Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

25 June 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:15:00 WinXP 222.15.161.102 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:00:18:00 Win2K-f 217.229.112.143 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 30 76b4ab852e
[Firefox:58 hits: 04-29 to 06-08] 		none[4] none:none
 none|none none trace
00:23:00 WinXP 77.253.253.77 (COM.PL):
NETIA,
PL. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 31 4ab5b0788c
[Firefox:12 hits: 04-21 to 06-21] 		272da55ef8 [0] ASM:Graph
 PolyEnE| lines=114 trace
00:26:00 Win2K-f 71.2.176.27 (EMBARQHSD.NET):
EMBARQ CORPORATION,
CHANDLER, TEXAS, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:32:00 WinXP 87.205.192.157 (INETIA.PL):
INTERNETIA,
PL. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 ef641cacaa
NEW 		none[none] none:none
 none|none none none
00:41:00 WinXP 121.15.111.10 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:87 hits: 05-03 to 06-19] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
T:00:49:00 WinXP 85.26.62.59 (217-117-34-10.TELEDISNET.BE):
TELEDISNET ISP,
BE. 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:00:51:00 WinXP 123.214.204.138 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.99.124:80
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33
32 of 33		 740e3bffe0
NEW
76dc1c23e1
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
00:56:00 Win2K-f 216.27.114.73 (PRIMELINK1.NET):
PRIMELINK INC,
PLATTSBURGH, NEW YORK, US. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		other
116 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 dc20b6fe59
NEW
f97070ef2b
NEW 		dc20b6fe59 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=81
none 		trace
trace
00:56:00 WinXP 122.118.10.65 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
00:59:00 Win2K-f 92.113.35.140 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
01:01:00 WinXP 218.168.173.221 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
01:01:00 Win2K-f 89.146.164.67 (NET.BA):
BRAS PPPOE POOL UPGRADE,
SARAJEVO, FEDERATION OF BOSNIA AND HERZEGOVINA, BA. 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 32 e5d062be59
[Firefox:10 hits: 12-28 to 06-10] 		none[4] none:none
 ASPack| none trace
T:01:03:00 Win2K-f 87.196.99.151 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
LISBON, LISBOA, PT. (DSL) 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 78206cf024
NEW 		none[none] none:none
 none|none none none
T:01:04:00 WinXP 85.186.76.138 (-):
ASTRAL ZALAU DOCSIS,
RO. (100Mbps) 		n/a CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:92 hits: 12-27 to 06-17] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
01:14:00 WinXP 123.213.15.53 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 		135 pcap raw alerts
ruleset 		other
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 ae0d40ac58
NEW
fc0aa80688
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:25:00 WinXP 4.226.75.224 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
01:26:00 WinXP 217.156.118.105 (TOPNET.RO):
ELCOMINTERNATIONAL SA,
RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 4f887ca272
[Firefox:38 hits: 01-26 to 06-17] 		4f887ca272 [1] ASM:Graph
 Stranik| lines=6 trace
01:37:00 Win2K-f 218.86.236.21 (AGENT1.GZ.CN):
CHINANET GUIZHOU PROVINCE NETWORK,
GUIZHOU, GUIZHOU, CN. 		n/a   135 pcap raw alerts
ruleset 		other
179 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 4f8d6c0a4d
NEW 		none[4] none:none
 none|none none trace
01:40:00 WinXP 60.53.22.168 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
MALACCA, MELAKA, MY. (DIAL) 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
01:42:00 WinXP 85.152.148.137 (CM-85-152-150-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 d3c8b52b45
NEW 		none[4] none:none
 PolyEnE| none trace
T:01:43:00 WinXP 85.152.148.137 (CM-85-152-150-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 d3c8b52b45
NEW 		none[4] none:none
 PolyEnE| none trace
02:10:00 Win2K-f 89.166.185.165 (OSNANET.DE):
OSNATEL-SUBNET FOR ADSL DIAL-UP,
FARSUND, VEST-AGDER, NO. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
02:18:00 WinXP 77.64.172.254 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:303 hits: 05-01 to 06-24] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
02:27:00 Win2K-f 88.19.188.96 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:57 hits: 01-26 to 06-11] 		none[4] none:none
 none|none none trace
T:02:30:00 Win2K-f 216.198.175.193 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32		 3cd7958258
[Firefox: 3 hits: 06-17 to 06-22]
41efedf70f
[Firefox: 2 hits: 06-19 to 06-22] 		none[4]
41efedf70f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
02:54:00 Win2K-f 92.47.82.226 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:34 hits: 04-28 to 06-17] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
T:03:00:00 WinXP 122.54.91.70 (PLDT.NET):
IPG,
PH. 		67.43.236.98:10324 :proxim.ircgalaxy.pl
CA:xx.nadnadzz.info
CA:nadsam0.info
US:130.107.247.21:38212
CA:72.10.167.74:80 		135 pcap raw alerts
ruleset 		irc
http
388 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
0 of 33		 46b789efb3
NEW
c3ba19649a
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:03:08:00 Win2K-f 118.161.6.181 (-):
. 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:03:23:00 WinXP 117.99.16.230 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1352 hits: 12-31 to 06-24] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
03:26:00 WinXP 211.186.128.160 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.46.126:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox: 2 hits: 06-20 to 06-22]
9276c8b36b
[Firefox: 2 hits: 06-20 to 06-22] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:38:00 Win2K-f 24.67.11.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 9755a5d861
[Firefox: 2 hits: 06-21 to 06-22]
ccdf14c934
NEW 		9755a5d861 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
T:03:41:00 Win2K-f 85.217.33.253 (KOTINET.COM):
POHJANMAAN PPO OY,
YLIVIESKA, OULUN LAANI, FI. (DSL) 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
03:42:00 WinXP 79.42.205.116 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 3f5ec58a6b
[Firefox:29 hits: 04-24 to 06-17] 		4a77430a59 [0] ASM:Graph
 PolyEnE| lines=70 trace
T:03:48:00 Win2K-f 92.113.211.3 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
03:57:00 Win2K-f 122.110.71.117 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 f8b6ff6315
NEW 		none[none] none:none
 none|none none none
04:12:00 WinXP 81.84.203.22 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 f2668b51f1
[Firefox:10 hits: 08-10 to 06-24] 		none[4] none:none
 PolyEnE| none trace
04:12:00 WinXP 85.177.55.35 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) 		n/a :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 46f015a232
NEW 		none[none] none:none
 none|none none none
04:19:00 WinXP 89.214.157.19 (-):
GPRS COSTUMERS,
PT. 		n/a :proxim.ircgalaxy.pl
US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 8aa1b8c599
NEW 		none[none] none:none
 none|none none none
T:04:44:00 Win2K-f 4.225.169.135 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITNEY, TEXAS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24]
b5919931fe
[Firefox:26 hits: 06-20 to 06-24] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:04:45:00 Win2K-f 91.150.78.80 (ITSISP.NET):
ITSYSTEM NIS,
CS. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
04:47:00 WinXP 194.102.157.145 (-):
SC TEHNO SRL,
RO. (100Mbps) 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 32 e5d062be59
[Firefox:10 hits: 12-28 to 06-10] 		none[4] none:none
 ASPack| none trace
T:04:50:00 Win2K-f 62.214.206.45 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
HEILBRONN, BADEN-WURTTEMBERG, DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 31 b9a28a4b68
[Firefox: 4 hits: 04-28 to 06-11] 		none[4] none:none
 TXT2COM| none trace
T:04:54:00 WinXP 24.93.109.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24]
e07c29c4ae
[Firefox:28 hits: 06-19 to 06-24] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
04:57:00 Win2K-f 88.173.163.215 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 4bc48a5135
NEW 		none[none] none:none
 none|none none none
05:14:00 WinXP 61.209.27.45 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 882688882f
NEW 		none[none] none:none
 none|none none none
05:27:00 Win2K-f 118.87.20.102 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 e4adeadeca
NEW
e6a2c2e247
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:05:32:00 Win2K-f 70.72.210.112 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
390 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 cc8420f883
NEW 		none[none] none:none
 none|none none none
06:07:00 WinXP 122.53.161.12 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:199.93.41.124:80
US:199.93.44.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox: 6 hits: 06-18 to 06-21]
76ee340669
[Firefox: 6 hits: 06-18 to 06-21] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
06:13:00 WinXP 72.67.206.76 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:207.123.46.125:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:22:00 WinXP 85.152.148.135 (CM-85-152-150-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 d3c8b52b45
NEW 		none[4] none:none
 PolyEnE| none trace
06:33:00 WinXP 219.97.168.233 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
06:49:00 Win2K-f 122.47.19.50 (-):
POWERCOMM,
KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.46.125:80 		135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33		 6eddc8716c
NEW
aa6a25b2d8
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:06:58:00 WinXP 88.237.197.217 (-):
TT ADSL-ALCATEL DYNAMIC_GAY,
TR. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:18:00 Win2K-f 92.40.213.104 (IKBCC.COM):
EU-ZZ,
UK. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
07:23:00 Win2K-f 194.102.105.243 (CONINSALT.RO):
CONINSALT SRL,
BUCHAREST, BUCURESTI, RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:28:00 WinXP 24.39.18.204 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PORTLAND, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24]
e07c29c4ae
[Firefox:28 hits: 06-19 to 06-24] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
07:51:00 WinXP 122.55.196.101 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:192.221.110.126:80
US:199.93.41.126:80
US:199.93.46.125:80 		135 pcap raw alerts
ruleset 		other
126 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox: 6 hits: 06-18 to 06-21]
76ee340669
[Firefox: 6 hits: 06-18 to 06-21] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
T:07:53:00 Win2K-f 61.231.235.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:59:00 WinXP 98.15.202.90 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:04:00 WinXP 220.215.239.207 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:08:16:00 Win2K-f 212.96.207.55 (ISURGUT.RU):
OPEN JOINT-STOCK COMPANY URALSVIAZINFORM BRANCH OF THE KHANTYMANSIYSK REGION,
SURGUT, KHANTY-MANSIYSKIY AVTONOMNYY OKRUG, RU. 		n/a CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		22 of 31 9b0c5ed538
[Firefox: 6 hits: 05-02 to 05-22] 		none[4] none:none
 none|none none trace
08:23:00 Win2K-f 122.2.202.216 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:207.123.37.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
316 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 2c85520f75
NEW
c61d687649
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
08:29:00 WinXP 195.249.164.30 (RAS.TELE.DK):
TELEDANMARK-DIAL-UP-USERS,
COPENHAGEN, COPENHAGEN, DK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 ca47a36342
[Firefox:23 hits: 05-04 to 05-29] 		c3a58f69c6 [0] ASM:Graph
 PolyEnE| lines=89
embedded dns 		trace
08:41:00 WinXP 64.85.216.201 (SOCKET.NET):
SOCKET INTERNET SERVICES CORPORATION,
JEFFERSON CITY, MISSOURI, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:720 hits: 05-01 to 06-24] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:08:45:00 Win2K-f 92.47.81.99 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		10 of 32 639a247ece
[Firefox:34 hits: 04-28 to 06-17] 		29d53eec72 [0] ASM:Graph
 StarForce| lines=132 trace
08:49:00 Win2K-f 4.224.72.231 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FT. WAYNE, INDIANA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
08:55:00 WinXP 190.54.169.111 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		11 of 32 e5d062be59
[Firefox:10 hits: 12-28 to 06-10] 		none[4] none:none
 ASPack| none trace
T:08:56:00 WinXP 125.58.98.162 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:56:00 Win2K-f 88.25.58.51 (RIMA-TDE.NET):
TELEFONICA DE ESPANA (NCC#2006112951),
GIRONA, CATALUñA, ES. 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:57 hits: 01-26 to 06-11] 		none[4] none:none
 none|none none trace
T:09:02:00 WinXP 118.161.7.218 (-):
. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:09:11:00 WinXP 65.173.136.42 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:09:16:00 WinXP 207.5.207.93 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:25:00 Win2K-f 24.83.110.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
663 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 e3c59b50f3
NEW 		none[none] none:none
 none|none none none
09:47:00 WinXP 86.143.119.94 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 cce9566ceb
[Firefox: 9 hits: 06-12 to 06-21] 		none[4] none:none
 PolyEnE| none trace
09:53:00 Win2K-f 204.116.33.215 (INFOAVE.NET):
INFO AVENUE INTERNET SERVICES LLC,
MYRTLE BEACH, SOUTH CAROLINA, US. 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
492 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 433aee3773
NEW 		none[none] none:none
 none|none none none
T:09:53:00 Win2K-f 75.16.252.47 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:13:00 WinXP 92.113.78.243 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		208.101.48.210:7000 CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 fd0bf48a75
[Firefox:14 hits: 04-28 to 06-24] 		none[3] none:none
 ASProtect| none trace
10:14:00 WinXP 65.255.191.174 (SPEAKEASY.NET):
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
10:21:00 WinXP 24.93.109.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:28:00 Win2K-f 151.68.199.179 (38-151.NET24.IT):
IUNET-BNET,
IT. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:33:00 WinXP 69.232.159.99 (PACBELL.NET):
PPPOX POOL - RBACK8.IRVNCA 092004-0956,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:720 hits: 05-01 to 06-24] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
10:35:00 WinXP 83.132.239.2 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:35:00 Win2K-f 84.169.75.76 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
MAINZ, RHEINLAND-PFALZ, DE. (DIAL) 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 25bfadc04c
NEW 		none[none] none:none
 none|none none none
T:10:37:00 Win2K-f 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.79.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:45:00 WinXP 82.241.177.217 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
10:55:00 WinXP 79.138.186.146 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 a8aa255ece
[Firefox: 3 hits: 05-29 to 06-12] 		none[4] none:none
 PolyEnE| none trace
T:10:57:00 WinXP 79.138.186.146 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 a8aa255ece
[Firefox: 3 hits: 05-29 to 06-12] 		none[4] none:none
 PolyEnE| none trace
T:10:59:00 Win2K-f 71.113.129.17 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BLOOMINGTON, ILLINOIS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24]
b5919931fe
[Firefox:26 hits: 06-20 to 06-24] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:10:00 WinXP 217.164.83.199 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:11:00 WinXP 98.26.219.109 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:14:00 Win2K-f 61.231.6.212 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
11:29:00 Win2K-f 91.65.93.52 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 97e0895e22
NEW 		none[4] none:none
 none|none none trace
11:31:00 WinXP 96.14.180.70 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
11:39:00 WinXP 80.225.161.204 (TISCALI.COM):
TELINCO-DIALPOOL,
LEEDS, ENGLAND, UK. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:43:00 WinXP 72.191.139.225 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:115 hits: 05-03 to 06-09] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:08:00 WinXP 78.156.196.228 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:303 hits: 05-01 to 06-24] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:12:08:00 Win2K-f 83.190.110.119 (CUST.TELE2.IT):
TELE2 ITALY S.A,
IT. (DSL) 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:12:13:00 WinXP 211.127.186.204 (YONAGEYA.COM):
ICOMMJAPAN CO. LTD,
TOKYO, TOKYO, JP. 		n/a :proxim.ircgalaxy.pl
DE:siliconfireware.ru
GB:new.egg.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 1b0d163f3a
NEW 		none[none] none:none
 none|none none none
12:23:00 WinXP 75.136.128.248 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
326 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 04064372aa
NEW 		none[none] none:none
 none|none none none
T:12:30:00 WinXP 92.18.254.145 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a :proxim.ircgalaxy.pl
US:hail.dns2go.com 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 0b7a05f783
[Firefox: 2 hits: 05-14 to 05-15] 		none[4] none:none
 none|none none trace
12:39:00 WinXP 213.130.142.73 (AS15444.NET):
NETSERVICESDIALPOOL,
LONDON, ENGLAND, UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1352 hits: 12-31 to 06-24] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:12:40:00 WinXP 213.130.142.73 (AS15444.NET):
NETSERVICESDIALPOOL,
LONDON, ENGLAND, UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1352 hits: 12-31 to 06-24] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:12:51:00 Win2K-f 24.66.38.250 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox: 4 hits: 06-18 to 06-23]
e53a9ea82e
[Firefox: 4 hits: 06-18 to 06-23] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
12:52:00 Win2K-f 75.37.41.158 (SBCGLOBAL.NET):
BRAS31.PLTNCA,
US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.46.124:80
US:205.128.79.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:54:00 WinXP 77.101.72.81 (BLUEYONDER.CO.UK):
CABLEINET,
UK. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33
0 of 33		 0a44ba387c
NEW
6f88847c49
NEW
e07c29c4ae
[Firefox:28 hits: 06-19 to 06-24] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
T:12:59:00 WinXP 61.37.147.200 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. (100Mbps) 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
30 of 33
0 of 33		 3690b64ca2
[Firefox: 3 hits: 06-18 to 06-24]
a6fb77fd26
[Firefox: 3 hits: 06-18 to 06-24]
e07c29c4ae
[Firefox:28 hits: 06-19 to 06-24] 		none[4]
a6fb77fd26[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
13:18:00 Win2K-f 66.28.88.8 (ARTISANCOMMUNICATIONS.NET):
COGENT COMMUNICATIONS,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:199.93.53.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
13:27:00 WinXP 4.233.194.62 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:437 hits: 12-31 to 06-24] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:13:29:00 WinXP 82.154.184.202 (DSL.TELEPAC.PT):
TELEPAC - COMUNICACOES INTERACTIVAS SA,
COIMBRA, COIMBRA, PT. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 ccc06cd8f4
NEW 		none[none] none:none
 none|none none none
13:31:00 WinXP 82.154.184.202 (DSL.TELEPAC.PT):
TELEPAC - COMUNICACOES INTERACTIVAS SA,
COIMBRA, COIMBRA, PT. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 ccc06cd8f4
NEW 		none[none] none:none
 none|none none none
13:33:00 WinXP 194.165.230.232 (UMEA.SE):
UMDAC UMEA UNIVERSITY,
SE. 		n/a :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 94d5c64ffc
NEW 		none[none] none:none
 none|none none none
13:49:00 Win2K-f 70.183.164.199 (COX.NET):
COX COMMUNICATIONS,
WARWICK, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:51:00 WinXP 24.241.62.254 (CHARTER.COM):
CHARTER COMMUNICATIONS,
CARROLLTON, GEORGIA, US. 		63.173.172.98:3921 US:freee.mybn.us 135 pcap raw alerts
ruleset 		irc
826 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33 ef0ba4f2d6
NEW 		none[none] none:none
 none|none none none
13:54:00 WinXP 41.214.191.247 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:19:00 WinXP 219.126.90.124 (ICNTV.NE.JP):
ICHIHARA COMMUNITY NETWORK TV CO.LTD,
ICHIHARA, CHIBA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:14:22:00 Win2K-f 63.27.126.21 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
14:29:00 Win2K-f 121.73.78.208 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 		135 pcap raw alerts
ruleset 		other
356 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 33
31 of 33		 0f55e617b4
NEW
4c764cd519
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:14:51:00 WinXP 85.152.68.20 (CM-85-152-72-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 898b7181d7
NEW 		none[none] none:none
 none|none none none
14:52:00 WinXP 58.85.249.170 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 2e45ae247e
NEW
53bfe15e91
[Firefox:172 hits: 06-17 to 06-24] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
15:01:00 WinXP 4.232.207.65 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LONG BEACH, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:05:00 Win2K-f 122.106.103.201 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. 		n/a   135 pcap raw alerts
ruleset 		other
186 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 a5308d87d0
NEW 		a5308d87d0 [1] ASM:Graph
 Armadillo| lines=81 trace
15:09:00 WinXP 85.138.82.149 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
GUARDA, GUARDA, PT. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:14:00 WinXP 4.159.77.168 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLEVELAND, OHIO, US. (DIAL) 		n/a :www.google.com.au
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:13 hits: 09-29 to 06-23] 		none[3] none:none
 tElock| none trace
T:15:14:00 Win2K-f 61.218.193.242 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 		135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
57ce4acac2
[Firefox:20 hits: 06-17 to 06-24] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:21:00 Win2K-f 190.136.121.84 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:268 hits: 05-05 to 06-17] 		none[4] none:none
 none|none none trace
15:35:00 WinXP 76.254.11.150 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:35:00 Win2K-f 75.25.47.55 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
STOW, OHIO, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:49:00 Win2K-f 79.9.94.195 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:16:09:00 WinXP 4.236.108.10 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:11:00 Win2K-f 190.188.57.80 (NET.AR):
PRIMA S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:16:38:00 WinXP 66.50.89.73 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3089 hits: 12-31 to 06-24] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:58:00 WinXP 70.74.69.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.46.125:80
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:01:00 WinXP 122.106.103.201 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.46.125:80
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		other
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 48bc07f9ed
NEW
a5308d87d0
NEW 		none[4]
a5308d87d0[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:17:14:00 WinXP 65.173.139.164 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1065 hits: 05-01 to 06-23] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:17:17:00 WinXP 172.167.16.98 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
269 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 6d86a1ff5a
NEW
7f6e032fc0
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
17:31:00 Win2K-f 190.160.42.69 (VTR.NET):
VTR BANDA ANCHA S.A,
SANTIAGO, REGION METROPOLITANA, CL. 		n/a CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:57 hits: 01-26 to 06-11] 		none[4] none:none
 none|none none trace
17:46:00 WinXP 219.126.90.124 (ICNTV.NE.JP):
ICHIHARA COMMUNITY NETWORK TV CO.LTD,
ICHIHARA, CHIBA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:48:00 Win2K-f 24.76.248.25 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
903 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 96e2caa315
NEW 		none[none] none:none
 none|none none none
T:17:49:00 WinXP 83.28.13.1 (TPNET.PL):
NEOSTRADA PLUS,
RZESZOW, PODKARPACKIE, PL. (DSL) 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 32 a2a036466a
[Firefox:268 hits: 05-05 to 06-17] 		none[4] none:none
 none|none none trace
T:17:55:00 Win2K-f 122.144.6.222 (-):
PT. MAXINDO MITRA SOLUSI,
JAKARTA, JAKARTA RAYA (DJAKARTA RAYA), ID. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
309 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33
0 of 32		 5ad4a43e27
NEW
6cfdfc624a
NEW
b5919931fe
[Firefox:26 hits: 06-20 to 06-24] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:17:57:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
57ce4acac2
[Firefox:20 hits: 06-17 to 06-24]
b5919931fe
[Firefox:26 hits: 06-20 to 06-24] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
18:28:00 Win2K-f 71.99.17.153 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ST. PETERSBURG, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:05:00 WinXP 67.67.222.166 (SWBELL.NET):
PPPOX POOL - RBACK7 AUSTTX,
AUSTIN, TEXAS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 33 0548212c69
NEW 		none[none] none:none
 none|none none none
19:06:00 WinXP 118.6.21.165 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:19:28:00 WinXP 24.87.146.209 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NEW WESTMINSTER, BRITISH COLUMBIA, CA. 		n/a   135 pcap raw alerts
ruleset 		other
277 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 7df41a77e6
[Firefox: 2 hits: 06-16 to 06-23] 		none[4] none:none
 PolyEnE| none trace
19:46:00 Win2K-f 24.222.80.36 (EASTLINK.CA):
EASTLINK,
HALIFAX, NOVA SCOTIA, CA. 		n/a   135 pcap raw alerts
ruleset 		other
1009 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33
16 of 33		 58ac85300c
NEW
9e9e0add44
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:19:58:00 WinXP 219.39.220.70 (BBTEC.NET):
SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24]
e07c29c4ae
[Firefox:28 hits: 06-19 to 06-24] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:20:05:00 Win2K-f 75.46.204.47 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
SOUTH FORK, MISSOURI, US. 		n/a   135 pcap raw alerts
ruleset 		other
484 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 29 a0a7e837cb
[Firefox:717 hits: 05-01 to 08-13] 		none[none] none:none
 none|none none none
20:09:00 WinXP 122.148.66.195 (DODO.COM.AU):
LAYER 2 BROADBAND CUSTOMER NETWORK,
AU. 		n/a US:hail.dns2go.com
CN:scorti1.dns2go.com
US:208.101.48.210:7000 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
20:10:00 WinXP 67.66.201.122 (SWBELL.NET):
AT&T INTERNET SERVICES,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.124:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:19:00 WinXP 61.215.250.120 (CATVNET.NE.JP):
CATV NETWORK SERVICES(STNET INCROPORATE),
HIMEJI, HYOGO, JP. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
24 of 33		 01ef605039
NEW
ab3b3379d1
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:49:00 Win2K-f 24.215.96.71 (EASTLINK.CA):
EASTLINK,
DARTMOUTH, NOVA SCOTIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:50:00 Win2K-f 98.150.80.57 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		ftp
shell
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 31 23c32fbd78
[Firefox: 4 hits: 05-03 to 06-23] 		none[4] none:none
 PeCompact| none trace
T:20:55:00 Win2K-f 85.28.226.39 (KAMCHATKA.RU):
FAR EAST TELECOMMUNICATIONS COMPANY,
RU. 		n/a CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 32 53123fadcc
[Firefox:57 hits: 01-26 to 06-11] 		none[4] none:none
 none|none none trace
20:59:00 WinXP 203.128.187.59 (-):
ICNDIGITAL,
KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 		135 pcap raw alerts
ruleset 		other
101 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 780febebd5
NEW
847c5977a3
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:21:00 WinXP 4.226.72.4 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GRAND PRAIRIE, TEXAS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:47:00 WinXP 172.130.99.172 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
21:52:00 Win2K-f 208.100.251.110 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
21:59:00 WinXP 4.255.193.142 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLAREMORE, OKLAHOMA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.46.125:80
US:204.160.126.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
91 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:03:00 Win2K-f 64.201.189.219 (CERTIS.CA):
VOI NETWORKS INC,
WINNIPEG, MANITOBA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:04:00 WinXP 60.39.57.203 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 b280e8e632
NEW 		none[none] none:none
 none|none none none
T:22:06:00 Win2K-f 4.240.129.62 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2715 hits: 12-31 to 06-24] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
22:17:00 Win2K-f 172.131.196.169 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
22:20:00 Win2K-f 221.43.62.10 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
NAGOYA, AICHI, JP. 		72.10.172.211:8080 67.43.236.66:8080 CA:xx.ka3ek.com
CA:xx.enterhere.biz
CA:67.43.226.242:8080
CA:67.43.236.66:8080
CA:67.43.236.98:1863
CA:67.43.236.99:1863
CA:72.10.172.211:8080 		135 pcap raw alerts
ruleset 		other
394 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 32 4f51b7cd6f
NEW 		none[none] none:none
 none|none none none
T:22:42:00 Win2K-f 212.45.81.134 (-):
ISTAR LINK CUSTOMERS IN RADNEVO,
KAZANLAK, STARA ZAGORA, BG. 		n/a US:hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1522 hits: 04-27 to 06-18] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:22:43:00 WinXP 84.51.82.20 (IPAPER.COM):
BLOCK FOR PI ASSIGNMENTS,
UK. 		61.185.73.17:7000 CN:scorti1.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
50 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 32 8f367186c3
[Firefox:92 hits: 12-27 to 06-17] 		01a06977c4 [0] ASM:Graph
 TXT2COM| lines=0 trace
22:47:00 Win2K-f 218.211.221.36 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:206.33.45.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:55:00 WinXP 61.126.137.4 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:23:04:00 Win2K-f 4.248.217.98 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		http
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
73f1082158
[Firefox:64 hits: 06-18 to 06-24] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:08:00 WinXP 219.167.203.122 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:64 hits: 09-28 to 06-24] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
23:26:00 Win2K-f 24.65.79.12 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
US:205.128.79.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox: 4 hits: 06-18 to 06-23]
e53a9ea82e
[Firefox: 4 hits: 06-18 to 06-23] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:23:37:00 Win2K-f 172.132.156.59 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.126:80 		135 pcap raw alerts
ruleset 		http
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:172 hits: 06-17 to 06-24]
a08f3b74a4
[Firefox:62 hits: 06-18 to 06-24]
b5919931fe
[Firefox:26 hits: 06-20 to 06-24] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace