eb8646ee [0] ASM:Graph
 none|none lines=601
embedded dns 		trace
T:09:07:00 Win2K-f 88.182.17.10 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 32 ce5bde2794
NEW 		none[4] none:none
 none|none none trace
09:12:00 WinXP 88.134.94.112 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		65.12.238.82:7000 CN:hail2.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32 dced05ccb1
NEW 		none[4] none:none
 none|none none trace
09:28:00 Win2K-f 93.108.113.169 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 7eb0b30e29
NEW 		none[4] none:none
 none|none none trace
09:31:00 Win2K-f 190.51.172.42 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 893403af1c
NEW 		none[4] none:none
 none|none none trace
T:10:29:00 Win2K-f 83.172.69.26 (LIDNET.NET):
ENKOPING CITYNET,
ENKöPING, UPPSALA, SE. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 7eb0b30e29
NEW 		none[4] none:none
 none|none none trace
10:32:00 WinXP 4.88.162.83 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:290 hits: 05-03 to 05-22] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
10:39:00 WinXP 92.96.91.232 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:01:00 WinXP 122.120.220.175, 209.250.232.240 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 		209.250.232.240:7000 US:scorti1.dns2go.com
FR:members.lycos.co.uk
CN:hail2.dns2go.com
US:209.250.232.240:7000
US:65.12.238.82:7000 		445 pcap raw alerts
ruleset 		ftp
irc
http
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		22 of 32
13 of 32		 dc8e1c63cd
[Firefox:99 hits: 12-27 to 05-23]
e6ae8c600b
NEW 		e0eb8646ee [0]
none [4] 		ASM:Graph
none:none
 none|none
none|none 		lines=601
embedded dns
none 		trace
trace
12:11:00 Win2K-f 118.100.84.237 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:17:00 WinXP 212.171.214.91 (POOL212171.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A,
ROME, LAZIO, IT. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
13:17:00 WinXP 78.96.171.204 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		65.12.238.82:7000 CN:hail2.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 7eb0b30e29
NEW 		none[4] none:none
 none|none none trace
13:22:00 WinXP 59.105.10.118 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
13:27:00 WinXP 83.172.69.26 (LIDNET.NET):
ENKOPING CITYNET,
ENKöPING, UPPSALA, SE. 		n/a   445 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
14:03:00 WinXP 80.6.2.124 (NTL.COM):
LEEDS,
DERBY, ENGLAND, UK. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 31 09b3eade33
[Firefox: 2 hits: 05-11 to 05-11] 		none[4] none:none
 PolyEnE| none trace
14:12:00 WinXP 4.242.192.188 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HILLSBORO, OREGON, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:285 hits: 05-01 to 06-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:14:49:00 WinXP 88.160.228.97 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:37:00 WinXP 69.19.181.182 (O1.COM):
O1 DIALUP SERVICES,
SACRAMENTO, CALIFORNIA, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:48:00 WinXP 218.41.90.48 (SO-NET.NE.JP):
SO-NET SERVICE,
FUKUOKA, FUKUOKA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:624 hits: 07-11 to 06-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
17:31:00 WinXP 66.182.204.218 (1SCOM.NET):
MILLENNIUM TELCOM LLC,
KELLER, TEXAS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:405 hits: 12-31 to 06-07] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
18:03:00 WinXP 69.183.219.0 (SNET.NET):
BRAS11B.MRDNCT,
NORWALK, CONNECTICUT, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:624 hits: 07-11 to 06-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
19:07:00 WinXP 99.129.103.254 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:405 hits: 12-31 to 06-07] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
19:15:00 WinXP 75.44.33.237 (SBCGLOBAL.NET):
RBACK6A.MILWWI.20060913,
MILWAUKEE, WISCONSIN, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1038 hits: 05-01 to 06-07] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
19:59:00 WinXP 97.94.107.240 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:11:00 WinXP 216.198.166.211 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:13:00 WinXP 74.78.243.171 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LATHAM, NEW YORK, US. 		n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1038 hits: 05-01 to 06-07] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
20:39:00 WinXP 74.78.243.171 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LATHAM, NEW YORK, US. 		n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1038 hits: 05-01 to 06-07] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
20:48:00 WinXP 67.1.38.136 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
ALBANY, OREGON, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:48:00 WinXP 67.1.38.136 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
ALBANY, OREGON, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
21:31:00 WinXP 200.165.181.138 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3031 hits: 12-31 to 06-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
21:51:00 WinXP 124.108.236.104 (ENJOY.NE.JP):
DEODEO CORPORATION,
HIROSHIMA, HIROSHIMA, JP. (DSL) 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 07177edf82
[Firefox: 3 hits: 05-17 to 05-30] 		ca4413b3c2 [0] ASM:Graph
 PolyEnE| lines=153 trace
22:34:00 WinXP 125.0.236.122 (INFOWEB.NE.JP):
FUJITSU LIMITED,
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:624 hits: 07-11 to 06-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace