Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 July 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:26:00 Win2K-f 221.113.244.36 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
OSAKA, OSAKA, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:00:34:00 WinXP 63.24.131.162 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a   135 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
00:38:00 WinXP 123.217.231.110 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 62029f0cf9
NEW 		none[none] none:none
 none|none none none
00:39:00 Win2K-f 121.92.100.59 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 dfcd73f7a7
[Firefox: 6 hits: 07-03 to 07-13] 		none[none] none:none
 none|none none none
00:43:00 WinXP 118.165.12.23 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 a483ba8aa1
[Firefox: 5 hits: 07-09 to 07-11] 		none[none] none:none
 none|none none none
T:00:52:00 Win2K-f 218.160.234.14 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
01:08:00 WinXP 92.40.11.188 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
shell
shell
shell
shell
shell
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 f2b9377cac
NEW 		none[none] none:none
 none|none none none
T:01:47:00 WinXP 92.114.220.122 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 366148f7b7
[Firefox: 5 hits: 07-06 to 07-14] 		none[none] none:none
 none|none none none
01:47:00 WinXP 218.160.234.14 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
shell
ftp
shell
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:55:00 WinXP 151.118.189.29 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:07:00 WinXP 207.5.207.93 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15]
e07c29c4ae
[Firefox:100 hits: 06-19 to 07-15] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:02:30:00 WinXP 85.181.28.167 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:02:31:00 WinXP 144.138.160.59 (TMNS.NET.AU):
TELSTRAINTERNET31,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:207.123.47.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
178 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:36:00 Win2K-f 144.134.27.23 (TMNS.NET.AU):
TELSTRAINTERNET27,
GOLD COAST, QUEENSLAND, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:207.123.47.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
b7082104e4
[Firefox:47 hits: 06-18 to 07-15] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
03:06:00 Win2K-f 92.40.41.220 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 261ec21a14
NEW 		none[none] none:none
 none|none none none
T:03:31:00 WinXP 70.74.216.121 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:207.123.44.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:36:00 WinXP 61.228.146.76 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:03:56:00 Win2K-f 209.173.173.25 (RTECEXPRESS.NET):
RIDGEVILLE TELEPHONE COMPANY,
MANSFIELD, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:03:00 WinXP 86.134.45.144 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 cce9566ceb
[Firefox:30 hits: 06-12 to 07-15] 		none[4] none:none
 PolyEnE| none trace
T:04:08:00 Win2K-f 77.253.39.232 (COM.PL):
NETIA,
PL. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 f12583a6d2
[Firefox:97 hits: 07-13 to 07-15] 		none[none] none:none
 none|none none none
04:10:00 WinXP 78.130.85.123 (REV.OPTIMUS.PT):
OPTIMUS TELECOMUNICAGUES S.A,
PT. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 d01b5333e5
NEW 		none[none] none:none
 none|none none none
04:12:00 WinXP 217.201.76.242 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:04:46:00 WinXP 92.114.207.192 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 366148f7b7
[Firefox: 5 hits: 07-06 to 07-14] 		none[none] none:none
 none|none none none
05:02:00 Win2K-f 121.83.163.112 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 31 23c32fbd78
[Firefox: 9 hits: 05-03 to 07-15] 		none[4] none:none
 PeCompact| none trace
T:05:43:00 WinXP 61.98.231.245 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.126.124:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 33		 168aab35a3
[Firefox:54 hits: 06-17 to 07-14]
4c3df24b32
[Firefox:91 hits: 06-17 to 07-15] 		none[4]
4c3df24b32[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
05:58:00 WinXP 118.12.237.241 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:701 hits: 07-11 to 07-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
06:05:00 WinXP 218.224.169.5 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 38fa4c6994
NEW 		none[none] none:none
 none|none none none
T:06:19:00 WinXP 90.155.215.232 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 3a671a0880
NEW 		none[none] none:none
 none|none none none
T:06:34:00 WinXP 220.144.251.218 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
06:37:00 WinXP 91.64.15.179 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1119 hits: 05-01 to 07-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:06:46:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
57ce4acac2
[Firefox:58 hits: 06-17 to 07-14] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:49:00 WinXP 219.91.86.231 (APOL.COM.TW):
ASIA PACIFIC ON-LINE SERVICES INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 85ef47d231
NEW 		none[none] none:none
 none|none none none
07:10:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		72.10.172.218:7763 CA:mypal.urpal43sourpalhuh.com
:sdihsihdsfsofhsohs.net
CA:wiger.blacktiehsbdcs.com
CA:haiys.eiheihre3.com
:nagoo.nagitiriheiwu.net
CA:72.10.172.218:3838
CA:72.10.172.218:3938
CA:72.10.172.218:7763 		135 pcap raw alerts
ruleset 		other
338 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 29 0a0261b96a
[Firefox: 7 hits: 07-16 to 11-13] 		none[none] none:none
 none|none none none
T:07:34:00 Win2K-f 124.241.190.148 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:03:00 WinXP 217.201.205.123 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 041f8c47c9
NEW 		none[none] none:none
 none|none none none
08:11:00 Win2K-f 4.228.186.24 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DURANGO, COLORADO, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
135 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:25:00 Win2K-f 209.252.105.233 (MCLEODUSA.NET):
MDI ACCESS,
ROCHESTER, MINNESOTA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15]
b5919931fe
[Firefox:128 hits: 06-20 to 07-15] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:08:47:00 WinXP 118.236.104.194 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox: 9 hits: 06-22 to 07-12] 		none[4] none:none
 none|none none trace
08:50:00 WinXP 85.85.74.39 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 6261f5268a
NEW 		none[none] none:none
 none|none none none
T:08:50:00 WinXP 85.85.74.39 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
ES. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 33 6261f5268a
NEW 		none[none] none:none
 none|none none none
09:02:00 WinXP 86.155.21.165 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:701 hits: 07-11 to 07-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:09:15:00 Win2K-f 67.48.115.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LEES SUMMIT, MISSOURI, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:27:00 WinXP 92.40.47.213 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 617a73853f
NEW 		none[none] none:none
 none|none none none
T:09:31:00 WinXP 83.97.66.107 (BS-SW-BG.UNACS.BG):
UNACS CO. (FREE SERVICES GAMING NETWORKS INTERNET),
BURGAS, BURGAS, BG. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 a1d26a15e6
NEW 		none[none] none:none
 none|none none none
T:09:52:00 WinXP 12.74.21.198 (ATT.NET):
AT&T WORLDNET SERVICES,
SAN ANGELO, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:484 hits: 12-31 to 07-15] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
09:54:00 WinXP 41.236.24.180 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 ee53a27fe7
NEW 		none[none] none:none
 none|none none none
09:58:00 Win2K-f 209.214.131.165 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
JACKSONVILLE, FLORIDA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:11:00 WinXP 70.65.7.202 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 2b402a57aa
NEW 		none[none] none:none
 none|none none none
10:47:00 WinXP 208.188.17.64 (SWBELL.NET):
AS101 RCSNTX DIAL POOL,
DALLAS, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:484 hits: 12-31 to 07-15] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
10:55:00 Win2K-f 4.154.108.10 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KENNESAW, GEORGIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
11:07:00 WinXP 71.108.67.53 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LANCASTER, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
332 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 5913ead1a1
[Firefox: 3 hits: 06-18 to 07-13]
ac99506c36
[Firefox: 3 hits: 06-18 to 07-13] 		5913ead1a1 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
11:27:00 Win2K-f 71.109.112.222 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.42:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 277034540e
NEW
ea43badccf
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:11:41:00 Win2K-f 207.171.202.66 (IP-207-171-202-10.WRECWIRELESS.COOP):
WELLS RURAL ELECTRIC COMPANY,
SAN FRANCISCO, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15]
b5919931fe
[Firefox:128 hits: 06-20 to 07-15] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:58:00 Win2K-f 218.167.2.163 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
12:20:00 Win2K-f 91.66.65.103 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:12:22:00 Win2K-f 218.167.2.163 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:22:00 WinXP 78.156.223.45 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1119 hits: 05-01 to 07-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
12:26:00 WinXP 71.111.243.192 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.41.126:80
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		other
317 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 5913ead1a1
[Firefox: 3 hits: 06-18 to 07-13]
ac99506c36
[Firefox: 3 hits: 06-18 to 07-13] 		5913ead1a1 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
12:26:00 WinXP 117.99.59.109 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3204 hits: 12-31 to 07-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:37:00 WinXP 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.220.126:80
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:41:00 WinXP 75.18.99.195 (SBCGLOBAL.NET):
PPPOX POOL - RBACK4.WACOTX,
TEMPLE, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:44:00 Win2K-f 62.224.243.77 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
COLOGNE, NORDRHEIN-WESTFALEN, DE. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:12:54:00 WinXP 212.205.245.179 (OTENET.GR):
MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS,
ATHENS, ATTIKI, GR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:44 hits: 12-14 to 07-13] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
13:29:00 Win2K-f 80.41.178.239 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:35:00 Win2K-f 71.85.125.218 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
13:45:00 Win2K-f 72.251.38.251 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.149:80 		135 pcap raw alerts
ruleset 		other
121 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
13:49:00 WinXP 65.23.188.251 (DRTEL.NET):
DICKEY RURAL NETWORKS,
ELLENDALE, NORTH DAKOTA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:204.160.126.126:80
US:205.128.66.124:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
b7082104e4
[Firefox:47 hits: 06-18 to 07-15] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
T:13:50:00 WinXP 72.251.1.41 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
MISSOURI CITY, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:58:00 Win2K-f 4.255.203.166 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
YUKON, OKLAHOMA, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
14:05:00 WinXP 208.69.211.73 (LPBROADBAND.COM):
LP BROADBAND INC,
LOVELAND, COLORADO, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:14:10:00 Win2K-f 208.127.8.96 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
214 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 32 5aeb9abc92
[Firefox: 2 hits: 12-27 to 07-15] 		none[none] none:none
 none|none none none
T:14:14:00 WinXP 208.69.211.73 (LPBROADBAND.COM):
LP BROADBAND INC,
LOVELAND, COLORADO, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
14:19:00 Win2K-f 61.34.136.82 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
29 of 32		 57ce4acac2
[Firefox:58 hits: 06-17 to 07-14]
83f26f5044
[Firefox: 8 hits: 06-20 to 07-12] 		57ce4acac2 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
14:21:00 WinXP 91.65.19.37 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 5cf8610602
NEW 		none[none] none:none
 none|none none none
T:14:45:00 WinXP 80.7.60.255 (NTL.COM):
NTL INFRASTRUCTURE - POOLE,
LONDON, ENGLAND, UK. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:206.33.45.125:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
14:47:00 Win2K-f 98.140.228.28 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
14:49:00 Win2K-f 24.83.99.36 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
267 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32 c78281a815
[Firefox: 3 hits: 06-20 to 07-07] 		none[4] none:none
 PolyEnE| none trace
T:15:08:00 Win2K-f 24.78.91.87 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80 		135 pcap raw alerts
ruleset 		http
204 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33
0 of 32		 99c1c370c4
NEW
ac59067d9b
NEW
b5919931fe
[Firefox:128 hits: 06-20 to 07-15] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:15:17:00 WinXP 189.20.201.211 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:737 hits: 05-01 to 07-10] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
15:24:00 Win2K-f 59.113.169.213 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 32 f12583a6d2
[Firefox:97 hits: 07-13 to 07-15] 		none[none] none:none
 none|none none none
T:15:37:00 WinXP 200.66.66.7 (MCMTELECOM.COM.MX):
MEGACABLE COMUNICACIONES DE MEXICO S.A. DE C.V,
HERMOSILLO, SONORA, MX. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3204 hits: 12-31 to 07-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:38:00 WinXP 200.66.66.7 (MCMTELECOM.COM.MX):
MEGACABLE COMUNICACIONES DE MEXICO S.A. DE C.V,
HERMOSILLO, SONORA, MX. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3204 hits: 12-31 to 07-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:40:00 WinXP 4.244.216.15 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:49:00 WinXP 68.200.24.42 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3204 hits: 12-31 to 07-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:04:00 Win2K-f 12.73.238.224 (ATT.NET):
AT&T WORLDNET SERVICES,
NEW ORLEANS, LOUISIANA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
16:12:00 WinXP 66.75.221.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BAKERSFIELD, CALIFORNIA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:484 hits: 12-31 to 07-15] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
16:21:00 WinXP 209.29.175.236 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:26:00 WinXP 220.157.218.247 (ASAHI-NET.OR.JP):
ASAHI NET INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 8ae058b2d0
[Firefox: 5 hits: 05-01 to 06-27] 		e6a9383b75 [0] ASM:Graph
 none|none lines=59 trace
T:16:27:00 WinXP 76.200.147.240 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:44 hits: 12-14 to 07-13] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:16:39:00 Win2K-f 220.139.8.173 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:17:00:00 Win2K-f 66.178.156.69 (RIO.COM):
PLEXIS HEALTHCARE SYSTEMS,
ASHLAND, OREGON, US. (100Mbps) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:17:05:00 WinXP 12.74.177.83 (ATT.NET):
AT&T WORLDNET SERVICES,
MOBILE, ALABAMA, US. (DIAL) 		12.74.177.83:21 :irc.drxclusives.info
DE:msdirect.servicemail24.de
DE:msdirectservices.com
US:lebanon-online.com.lb
:mx.msdirectservices.com
:mail.msdirectservices.com
:smtp.msdirectservices.com
:mx1.msdirectservices.com
:mxs.msdirectservices.com
:mail1.msdirectservices.com
:relay.msdirectservices.com
:ns.msdirectservices.com
:gate.msdirectservices.com
US:cpan.mx.develooper.com
CA:mx.netidentity.com.cust.hostedemail.com
US:cpan.org
US:conway.org
:mx.cpan.org
US:mx.conway.org
:mail.cpan.org
CA:mail.conway.org
:smtp.cpan.org
US:smtp.conway.org
:mx1.cpan.org
DE:gmx.de
US:mx1.conway.org
:mxs.cpan.org
:crypt.compulink.co.uk
:mx.gmx.de
US:mxs.conway.org
:mail1.cpan.org
:mx.crypt.compulink.co.uk
DE:mail.gmx.de
US:mail1.conway.org
:relay.cpan.org
:mail.crypt.compulink.co.uk
DE:smtp.gmx.de
US:relay.conway.org
:smtp.crypt.compulink.co.uk
:ns.cpan.org
US:ns.conway.org
:mx1.gmx.de
:mx1.crypt.compulink.co.uk
:gate.cpan.org
US:gate.conway.org
:mxs.gmx.de
:mxs.crypt.compulink.co.uk
:mail1.gmx.de
:mail1.crypt.compulink.co.uk
:relay.crypt.compulink.co.uk
:relay.gmx.de
:ns.crypt.compulink.co.uk
:ns.gmx.de
:gate.crypt.compulink.co.uk
DE:gate.gmx.de
:fmrco.com
US:mx-nj-2.pobox.com
:mx.fmrco.com
US:mx-pa-8.pobox.com
:mail.fmrco.com
US:mx-pa-9.pobox.com
:smtp.fmrco.com
US:mx-pa-10.pobox.com
:mx1.fmrco.com
US:mx-all.pobox.com
:mxs.fmrco.com
US:mx-nj-1.pobox.com
:mail1.fmrco.com
:relay.fmrco.com
:mx.pobox.com
:ns.fmrco.com
:mail.pobox.com
:gate.fmrco.com
US:smtp.pobox.com
:mx1.pobox.com
:mxs.pobox.com
:mail1.pobox.com
:relay.pobox.com
:ns.pobox.com
:gate.pobox.com
DE:ilyaz.org
:mx.ilyaz.org
:mail.ilyaz.org
DE:193.189.224.91:25
US:64.26.62.254:25 		445 pcap raw alerts
ruleset 		shell
ftp
830 lines 		Yeah : 1.8
profile 		none summary
tarball 		none none none none none none none
17:56:00 Win2K-f 60.38.107.190 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
17:58:00 WinXP 201.69.191.170 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1419 hits: 12-31 to 07-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
18:04:00 WinXP 200.175.94.160 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a EU:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1119 hits: 05-01 to 07-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:18:44:00 WinXP 24.93.108.178 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
73f1082158
[Firefox:326 hits: 06-18 to 07-15]
e07c29c4ae
[Firefox:100 hits: 06-19 to 07-15] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
18:53:00 Win2K-f 218.168.74.206 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
19:07:00 Win2K-f 75.79.5.63 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:680 hits: 06-17 to 07-15]
a08f3b74a4
[Firefox:219 hits: 06-18 to 07-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:14:00 Win2K-f 140.239.42.147 (XO.NET):
XO COMMUNICATIONS,
HOPKINTON, MASSACHUSETTS, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:16:00 WinXP 24.148.122.109 (MHCABLE.COM):
MID-HUDSON CABLEVISION INC,
CHICAGO, ILLINOIS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:47:00 WinXP 118.160.111.216 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
21:10:00 Win2K-f 220.144.251.218 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:21:17:00 WinXP 62.11.157.116 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
CAGLIARI, SARDEGNA, IT. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
29 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:488 hits: 05-04 to 07-15] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
21:20:00 WinXP 61.224.88.86 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 511dcda8ce
NEW 		none[none] none:none
 none|none none none
21:39:00 WinXP 118.218.141.238 (-):
. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
[Firefox:54 hits: 06-17 to 07-14]
667f0c59f3
[Firefox: 3 hits: 07-04 to 07-14] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:21:41:00 WinXP 118.168.167.250 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2933 hits: 12-31 to 07-15] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:23:03:00 WinXP 59.113.165.129 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:10:00 WinXP 125.232.132.70 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:48:00 WinXP 92.227.182.90 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
[Firefox: 6 hits: 07-08 to 07-12] 		none[none] none:none
 none|none none none