Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

08 July 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:26:00 Win2K-f 119.95.206.195 (-):
. 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 33 71c478fc03
NEW 		none[none] none:none
 none|none none none
00:29:00 WinXP 98.140.228.20 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:32:00 Win2K-f 93.172.13.12 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33 9f707522e5
NEW 		none[none] none:none
 none|none none none
T:00:44:00 WinXP 220.156.25.156 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
01:21:00 WinXP 61.122.246.87 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:204.160.126.124:80
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:25:00 WinXP 92.114.175.253 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 dae77d66f3
NEW 		none[none] none:none
 none|none none none
01:26:00 WinXP 92.114.175.253 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 dae77d66f3
NEW 		none[none] none:none
 none|none none none
01:31:00 Win2K-f 222.238.27.211 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.53.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:01:32:00 WinXP 92.83.99.26 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 5a387593a6
[Firefox: 3 hits: 06-27 to 06-27] 		none[none] none:none
 none|none none none
01:43:00 WinXP 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.79.126:80
HK:210.245.211.11:65520
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 686d4ca67b
NEW
b7e379b157
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:02:00:00 WinXP 203.96.69.199 (XTRA.CO.NZ):
NZGATE AGGREGATE NETWORKS,
NZ. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 32a0d7d0e0
[Firefox:45 hits: 05-04 to 06-23] 		d791762796 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
02:18:00 Win2K-f 222.239.170.205 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
143 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
31 of 33		 6ec2a8994b
[Firefox: 4 hits: 06-18 to 07-05]
bec9340f6c
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
02:20:00 WinXP 122.17.126.56 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:21:00 WinXP 222.239.170.211 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32
0 of 33		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07]
e07c29c4ae
[Firefox:72 hits: 06-19 to 07-07] 		4c3df24b32 [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
02:52:00 Win2K-f 208.105.80.9 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.53.125:80
US:199.93.53.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 dfbaaf577c
[Firefox: 6 hits: 06-18 to 07-06]
f504b4af20
[Firefox: 6 hits: 06-18 to 07-06] 		none[4]
f504b4af20[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
02:57:00 WinXP 61.193.47.29 (MESH.AD.JP):
NEC CORPORATION,
YOKOHAMA, KANAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:683 hits: 07-11 to 07-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:02:58:00 Win2K-f 208.105.80.9 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
31 of 33
29 of 33		 b5919931fe
[Firefox:89 hits: 06-20 to 07-07]
dfbaaf577c
[Firefox: 6 hits: 06-18 to 07-06]
f504b4af20
[Firefox: 6 hits: 06-18 to 07-06] 		b5919931fe [1]
none [4]
f504b4af20[1] 		ASM:Graph
none:none
ASM:Graph
 ASProtect|
tElock|
Armadillo| 		lines=90
none
lines=82 		trace
trace
trace
03:25:00 WinXP 220.227.133.4 (PHOTONINFOTECH.COM):
RELIANCE INFOCOM LTD,
IN. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:34:00 WinXP 220.219.251.62 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:51:00 Win2K-f 70.69.245.124 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
ABBOTSFORD, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.44.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:00:00 WinXP 209.127.70.16 (-):
HARMONY INTERNATIONAL,
CORPUS CHRISTI, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:207.123.46.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:14:00 Win2K-f 219.251.192.240 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.153.231:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox: 5 hits: 06-20 to 06-29]
9276c8b36b
[Firefox: 5 hits: 06-20 to 06-29] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:35:00 WinXP 4.159.77.24 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLEVELAND, OHIO, US. (DIAL) 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru 		135 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:17 hits: 09-29 to 07-06] 		none[3] none:none
 tElock| none trace
04:41:00 Win2K-f 222.235.111.49 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.41.126:80
HK:210.245.211.11:65520
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
05:00:00 WinXP 4.159.83.232 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a US:www.yahoo.com
:www.google.com.au
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:17 hits: 09-29 to 07-06] 		none[3] none:none
 tElock| none trace
05:12:00 WinXP 118.108.122.22 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 231c00981d
NEW 		none[none] none:none
 none|none none none
05:19:00 WinXP 220.210.247.100 (MEGAEGG.NE.JP):
ENERGIA COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:05:26:00 WinXP 82.247.155.50 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 c55d8c1cdf
NEW 		none[none] none:none
 none|none none none
T:05:27:00 Win2K-f 70.63.245.3 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PINEHURST, NORTH CAROLINA, US. 		72.10.172.218:3240 CA:bti.jeiahsdod.net 135 pcap raw alerts
ruleset 		irc
865 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32 d74613e216
NEW 		d74613e216 [1] ASM:Graph
 ASProtect| lines=45 trace
T:05:31:00 WinXP 121.102.139.193 (HI-HO.NE.JP):
PANASONIC NETWORK SERVICES INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:38:00 WinXP 210.233.199.44 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:50:00 WinXP 58.226.61.243 (HANANET.NET):
HANARO TELECOM INC,
KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32
30 of 32		 3dffacd270
[Firefox: 2 hits: 06-20 to 07-02]
d5bf17f14e
[Firefox: 2 hits: 06-20 to 07-02] 		3dffacd270 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
06:14:00 WinXP 116.80.2.100 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:06:27:00 WinXP 98.140.228.4 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
06:31:00 WinXP 121.254.83.16 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.220.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:32:00 WinXP 66.103.166.162 (HUTCHTEL.NET):
HUTCHINSON TELEPHONE COMPANY,
GLENCOE, MINNESOTA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:45:00 Win2K-f 123.213.3.106 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:208.111.173.16:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 32		 168aab35a3
[Firefox:42 hits: 06-17 to 07-07]
61426996c3
[Firefox: 4 hits: 06-20 to 07-04] 		none[4]
61426996c3[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:06:57:00 WinXP 220.144.231.203 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:683 hits: 07-11 to 07-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
07:03:00 WinXP 65.214.69.166 (EGYPTIAN.NET):
EGYPTIAN TELEPHONE,
HAMILTON, ILLINOIS, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:116 hits: 05-03 to 06-25] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:03:00 WinXP 86.155.241.31 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:683 hits: 07-11 to 07-07] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
07:16:00 Win2K-f 66.63.86.11 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:207.123.37.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:22:00 WinXP 91.64.192.148 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33 814b221f75
NEW 		none[none] none:none
 none|none none none
T:07:24:00 Win2K-f 89.137.245.254 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:25:00 WinXP 212.56.210.78 (MLDNET.COM):
TELEMEDIA GROUP SA,
CHISINAU, CHISINAU, MD. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:07:26:00 WinXP 92.47.231.209 (IKBCC.COM):
EU-ZZ,
UK. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:26:00 WinXP 79.114.208.229 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:07:27:00 WinXP 89.28.46.235 (89-28-0-10.STARNET.MD):
STARNET,
CHISINAU, CHISINAU, MD. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:27:00 Win2K-f 85.204.155.155 (-):
SC INTERNET SOLUTION SRL,
BUCHAREST, BUCURESTI, RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:29:00 Win2K-f 91.65.100.51 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:33:00 Win2K-f 91.67.251.211 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:35:00 WinXP 212.56.210.78 (MLDNET.COM):
TELEMEDIA GROUP SA,
CHISINAU, CHISINAU, MD. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:07:36:00 Win2K-f 89.33.192.66 (RAN.RO):
SC BIO TEHNIC GRUP SRL,
IASI, IASI, RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:36:00 WinXP 85.127.163.32 (-):
LAC2-KELAG-VILLACH-DYNAMIC-IPS,
VILLACH, KARNTEN, AT. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:07:39:00 WinXP 222.92.65.82 (-):
SUZHOU HUALONG RESTAURANT,
SUZHOU, JIANGSU, CN. (100Mbps) 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:07:40:00 Win2K-f 93.124.57.143 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:41:00 Win2K-f 91.66.246.131 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 6686b0fe5f
NEW 		none[4] none:none
 ASProtect| none trace
07:45:00 Win2K-f 91.64.192.148 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33 814b221f75
NEW 		none[none] none:none
 none|none none none
T:07:46:00 Win2K-f 91.65.100.51 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:55:00 WinXP 88.134.159.146 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33 0abcc85844
NEW 		none[none] none:none
 none|none none none
07:56:00 WinXP 82.247.194.137 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:08:06:00 WinXP 82.247.194.137 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:13:00 Win2K-f 91.67.251.211 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:13:00 Win2K-f 77.42.67.10 (VICENZAWIRELESS.COM):
E4A,
IT. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:14:00 WinXP 86.58.65.19 (TRIERA.NET):
TRIERA INTERNET,
SI. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:08:18:00 Win2K-f 86.58.65.19 (TRIERA.NET):
TRIERA INTERNET,
SI. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:08:22:00 WinXP 88.134.159.146 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 bf19b66a13
NEW 		none[none] none:none
 none|none none none
T:08:23:00 Win2K-f 77.20.12.197 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:08:25:00 WinXP 91.66.246.131 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:27:00 Win2K-f 89.28.46.235 (89-28-0-10.STARNET.MD):
STARNET,
CHISINAU, CHISINAU, MD. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:08:36:00 Win2K-f 91.62.232.175 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		69.42.216.90:9890 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
:f.unicat.org
DE:dl2.teenpassage.com
US:ksn.a1001186.wrs.mcboo.com
US:206.251.244.226:80
HK:210.245.211.11:65520
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
http
50 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
27 of 33		 9015d9e9fc
NEW
a014934a72
[Firefox:65 hits: 06-28 to 07-07] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
08:37:00 Win2K-f 77.197.47.97 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:08:41:00 WinXP 85.181.195.191 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:08:46:00 WinXP 79.114.208.229 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
08:54:00 WinXP 117.99.24.190 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:08:55:00 WinXP 117.99.24.190 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:09:01:00 WinXP 77.197.47.97 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:08:00 WinXP 123.224.138.172 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:09:09:00 WinXP 41.214.162.63 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:09:16:00 WinXP 190.18.21.191 (-):
. 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
SE:ced.dal.net
SE:vancouver.dal.net
SE:qis.md.us.dal.net
NO:london.uk.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:ozbytes.dal.net
NL:diemen.nl.eu.undernet.org
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
09:17:00 WinXP 12.70.161.210 (PRSERV.NET):
AT&T GLOBAL SERVICES,
CHICAGO, ILLINOIS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.51:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:18:00 WinXP 220.215.238.110 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:51:00 WinXP 202.105.80.90 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:00:00 WinXP 70.248.199.163 (SWBELL.NET):
PPPOX POOL - BRAS1 WCHTKS,
LIBERAL, KANSAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:04:00 WinXP 116.59.119.243 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 31 4d244a981f
[Firefox: 5 hits: 03-30 to 07-07] 		b66b85d85f [0] ASM:Graph
 PolyEnE| lines=129 trace
T:10:37:00 Win2K-f 122.120.40.26 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:306 hits: 03-31 to 07-05] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:44:00 WinXP 12.219.117.10 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MOYOCK, NORTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:44:00 WinXP 12.219.117.10 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MOYOCK, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:54:00 WinXP 86.159.4.73 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:35 hits: 12-14 to 07-07] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
11:03:00 WinXP 70.125.97.39 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DEATSVILLE, ALABAMA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:11:09:00 WinXP 92.40.103.135 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 7a393628ea
[Firefox: 4 hits: 05-12 to 06-27] 		none[4] none:none
 ASProtect| none trace
11:11:00 Win2K-f 208.77.182.16 (MYCOMSPAN.COM):
COMSPAN BANDON NETWORK LLC,
BANDON, OREGON, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80 		135 pcap raw alerts
ruleset 		other
64 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
b7082104e4
[Firefox:30 hits: 06-18 to 07-07] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
T:11:17:00 WinXP 195.174.7.161 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ISTANBUL, ISTANBUL, TR. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
SE:ced.dal.net
US:lia.zanet.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
NEW 		none[none] none:none
 none|none none none
11:44:00 WinXP 85.152.221.244 (CM-85-152-232-10.TELECABLE.ES):
TELECABLE,
AVILES, ASTURIAS, ES. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 f921e443d9
NEW 		none[none] none:none
 none|none none none
11:52:00 WinXP 86.159.4.73 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:35 hits: 12-14 to 07-07] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
11:59:00 Win2K-f 58.121.126.71 (HANANET.NET):
HANARO TELECOM INC,
KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.51:80
US:208.111.173.52:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
none		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
6a4845ca11
[Firefox: 3 hits: 06-27 to 07-02] 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
12:08:00 Win2K-f 24.222.51.165 (EASTLINK.CA):
EASTLINK,
TRURO, NOVA SCOTIA, CA. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.42:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 c929e6508d
[Firefox: 2 hits: 06-23 to 07-01]
ee1d9a67bb
[Firefox: 2 hits: 06-23 to 07-01] 		c929e6508d [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
T:12:13:00 WinXP 218.167.63.133 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:12:20:00 Win2K-f 24.78.223.48 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:205.128.66.124:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
0 of 32
30 of 32		 65275a1614
[Firefox: 6 hits: 06-21 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07]
ec0d7783de
[Firefox: 6 hits: 06-21 to 07-07] 		65275a1614 [1]
b5919931fe[1]
none [4] 		ASM:Graph
ASM:Graph
none:none
 Armadillo|
ASProtect|
tElock| 		lines=82
lines=90
none 		trace
trace
trace
12:29:00 Win2K-f 68.145.39.26 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33		 9d9054829c
NEW
b69118be9f
NEW 		none[4]
b69118be9f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
12:29:00 WinXP 123.237.96.154 (-):
RELIANCE INFOCOMM LIMITED,
MUMBAI, MAHARASHTRA, IN. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:206.33.45.125:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32
31 of 33		 2d51a863df
NEW
65c9f5c345
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:12:41:00 WinXP 209.29.164.2 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:206.33.45.125:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:46:00 WinXP 98.175.106.144 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:206.33.45.125:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:52:00 Win2K-f 216.27.114.73 (PRIMELINK1.NET):
PRIMELINK INC,
PLATTSBURGH, NEW YORK, US. 		n/a   135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 dc20b6fe59
[Firefox: 4 hits: 06-23 to 07-01]
f97070ef2b
[Firefox: 4 hits: 06-23 to 07-01] 		dc20b6fe59 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=81
none 		trace
trace
T:13:06:00 WinXP 85.92.232.255 (NET.BA):
AS54# 12BIHAC TKC,
BA. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:457 hits: 12-31 to 07-07] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:13:32:00 Win2K-f 98.174.204.104 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:13:49:00 WinXP 78.1.159.233 (T-COM.HR):
HPTNET,
HR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 a732992479
NEW 		a732992479 [1] ASM:Graph
 FASM| lines=84 trace
13:51:00 Win2K-f 24.24.213.219 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTMINSTER, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
13:53:00 WinXP 70.45.168.101 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
BAYAMON, PUERTO RICO, PR. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33		 9183352b97
NEW
d711e38d6d
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:14:02:00 Win2K-f 202.75.250.204 (-):
CHINA UNICOM (MACAU) COMPANY LIMITED,
MACAU, MACAU, MO. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:14:21:00 Win2K-f 96.15.151.243 (-):
. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 6d86a1ff5a
[Firefox: 8 hits: 06-25 to 07-07]
7f6e032fc0
[Firefox: 8 hits: 06-25 to 07-07] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
14:47:00 WinXP 172.134.90.35 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:14:58:00 Win2K-f 209.29.109.130 (TELUS.COM):
TELUS COMMUNICATIONS INC,
NEPEAN, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:4.23.60.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
90 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:17:00 Win2K-f 4.224.195.224 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.53.125:80
US:207.123.44.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:23:00 Win2K-f 68.149.226.75 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:207.123.44.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 5ba106150e
NEW
801e729de2
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:15:24:00 WinXP 70.120.237.131 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANTHONY, TEXAS, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1398 hits: 12-31 to 07-07] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:15:48:00 WinXP 207.68.254.201 (VISTA-EXPRESS.COM):
VISTA III MEDIA LLC,
OXFORD, MISSISSIPPI, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 8ae2cc2e80
[Firefox:60 hits: 05-06 to 03-05] 		c24ca14cda [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:00:00 WinXP 122.52.20.147 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
157 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:12 hits: 06-18 to 06-30]
76ee340669
[Firefox:12 hits: 06-18 to 06-30] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
16:17:00 Win2K-f 71.53.82.44 (EMBARQHSD.NET):
EMBARQ CORPORATION,
KILLEEN, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:21:00 WinXP 81.9.225.187 (CM-81-9-211-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
NEW 		none[none] none:none
 none|none none none
16:22:00 WinXP 201.72.222.183 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:33:00 WinXP 201.228.76.162 (TELECOM.COM.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CALI, VALLE DEL CAUCA, CO. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 1801222e74
NEW 		none[none] none:none
 none|none none none
T:16:34:00 WinXP 24.83.3.68 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:16:35:00 Win2K-f 4.229.207.11 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
EATON RAPIDS, MICHIGAN, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
1098 lines 		Yeah : 1.3
profile 		none summary
tarball 		9 of 33 018b5e869b
NEW 		none[none] none:none
 none|none none none
T:16:54:00 Win2K-f 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07]
b5919931fe
[Firefox:89 hits: 06-20 to 07-07] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:17:00:00 WinXP 210.139.204.214 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
NAHA, OKINAWA, JP. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
17:09:00 WinXP 61.46.141.57 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
33 of 33		 07fabc79ef
[Firefox: 4 hits: 06-19 to 07-07]
53bfe15e91
[Firefox:480 hits: 06-17 to 07-07] 		07fabc79ef [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:17:56:00 Win2K-f 24.71.247.88 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:207.123.47.126:80
HK:210.245.211.11:65520
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
22 of 32		 48f8b1a711
[Firefox: 5 hits: 06-19 to 07-07]
ae4e62adc2
NEW 		none[4]
none [none] 		none:none
none:none
 PolyEnE|
none|none 		none
none 		trace
none
T:17:57:00 WinXP 122.109.151.41 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:207.123.47.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
190 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
31 of 33		 2bfd553322
NEW
58b2aabe81
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:15:00 WinXP 75.79.5.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07]
e07c29c4ae
[Firefox:72 hits: 06-19 to 07-07] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
18:27:00 WinXP 83.188.197.186 (SWIP.NET):
SWIPNET,
SE. 		69.42.216.125:6701 :jojo.AsSexy.As
69.42.216.125:6701 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33 5a50b6f4ab
NEW 		none[none] none:none
 none|none none none
18:34:00 WinXP 200.65.102.195 (PRODIGY.NET.MX):
UNINET S.A. DE C.V,
MEXICO, DISTRITO FEDERAL, MX. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:34:00 Win2K-f 84.38.18.191 (METROLINK.PL):
VOLTANET,
GDYNIA, POMORSKIE, PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 6c36e19037
[Firefox:10 hits: 06-22 to 07-05] 		none[4] none:none
 none|none none trace
18:44:00 WinXP 76.239.191.10 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.FRS2CA,
DALLAS, TEXAS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:457 hits: 12-31 to 07-07] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
18:45:00 WinXP 85.133.183.22 (-):
SEPANTA COMMUNICATION DEVELOPMENT CO. LTD,
TEHRAN, TEHRAN, IR. 		n/a DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:479 hits: 05-04 to 07-04] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:18:48:00 Win2K-f 24.79.76.62 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:207.123.44.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:49:00 Win2K-f 67.9.114.114 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:207.123.44.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:58:00 WinXP 72.234.132.170 (HAWAIIANTEL.NET):
HAWAIIAN TELCOM SERVICES COMPANY INC,
HONOLULU, HAWAII, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:01:00 Win2K-f 66.212.144.247 (NAUTICOM.NET):
PINNATECH INC,
WEST MIFFLIN, PENNSYLVANIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.66.124:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
254 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
31 of 33		 4ab411960c
NEW
e8fee31b4e
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:19:18:00 Win2K-f 75.136.139.179 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		http
140 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
30 of 32		 24acffe86e
NEW
a0d83e7d41
NEW 		24acffe86e [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
19:22:00 WinXP 71.101.202.86 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PALMETTO, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:22:00 Win2K-f 77.101.104.15 (BLUEYONDER.CO.UK):
CABLEINET,
UK. 		n/a   135 pcap raw alerts
ruleset 		other
410 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 e1502b71c0
NEW 		none[none] none:none
 none|none none none
T:19:22:00 WinXP 211.59.72.105 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
19:40:00 WinXP 75.143.206.231 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:44:00 WinXP 24.160.205.221 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:120 hits: 09-28 to 07-07] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:19:49:00 WinXP 24.25.152.226 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GLENS FALLS, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:12:00 Win2K-f 70.75.70.18 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
266 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 777e93c56a
NEW 		none[none] none:none
 none|none none none
20:19:00 Win2K-f 68.150.79.83 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
222 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 a38eaf614a
NEW 		none[none] none:none
 none|none none none
T:20:27:00 Win2K-f 71.108.113.24 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PANORAMA CITY, CALIFORNIA, US. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.41.124:80
US:207.123.44.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 0dbe638eb4
NEW
2765878b0a
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:16:00 Win2K-f 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.41.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
a08f3b74a4
[Firefox:161 hits: 06-18 to 07-07] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:21:00 WinXP 76.94.155.120 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3154 hits: 12-31 to 07-07] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:21:29:00 Win2K-f 4.182.248.233 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUBURN, CALIFORNIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:37:00 WinXP 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:205.128.79.125:80
US:205.128.79.126:80 		135 pcap raw alerts
ruleset 		other
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:41:00 Win2K-f 68.145.78.90 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
268 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 d70e9267fe
[Firefox: 2 hits: 06-24 to 07-07] 		none[4] none:none
 PolyEnE| none trace
T:21:50:00 Win2K-f 61.215.171.230 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.44.126:80
US:207.123.46.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33		 02cab5983b
[Firefox: 3 hits: 06-18 to 07-06]
76e6f343c5
[Firefox: 3 hits: 06-18 to 07-06] 		none[4]
76e6f343c5[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
21:52:00 Win2K-f 172.192.188.56 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
128 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:57:00 Win2K-f 63.17.154.230 (UU.NET):
UUNET TECHNOLOGIES INC,
NEW YORK, NEW YORK, US. 		n/a   135 pcap raw alerts
ruleset 		other
163 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
[Firefox:41 hits: 06-17 to 07-07] 		57ce4acac2 [1] ASM:Graph
 Armadillo| lines=81 trace
22:08:00 WinXP 71.119.195.123 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
UPLAND, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.66.126:80
US:205.128.79.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:23:00 WinXP 122.111.26.176 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
127 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
31 of 33		 2ca2e34968
NEW
61f8a55907
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:22:42:00 WinXP 61.222.2.212 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:205.128.66.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
57ce4acac2
[Firefox:41 hits: 06-17 to 07-07] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:04:00 WinXP 85.233.80.182 (-):
JSC TATNEFT,
RU. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 33 76e95d966a
NEW 		none[none] none:none
 none|none none none
23:11:00 WinXP 211.59.72.105 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:207.123.46.125:80
US:207.123.47.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:62 hits: 06-17 to 07-07]
8390780c27
[Firefox: 9 hits: 06-18 to 07-07] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
23:31:00 WinXP 200.97.240.24 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 f9a1559785
NEW 		none[none] none:none
 none|none none none
T:23:46:00 WinXP 122.146.241.186 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.44.125:80
US:207.123.46.126:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:480 hits: 06-17 to 07-07]
73f1082158
[Firefox:224 hits: 06-18 to 07-07] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace