Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 July 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:06:00 WinXP 217.184.77.154 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:39 hits: 12-14 to 07-09] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
00:17:00 Win2K-f 4.174.130.216 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:192.221.99.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:19:00 Win2K-f 116.120.236.40 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 6ec2a8994b
[Firefox: 5 hits: 06-18 to 07-08]
857b781ca9
[Firefox: 4 hits: 06-18 to 07-05] 		none[4]
857b781ca9[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
00:25:00 WinXP 203.54.44.16 (TMNS.NET.AU):
TELSTRAINTERNET5,
MELBOURNE, VICTORIA, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
US:206.33.45.125:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
176 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:32:00 WinXP 71.75.239.205 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:476 hits: 12-31 to 07-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:00:45:00 WinXP 71.2.176.27 (EMBARQHSD.NET):
EMBARQ CORPORATION,
CHANDLER, TEXAS, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:03:00 WinXP 70.77.14.187 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 6200072917
NEW 		none[none] none:none
 none|none none none
T:01:05:00 WinXP 4.90.45.129 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DALLAS, TEXAS, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 3caf27c754
[Firefox: 4 hits: 08-25 to 03-26] 		none[4] none:none
 PolyEnE| none trace
T:01:15:00 Win2K-f 75.4.232.81 (SBCGLOBAL.NET):
RBACK34A.IRVNCA,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11]
b7082104e4
[Firefox:35 hits: 06-18 to 07-11] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
01:29:00 WinXP 124.6.185.82 (NIKOR.NET):
NETWORK_LUZON_DSL_IP_POOL,
MANDALUYONG CITY, MANILA, PH. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.51:80
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
57ce4acac2
[Firefox:49 hits: 06-17 to 07-10] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:39:00 WinXP 62.133.109.228 (KPN-GPRS.NL):
KPN MOBILE THE NETHERLANDS B.V,
NL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:01:49:00 Win2K-f 124.25.214.234 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		217.170.244.2:443 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33 dfcd73f7a7
[Firefox: 2 hits: 07-03 to 07-03] 		none[none] none:none
 none|none none none
T:02:02:00 WinXP 92.40.173.210 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 7a393628ea
[Firefox: 5 hits: 05-12 to 07-08] 		none[4] none:none
 ASProtect| none trace
02:09:00 Win2K-f 207.171.202.66 (IP-207-171-202-10.WRECWIRELESS.COOP):
WELLS RURAL ELECTRIC COMPANY,
SAN FRANCISCO, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:207.123.37.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:07:00 Win2K-f 220.129.79.62 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
03:12:00 Win2K-f 116.123.143.58 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.126:80
US:205.128.79.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
29 of 32		 73f1082158
[Firefox:283 hits: 06-18 to 07-11]
9d677c3f70
NEW 		73f1082158 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:03:23:00 Win2K-f 61.34.136.82 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80
US:205.128.79.125:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
29 of 32		 57ce4acac2
[Firefox:49 hits: 06-17 to 07-10]
83f26f5044
[Firefox: 7 hits: 06-20 to 07-10] 		57ce4acac2 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
03:32:00 WinXP 119.94.26.252 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.220.124:80
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		other
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
29 of 33		 a4eb225807
NEW
f85f8eb994
NEW 		none[4]
f85f8eb994[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:03:43:00 Win2K-f 208.126.92.211 (NETINS.NET):
NETINS INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:207.123.46.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:55:00 WinXP 85.244.70.35 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 996e7053d5
NEW 		none[none] none:none
 none|none none none
03:56:00 WinXP 85.180.70.122 (ALICEDSL.DE):
HANSENET-ADSL,
KARLSRUHE, BADEN-WURTTEMBERG, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:476 hits: 12-31 to 07-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:04:13:00 Win2K-f 61.223.6.216 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
04:26:00 Win2K-f 80.225.180.73 (TISCALI.COM):
TELINCO-DIALPOOL,
LEEDS, ENGLAND, UK. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:04:36:00 WinXP 89.50.223.20 (PPPOOL.DE):
FREENET CITYLINE GMBH,
DE. (DIAL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
41 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1108 hits: 05-01 to 07-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
04:52:00 WinXP 220.156.22.245 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:147 hits: 09-28 to 07-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:09:00 Win2K-f 121.102.121.35 (DY.BBEXCITE.JP):
EXCITE JAPAN CO. LTD,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 065070a8bd
NEW 		none[none] none:none
 none|none none none
05:55:00 WinXP 203.91.181.204 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:57:00 WinXP 122.17.97.227 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:06:04:00 Win2K-f 60.56.218.138 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
121 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 31 23c32fbd78
[Firefox: 5 hits: 05-03 to 06-25] 		none[4] none:none
 PeCompact| none trace
06:10:00 WinXP 125.0.11.128 (INFOWEB.NE.JP):
FUJITSU LIMITED,
TOKYO, TOKYO, JP. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 dfcd73f7a7
[Firefox: 2 hits: 07-03 to 07-03] 		none[none] none:none
 none|none none none
T:06:11:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
57ce4acac2
[Firefox:49 hits: 06-17 to 07-10] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:29:00 WinXP 59.112.182.137 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:06:31:00 WinXP 151.65.186.40 (38-151.NET24.IT):
IUNET-BNET,
IT. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1410 hits: 12-31 to 07-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
06:32:00 WinXP 151.65.186.40 (38-151.NET24.IT):
IUNET-BNET,
IT. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1410 hits: 12-31 to 07-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:06:54:00 WinXP 117.99.28.235 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1410 hits: 12-31 to 07-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
06:55:00 Win2K-f 68.149.61.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.79.126:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
30 of 33		 830cb87006
NEW
d987581a5b
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
07:04:00 Win2K-f 60.56.218.138 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 31 23c32fbd78
[Firefox: 5 hits: 05-03 to 06-25] 		none[4] none:none
 PeCompact| none trace
T:07:21:00 WinXP 208.234.50.135 (ARIN.NET):
CENTENNIAL DE PUERTO RICO,
PR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 967040406e
NEW 		none[none] none:none
 none|none none none
07:42:00 WinXP 61.224.90.112 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:07:51:00 Win2K-f 199.227.202.43 (-):
APPFORGE,
ATLANTA, GEORGIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
07:58:00 Win2K-f 122.107.82.230 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
302 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 73797b1b58
NEW
c32626f3bd
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
08:23:00 WinXP 4.131.122.209 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HOUSTON, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:08:37:00 WinXP 220.145.92.186 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:476 hits: 12-31 to 07-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:08:42:00 Win2K-f 82.251.130.242 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
08:45:00 Win2K-f 209.214.68.67 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:08:54:00 WinXP 4.158.60.138 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80 		135 pcap raw alerts
ruleset 		http
177 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11]
e07c29c4ae
[Firefox:82 hits: 06-19 to 07-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:08:58:00 WinXP 200.164.9.228 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 5089fbb75a
NEW 		none[none] none:none
 none|none none none
09:12:00 Win2K-f 151.118.180.174 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:09:21:00 WinXP 203.73.233.231 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
09:25:00 WinXP 4.163.253.236 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
1036 lines 		Yeah : 1.3
profile 		none summary
tarball 		7 of 32 2bb2d962b5
NEW 		none[none] none:none
 none|none none none
09:57:00 Win2K-f 24.80.174.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:204.160.126.124:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
320 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 252e07202f
NEW
9f886e1087
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:09:57:00 WinXP 12.218.183.253 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
COLUMBUS, GEORGIA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d175bad0e6
[Firefox:15 hits: 06-08 to 06-28] 		dfb15f5463 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
T:10:01:00 WinXP 218.210.80.111 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
57ce4acac2
[Firefox:49 hits: 06-17 to 07-10]
e07c29c4ae
[Firefox:82 hits: 06-19 to 07-11] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:10:26:00 WinXP 221.143.243.7 (-):
HANANET-LLINE-BOSUNGCATV,
KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 33		 4c3df24b32
[Firefox:76 hits: 06-17 to 07-11]
53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
e07c29c4ae
[Firefox:82 hits: 06-19 to 07-11] 		4c3df24b32 [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
10:34:00 WinXP 130.13.204.32 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.126.126:80
US:205.128.66.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 32		 7f66e51c85
NEW
9d12fe9d3b
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
10:40:00 Win2K-f 216.79.248.152 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
VANCE, MISSISSIPPI, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:49:00 Win2K-f 68.147.115.177 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.44.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:50:00 WinXP 66.14.107.10 (GTE.NET):
GENUITY DSL,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.44.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
b7082104e4
[Firefox:35 hits: 06-18 to 07-11] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
10:55:00 WinXP 200.91.197.120 (IFX.NET.CO):
IFX NETWORKS COLOMBIA,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DIAL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:08:00 WinXP 216.201.28.201 (RTECEXPRESS.NET):
RIDGEVILLE TELEPHONE COMPANY,
MANSFIELD, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11]
e07c29c4ae
[Firefox:82 hits: 06-19 to 07-11] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:11:08:00 Win2K-f 24.84.65.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
0 of 32
2 of 32		 607b60ad51
[Firefox: 5 hits: 06-20 to 07-03]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11]
e5c7bce70e
[Firefox: 5 hits: 06-20 to 07-03] 		none[4]
b5919931fe[1]
e5c7bce70e[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
ASProtect|
Armadillo| 		none
lines=90
lines=81 		trace
trace
trace
11:25:00 Win2K-f 216.211.254.192 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:34:00 Win2K-f 58.225.17.10 (HANANET.NET):
HANARO TELECOM INC,
KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33
0 of 32		 533d15b5ce
[Firefox: 6 hits: 06-21 to 07-11]
58c343a8d8
[Firefox: 6 hits: 06-21 to 07-11]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[4]
58c343a8d8[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
T:11:36:00 WinXP 151.65.184.250 (38-151.NET24.IT):
IUNET-BNET,
IT. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1410 hits: 12-31 to 07-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
11:40:00 WinXP 65.191.29.50 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAYETTEVILLE, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:314 hits: 05-01 to 07-07] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:11:46:00 WinXP 202.123.0.247 (P0-10.INTNET.MU):
NATIONAL ISP,
MU. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:450 hits: 05-02 to 07-06] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:50:00 Win2K-f 208.100.251.101 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
12:21:00 Win2K-f 65.7.88.1 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
NASHVILLE, TENNESSEE, US. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:12:30:00 Win2K-f 166.82.151.253 (CTC.NET):
PRIVATE CUSTOMER - CT COMMUNICATIONS,
KANNAPOLIS, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		http
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33
0 of 32		 47f551924a
NEW
9eb51ec623
NEW
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:12:43:00 WinXP 92.227.118.17 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
[Firefox: 5 hits: 07-08 to 07-11] 		none[none] none:none
 none|none none none
12:50:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80
US:4.23.60.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:55:00 WinXP 68.149.47.103 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:205.128.79.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:58:00 Win2K-f 125.192.88.254 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:13:00 WinXP 65.86.238.166 (DSL.NET):
DSL.NET INC,
BROOKLYN, NEW YORK, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:18:00 Win2K-f 4.157.62.211 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WARRENSBURG, NEW YORK, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
90 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:37:00 Win2K-f 116.124.43.135 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:207.123.37.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
272 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
24 of 33
0 of 32		 6e2eaa0359
NEW
740e3bffe0
[Firefox: 2 hits: 06-25 to 07-10]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
13:39:00 Win2K-f 12.73.207.211 (ATT.NET):
AT&T WORLDNET SERVICES,
SPRINGFIELD, MISSOURI, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:13:45:00 WinXP 4.225.173.106 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITNEY, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 9d77b4ca8e
NEW 		none[none] none:none
 none|none none none
14:21:00 WinXP 92.40.74.131 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 84bea9b7c6
NEW 		none[none] none:none
 none|none none none
T:14:25:00 Win2K-f 221.142.18.35 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 33		 168aab35a3
[Firefox:48 hits: 06-17 to 07-10]
4c3df24b32
[Firefox:76 hits: 06-17 to 07-11] 		none[4]
4c3df24b32[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:14:27:00 WinXP 122.47.14.2 (-):
POWERCOMM,
KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
32 of 33		 4c3df24b32
[Firefox:76 hits: 06-17 to 07-11]
58408136a4
[Firefox: 3 hits: 06-28 to 07-10] 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
14:29:00 WinXP 75.177.12.182 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENSBORO, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:33:00 Win2K-f 88.169.237.133 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:14:50:00 Win2K-f 4.160.15.107 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CINCINNATI, OHIO, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
91 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:09:00 WinXP 211.59.183.207 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:76 hits: 06-17 to 07-11]
8390780c27
[Firefox:16 hits: 06-18 to 07-11] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:15:16:00 WinXP 130.13.57.77 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 f36320f8f9
NEW 		none[none] none:none
 none|none none none
15:25:00 WinXP 124.84.124.233 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:26:00 Win2K-f 80.41.170.217 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:36:00 WinXP 166.230.140.145 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 32 6c36e19037
[Firefox:11 hits: 06-22 to 07-08] 		none[4] none:none
 none|none none trace
T:15:39:00 WinXP 75.138.123.171 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:39:00 WinXP 75.138.123.171 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:42:00 Win2K-f 210.3.38.85 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
179 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33
0 of 32		 a172052409
NEW
acd0af7b38
NEW
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:16:16:00 Win2K-f 4.190.119.238 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CORNELL, MICHIGAN, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:16:21:00 Win2K-f 92.40.199.114 (IKBCC.COM):
EU-ZZ,
UK. 		217.170.244.2:443 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33 ebd2e5da07
NEW 		none[none] none:none
 none|none none none
T:16:22:00 WinXP 71.109.112.222 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 277034540e
NEW
ea43badccf
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:16:26:00 WinXP 118.236.140.67 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox: 8 hits: 06-22 to 07-11] 		none[4] none:none
 none|none none trace
T:16:29:00 Win2K-f 4.154.86.69 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SUWANEE, GEORGIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
b7082104e4
[Firefox:35 hits: 06-18 to 07-11] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
16:45:00 WinXP 220.219.253.177 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:147 hits: 09-28 to 07-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:17:00:00 WinXP 118.86.214.199 (-):
. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
GB:welcome3.smile.co.uk 		445 pcap raw alerts
ruleset 		http
http
http
http
44 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1108 hits: 05-01 to 07-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:17:05:00 WinXP 24.79.214.162 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:ebookfinaltrash.ru
:landdev1.lap.internal 		445 pcap raw alerts
ruleset 		http
http
http
http
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:483 hits: 05-04 to 07-11] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
17:21:00 WinXP 4.130.199.3 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CORPUS CHRISTI, TEXAS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:26:00 Win2K-f 75.137.156.30 (CHARTER.COM):
CHARTER COMMUNICATIONS,
LAGRANGE, GEORGIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:51:00 WinXP 70.62.226.81 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAIRFIELD, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:02:00 Win2K-f 69.201.128.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
24 of 33		 00de373b4a
NEW
b234759ccf
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:23:00 WinXP 88.122.146.166 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE BROADBAND POOLS,
DIJON, BOURGOGNE, FR. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 32a0d7d0e0
[Firefox:46 hits: 05-04 to 07-08] 		d791762796 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
18:38:00 Win2K-f 61.228.147.110 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:18:41:00 Win2K-f 118.20.194.185 (-):
. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
18:57:00 WinXP 118.236.205.94 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
9 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:18:58:00 WinXP 61.231.124.155 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:19:00:00 Win2K-f 24.84.9.110 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
268 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 7df41a77e6
[Firefox: 4 hits: 06-16 to 07-01] 		none[4] none:none
 PolyEnE| none trace
T:19:10:00 WinXP 69.220.61.59 (AMERITECH.NET):
PPPOX POOL - RBACK8 SFLDMI,
ALLEN PARK, MICHIGAN, US. (DIAL) 		n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
AT:graz.at.eu.undernet.org
:irc.kar.net
FI:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
RU:irc.tsk.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:143 hits: 05-01 to 06-21] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
T:19:10:00 WinXP 172.170.31.226 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.220.124:80
US:205.128.79.124:80 		135 pcap raw alerts
ruleset 		other
151 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:11:00 WinXP 67.150.170.76 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a EU:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:483 hits: 05-04 to 07-11] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:19:19:00 Win2K-f 4.163.249.54 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:26:00 Win2K-f 216.201.28.201 (RTECEXPRESS.NET):
RIDGEVILLE TELEPHONE COMPANY,
MANSFIELD, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.46.125:80
US:199.93.53.125:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:38:00 Win2K-f 98.134.247.60 (-):
. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:205.128.79.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 6d86a1ff5a
[Firefox:14 hits: 06-25 to 07-11]
7f6e032fc0
[Firefox:14 hits: 06-25 to 07-11] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
19:43:00 WinXP 61.228.201.28 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
19:59:00 WinXP 166.82.228.202 (CTC.NET):
PRIVATE CUSTOMER - CT COMMUNICATIONS,
CONCORD, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:198.78.220.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 47f551924a
NEW
9eb51ec623
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:02:00 Win2K-f 78.48.175.23 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:08:00 WinXP 220.129.41.60 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:20:09:00 Win2K-f 24.92.23.103 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.44.126:80
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:14:00 WinXP 79.138.142.69 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 7bd63bb17d
NEW 		none[none] none:none
 none|none none none
T:20:14:00 WinXP 79.138.142.69 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 7bd63bb17d
NEW 		none[none] none:none
 none|none none none
T:20:47:00 Win2K-f 24.71.247.88 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:11 hits: 06-18 to 07-11]
e53a9ea82e
[Firefox:11 hits: 06-18 to 07-11] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
20:48:00 WinXP 71.104.48.117 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
POMONA, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:48:00 Win2K-f 59.104.47.159 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:55:00 WinXP 199.227.202.44 (-):
APPFORGE,
ATLANTA, GEORGIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:57:00 Win2K-f 203.174.219.77 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
57ce4acac2
[Firefox:49 hits: 06-17 to 07-10] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:04:00 Win2K-f 122.107.82.230 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
302 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 73797b1b58
NEW
c32626f3bd
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:35:00 WinXP 202.221.174.145 (BMOBILE.NE.JP):
JAPAN COMMUNICATION INC,
TOKYO, TOKYO, JP. 		n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
US:searchportal.information.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1108 hits: 05-01 to 07-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:21:57:00 WinXP 71.65.25.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:147 hits: 09-28 to 07-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:21:58:00 Win2K-f 222.239.195.228 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.79.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:76 hits: 06-17 to 07-11]
53bfe15e91
[Firefox:581 hits: 06-17 to 07-11] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:21:58:00 WinXP 70.62.226.81 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAIRFIELD, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.79.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:02:00 WinXP 4.158.201.24 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GREEN BAY, WISCONSIN, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:16:00 WinXP 74.215.168.60 (-):
. 		194.54.90.246:80 UA:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 ea096a2bdf
NEW 		none[none] none:none
 none|none none none
22:20:00 Win2K-f 12.74.176.8 (ATT.NET):
AT&T WORLDNET SERVICES,
CHOCTAW, OKLAHOMA, US. (DIAL) 		12.74.176.8:21 :irc.drxclusives.info
CA:activestate.com
:mail.activestate.com
:smtp.activestate.com
:mx1.activestate.com
:mxs.activestate.com
CZ:mail6.ignum.cz
:mail1.activestate.com
:relay.activestate.com
:ns.activestate.com
:gate.activestate.com
NO:louise.netpower.no
:solbors.no
CZ:mail2.ignum.cz
:mx.solbors.no
:mail.solbors.no
:smtp.solbors.no
:mx1.solbors.no
:mxs.solbors.no
:mail1.solbors.no
:relay.solbors.no
:csc.canterbury.ac.nz
CZ:krynicky.cz
US:mail.yahoo.com
GB:crypt.org
US:perl.org
NZ:132.181.2.61:25
NZ:132.181.2.71:25
CA:204.244.102.3:25
CA:204.244.102.6:25
US:209.191.118.103:25
US:209.191.88.239:25
NO:212.33.133.33:25
US:216.39.53.1:25
US:216.39.53.2:25
CZ:217.31.49.45:25
US:66.196.82.7:25
US:66.196.97.250:25
US:68.142.202.247:25
CZ:82.117.159.67:25 		445 pcap raw alerts
ruleset 		shell
shell
ftp
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 32 113c13f1a2
NEW 		none[none] none:none
 none|none none none
22:22:00 WinXP 161.184.22.179 (TELUS.NET):
EDMONTON TELEPHONES CORPORATION,
RED DEER, ALBERTA, CA. (DIAL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 24137d8412
[Firefox:10 hits: 08-02 to 11-01] 		none[none] none:none
 none|none none none
T:22:25:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:viking.dal.net
SE:coins.dal.net
SE:qis.md.us.dal.net
:gaspode.zanet.org.za
BE:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:broadway.ny.us.dal.net
:caen.fr.eu.undernet.org
:flanders.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
:los-angeles.ca.us.undernet.org
:washington.dc.us.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1410 hits: 12-31 to 07-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:22:25:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
a08f3b74a4
[Firefox:190 hits: 06-18 to 07-11]
b5919931fe
[Firefox:108 hits: 06-20 to 07-11] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:22:35:00 WinXP 118.19.83.96 (-):
. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2847 hits: 12-31 to 07-05] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:22:37:00 WinXP 12.74.51.229 (ATT.NET):
AT&T WORLDNET SERVICES,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:38:00 WinXP 92.114.218.65 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 dae77d66f3
[Firefox: 4 hits: 07-08 to 07-11] 		none[none] none:none
 none|none none none
T:22:44:00 WinXP 4.230.162.91 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
22:57:00 WinXP 217.250.30.149 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
LANDSHUT, BAYERN, DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:39 hits: 12-14 to 07-09] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:23:01:00 WinXP 217.248.46.68 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KOELN, NORDRHEIN-WESTFALEN, DE. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3183 hits: 12-31 to 07-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:03:00 WinXP 4.225.168.164 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITNEY, TEXAS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
93 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:581 hits: 06-17 to 07-11]
73f1082158
[Firefox:283 hits: 06-18 to 07-11]
e07c29c4ae
[Firefox:82 hits: 06-19 to 07-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:23:19:00 WinXP 12.74.187.251 (ATT.NET):
AT&T WORLDNET SERVICES,
PANAMA CITY, FLORIDA, US. (DIAL) 		12.74.187.251:21 :irc.drxclusives.info
DE:msdirect.servicemail24.de
DE:msdirectservices.com
US:lebanon-online.com.lb
:mx.msdirectservices.com
:mail.msdirectservices.com
:smtp.msdirectservices.com
:mx1.msdirectservices.com
:mxs.msdirectservices.com
:mail1.msdirectservices.com
:relay.msdirectservices.com
:ns.msdirectservices.com
:gate.msdirectservices.com
GB:mx2.flirble.org
NL:mx1.xs4all.nl
US:mx1.heaven.net
:mx.lebanon-online.com.lb
NL:mx2.xs4all.nl
US:mx2.heaven.net
NL:mx3.xs4all.nl
US:mx3.heaven.net
:smtp.lebanon-online.com.lb
NL:mx4.xs4all.nl
US:mx4.heaven.net
:mx1.lebanon-online.com.lb
:squirrel.nl
:netheaven.com
:mxs.lebanon-online.com.lb
:mx.squirrel.nl
:mx.netheaven.com
:mail1.lebanon-online.com.lb
DE:193.189.224.91:25
US:208.72.237.9:25
US:64.26.62.254:25 		445 pcap raw alerts
ruleset 		shell
shell
ftp
639 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33 83903b9e4e
NEW 		none[none] none:none
 none|none none none
23:24:00 WinXP 221.139.18.166 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
137 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 a63e4eb194
NEW
d12137860e
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none