Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 July 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:22:00 WinXP 83.97.66.107 (BS-SW-BG.UNACS.BG):
UNACS CO. (FREE SERVICES GAMING NETWORKS INTERNET),
BURGAS, BURGAS, BG. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 a1d26a15e6
NEW 		none[none] none:none
 none|none none none
00:31:00 WinXP 212.152.140.216 (UTAONLINE.AT):
U-TALK-AGAIN-NET,
VIENNA, WIEN, AT. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:32:00 Win2K-f 217.246.191.247 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
FRANKFURT, HESSEN, DE. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
00:38:00 WinXP 24.82.32.169 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:14:00 WinXP 79.138.171.146 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 ea096a2bdf
[Firefox: 4 hits: 07-12 to 07-17] 		none[none] none:none
 none|none none none
01:26:00 WinXP 202.70.234.58 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:207.123.46.125:80
HK:210.245.211.11:65520
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 57f4ad4c13
NEW
c44c50b48d
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
01:30:00 WinXP 41.207.25.12 (ADSL-213-136-127-10.AVISO.CI):
COTE D'IVOIRE TELECOM,
CI. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
NEW 		none[none] none:none
 none|none none none
T:01:30:00 WinXP 41.207.25.12 (ADSL-213-136-127-10.AVISO.CI):
COTE D'IVOIRE TELECOM,
CI. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
NEW 		none[none] none:none
 none|none none none
01:34:00 WinXP 220.156.9.43 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:166 hits: 09-28 to 07-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
01:48:00 Win2K-f 75.77.50.83 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:54:00 Win2K-f 75.63.207.56 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
DALLAS, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:04:00 WinXP 92.114.241.41 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 3a601c00ec
NEW 		none[none] none:none
 none|none none none
T:02:30:00 Win2K-f 92.40.26.134 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.42:80
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		other
126 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32
none		 7452c8448d
[Firefox: 3 hits: 06-17 to 07-14]
fd9b49840f
[Firefox: 2 hits: 06-23 to 07-14] 		none[4]
fd9b49840f[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:03:02:00 WinXP 78.145.72.19 (-):
OPAL TELECOM DSL,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 4f881e99c1
NEW 		none[none] none:none
 none|none none none
T:03:14:00 WinXP 220.97.169.58 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 c85d715351
NEW 		none[none] none:none
 none|none none none
T:03:40:00 WinXP 118.167.198.82 (-):
. 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
03:43:00 Win2K-f 219.167.189.107 (PLALA.OR.JP):
PLALA NETWORKS INC,
TOKYO, TOKYO, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:03:49:00 Win2K-f 122.146.225.252 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:03:50:00 WinXP 209.213.251.122 (EXECULINK.COM):
EXECULINK INTERNET SERVICES CORPORATION,
CA. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3212 hits: 12-31 to 07-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:04:02:00 Win2K-f 61.231.249.154 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
04:17:00 WinXP 79.138.170.187 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 ea096a2bdf
[Firefox: 4 hits: 07-12 to 07-17] 		none[none] none:none
 none|none none none
T:04:29:00 Win2K-f 76.79.244.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 		135 pcap raw alerts
ruleset 		http
116 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
31 of 33
31 of 33		 b5919931fe
[Firefox:133 hits: 06-20 to 07-17]
dabbc1ee56
NEW
f4f090debc
NEW 		b5919931fe [1]
none [none]
none [none] 		ASM:Graph
none:none
none:none
 ASProtect|
none|none
none|none 		lines=90
none
none 		trace
none
none
04:48:00 WinXP 87.3.186.149 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
ROME, LAZIO, IT. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 cfd6e6801f
NEW 		none[none] none:none
 none|none none none
T:04:59:00 WinXP 217.164.218.6 (NET.AE):
EMIRATES INTERNET,
SHARJAH, ASH SHARIQAH, AE. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 181239b848
NEW 		none[4] none:none
 PolyEnE| none trace
T:05:05:00 Win2K-f 220.138.32.99 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		217.170.244.2:443  
CZ:217.170.244.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32 7057d9d709
NEW 		none[none] none:none
 none|none none none
05:11:00 Win2K-f 124.60.81.67 (-):
POWERCOM,
KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.66.126:80
US:205.128.79.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
32 of 33		 4c3df24b32
[Firefox:94 hits: 06-17 to 07-17]
58408136a4
[Firefox: 5 hits: 06-28 to 07-13] 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
T:05:32:00 WinXP 60.238.161.60 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
06:03:00 Win2K-f 123.0.89.163 (CC9.NE.JP):
CABLE TV CORPORATION,
JP. 		n/a   135 pcap raw alerts
ruleset 		other
1007 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 33 6d5d299e30
NEW 		none[none] none:none
 none|none none none
T:06:24:00 WinXP 118.165.15.131 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 a483ba8aa1
[Firefox: 6 hits: 07-09 to 07-16] 		none[none] none:none
 none|none none none
06:27:00 Win2K-f 60.238.161.60 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
06:46:00 Win2K-f 211.211.159.184 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
96 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 33		 168aab35a3
[Firefox:57 hits: 06-17 to 07-17]
4c3df24b32
[Firefox:94 hits: 06-17 to 07-17] 		none[4]
4c3df24b32[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:47:00 Win2K-f 122.53.177.97 (PLDT.NET):
IPG,
PH. 		72.10.172.211:8080 67.43.236.66:8080 CA:xx.nadnadzz.info
CA:xx.ka3ek.com
CA:67.43.226.242:8080
CA:67.43.236.66:8080
CA:67.43.236.98:10324
CA:67.43.236.99:10324
CA:72.10.172.211:8080 		135 pcap raw alerts
ruleset 		other
347 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 32 355cabe10f
NEW 		none[4] none:none
 StarForce| none trace
T:07:04:00 Win2K-f 222.235.160.21 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:ksn.a1001186.wrs.mcboo.com
HK:210.245.211.11:65520 		139 pcap raw alerts
ruleset 		irc
http
45 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 33
30 of 33
27 of 33		 897d59617c
[Firefox:48 hits: 06-28 to 07-01]
89ed8b8186
NEW
a014934a72
[Firefox:72 hits: 06-28 to 07-13] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:07:08:00 WinXP 65.6.237.201 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
PLAINFIELD, INDIANA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:sprw.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:489 hits: 05-04 to 07-16] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
07:15:00 Win2K-f 59.117.14.145 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:07:15:00 Win2K-f 75.136.138.237 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:28:00 Win2K-f 61.196.18.154 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
JP. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
07:42:00 Win2K-f 218.168.61.137 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:07:51:00 Win2K-f 61.230.84.78 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32 3e0b734da7
NEW 		none[4] none:none
 FSG| none trace
T:07:58:00 Win2K-f 4.227.11.68 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GALVESTON, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
08:23:00 WinXP 68.145.67.52 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.46.125:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
28 of 33		 4bc07024bd
NEW
b5ab89299f
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
08:32:00 WinXP 219.110.164.106 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:166 hits: 09-28 to 07-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
08:58:00 WinXP 92.40.244.146 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:204.160.126.126:80
HK:210.245.211.11:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
130 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32
none		 7452c8448d
[Firefox: 3 hits: 06-17 to 07-14]
fd9b49840f
[Firefox: 2 hits: 06-23 to 07-14] 		none[4]
fd9b49840f[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
08:58:00 Win2K-f 59.190.116.202 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 33 deae225172
NEW 		none[none] none:none
 none|none none none
09:18:00 WinXP 122.125.162.69 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:09:18:00 WinXP 202.216.52.252 (FLETS-A-WEST-1-10.DSN.JP):
DS NETWORKS CO,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:166 hits: 09-28 to 07-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:09:25:00 Win2K-f 218.162.48.216 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
shell
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 553f34eed3
NEW 		none[none] none:none
 none|none none none
T:09:41:00 Win2K-f 220.136.177.14 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
09:44:00 WinXP 220.108.202.219 (PLALA.OR.JP):
PLALA NETWORKS INC,
TOKYO, TOKYO, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:09:54:00 WinXP 70.118.255.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:10:11:00 WinXP 122.24.43.232 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
10:16:00 WinXP 189.20.201.220 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:738 hits: 05-01 to 07-16] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
10:23:00 Win2K-f 118.111.40.88 (-):
. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
10:38:00 WinXP 4.248.4.212 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
10:39:00 Win2K-f 218.162.107.132 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:10:52:00 WinXP 97.97.191.162 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17]
e07c29c4ae
[Firefox:104 hits: 06-19 to 07-17] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:10:59:00 Win2K-f 4.248.4.212 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
11:26:00 WinXP 4.226.60.133 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
11:40:00 WinXP 4.162.243.111 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ARLINGTON, TEXAS, US. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
250 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 7c13c0e82c
NEW
bd0d82c41c
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:40:00 WinXP 116.123.1.68 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:11:44:00 Win2K-f 122.146.83.79 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:45:00 Win2K-f 70.168.9.104 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.173.42:80
US:208.111.173.47:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
28 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
f685f8e027
[Firefox: 3 hits: 06-18 to 07-11] 		none[4]
f685f8e027[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
11:51:00 Win2K-f 97.94.109.225 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:01:00 Win2K-f 91.66.55.156 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 HK:proxim.ircgalaxy.pl
:f.unicat.org
HK:210.245.211.11:65520
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 79d36a1053
NEW 		none[none] none:none
 none|none none none
12:01:00 WinXP 88.147.224.109 (-):
VTSARATOV,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:03:00 Win2K-f 89.35.250.156 (DCN.RO):
SC DIGITAL CONSTRUCTION NETWORK SRL,
RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:04:00 Win2K-f 86.106.49.159 (UPCNET.RO):
SC UPC ROMANIA SA,
CLUJ-NAPOCA, CLUJ, RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:04:00 Win2K-f 91.65.136.92 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:05:00 Win2K-f 77.20.140.11 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:05:00 Win2K-f 91.66.23.202 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 6686b0fe5f
[Firefox: 3 hits: 06-06 to 07-13] 		none[4] none:none
 ASProtect| none trace
T:12:05:00 WinXP 91.64.16.126 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:05:00 WinXP 118.168.239.137 (-):
. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:08:00 WinXP 91.66.228.85 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:17:00 Win2K-f 91.65.136.92 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:17:00 Win2K-f 91.64.109.173 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:21:00 WinXP 85.250.68.150 (NETVISION.NET.IL):
BROADBAND-PT,
TEL AVIV, TEL AVIV, IL. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:24:00 WinXP 88.134.246.37 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:29:00 Win2K-f 212.233.218.109 (-):
NTL,
FR. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:29:00 Win2K-f 91.66.83.47 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:30:00 WinXP 79.163.3.155 (-):
IDEA,
PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:32:00 Win2K-f 61.227.80.53 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:33:00 WinXP 212.233.236.241 (-):
NTL,
FR. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:36:00 WinXP 89.35.250.156 (DCN.RO):
SC DIGITAL CONSTRUCTION NETWORK SRL,
RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:38:00 Win2K-f 61.227.80.53 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:42:00 WinXP 78.225.28.52 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 c5c8dc364c
NEW 		none[none] none:none
 none|none none none
12:44:00 Win2K-f 88.134.246.37 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:46:00 Win2K-f 83.168.163.117 (SWAN.SK):
CALLINO,
SK. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:50:00 WinXP 212.233.236.241 (-):
NTL,
FR. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
13:11:00 Win2K-f 82.207.50.1 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN DONECK,
UA. 		n/a HK:proxim.ircgalaxy.pl
CA:xx.nadnadzz.info
CA:xx.sqlteam.info
HK:210.245.211.11:65520
CA:67.43.236.98:10324
CA:67.43.236.98:5190
CA:67.43.236.99:10324
CA:67.43.236.99:5190 		445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 f5e263f1f0
NEW 		none[none] none:none
 none|none none none
T:13:12:00 WinXP 190.17.128.156 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1421 hits: 12-31 to 07-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:13:16:00 WinXP 81.56.147.188 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 fdccf59154
NEW 		none[none] none:none
 none|none none none
T:13:25:00 Win2K-f 212.233.218.109 (-):
NTL,
FR. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:326 hits: 03-31 to 07-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:25:00 WinXP 76.247.106.27 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33 af34a64bfe
NEW 		none[none] none:none
 none|none none none
T:13:32:00 WinXP 89.155.103.160 (-):
TVCABO PORTUGAL S.A,
PT. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1421 hits: 12-31 to 07-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
13:59:00 WinXP 72.13.146.188 (HWCCUSTOMERS.COM):
HOTWIRE COMMUNICATIONS PRIVATE CUSTOMER,
MIAMI, FLORIDA, US. 		n/a GB:new.egg.com
EU:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 32 7166c03b99
NEW 		none[none] none:none
 none|none none none
T:14:28:00 WinXP 4.230.153.33 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
14:30:00 Win2K-f 4.253.22.22 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VIDOR, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
14:33:00 Win2K-f 66.81.216.191 (O1.COM):
O1 DIALUP SERVICES,
SAN FRANCISCO, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:01:00 WinXP 219.110.164.106 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:166 hits: 09-28 to 07-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
15:05:00 Win2K-f 24.87.45.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:05:00 WinXP 41.214.161.119 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 31 743e51a884
[Firefox: 3 hits: 07-01 to 07-04] 		none[none] none:none
 none|none none none
T:15:09:00 Win2K-f 122.125.161.51 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
15:15:00 Win2K-f 65.34.30.26 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:18:00 WinXP 200.199.46.154 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 ea096a2bdf
[Firefox: 4 hits: 07-12 to 07-17] 		none[none] none:none
 none|none none none
15:21:00 WinXP 116.123.154.137 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.99.124:80
HK:210.245.211.11:65520
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
143 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
24 of 33		 6e2eaa0359
[Firefox: 2 hits: 07-10 to 07-12]
740e3bffe0
[Firefox: 3 hits: 06-25 to 07-12] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
15:27:00 WinXP 218.211.206.8 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:205.128.79.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:43:00 Win2K-f 61.231.98.18 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:15:58:00 Win2K-f 75.8.98.26 (SBCGLOBAL.NET):
PPPOX POOL - RBACK19.IRVNCA,
COMPTON, CALIFORNIA, US. (DSL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:16:01:00 WinXP 68.145.80.202 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:198.78.220.124:80
US:207.123.47.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33		 9d9054829c
[Firefox: 2 hits: 06-24 to 07-08]
b69118be9f
[Firefox: 2 hits: 06-24 to 07-08] 		none[4]
b69118be9f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
16:02:00 WinXP 81.131.26.12 (BTOPENWORLD.COM):
BT-WEBPORT,
LONDON, ENGLAND, UK. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:16:05:00 WinXP 81.9.224.197 (CM-81-9-211-10.TELECABLE.ES):
TELECABLE,
OVIEDO, ASTURIAS, ES. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
[Firefox: 8 hits: 07-08 to 07-17] 		none[none] none:none
 none|none none none
16:08:00 Win2K-f 210.79.183.59 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.44.125:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 3ed16ae12d
[Firefox: 5 hits: 06-19 to 07-11]
79c01ec060
[Firefox: 9 hits: 06-18 to 07-11] 		3ed16ae12d [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
16:13:00 WinXP 41.214.167.66 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 31 743e51a884
[Firefox: 3 hits: 07-01 to 07-04] 		none[none] none:none
 none|none none none
T:16:13:00 WinXP 41.214.167.66 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 31 743e51a884
[Firefox: 3 hits: 07-01 to 07-04] 		none[none] none:none
 none|none none none
T:16:13:00 Win2K-f 66.25.103.101 (RR.COM):
ROAD RUNNER HOLDCO LLC,
OVIEDO, FLORIDA, US. (100Mbps) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:16:17:00 WinXP 66.53.139.131 (FIRE2WIRE.COM):
FIRE 2 WIRE,
MARYSVILLE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.126:80
US:4.23.60.125:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:20:00 Win2K-f 122.146.224.130 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
254 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 dd98c3c108
[Firefox: 6 hits: 06-24 to 07-11]
e98746deb1
[Firefox: 5 hits: 06-24 to 07-06] 		dd98c3c108 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
16:31:00 Win2K-f 70.241.200.97 (SBCGLOBAL.NET):
DIAL POOL NAS1 LTRKAR,
BENTON, ARKANSAS, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
16:41:00 WinXP 71.65.27.108 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:166 hits: 09-28 to 07-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
16:44:00 Win2K-f 12.74.49.164 (ATT.NET):
AT&T WORLDNET SERVICES,
ANDERSON, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
179 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:47:00 Win2K-f 60.254.200.17 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32 29c516d5db
NEW 		none[none] none:none
 none|none none none
T:16:47:00 WinXP 88.31.251.234 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3212 hits: 12-31 to 07-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:53:00 Win2K-f 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:56:00 Win2K-f 68.196.253.211 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
EDISON, NEW JERSEY, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:17:03:00 Win2K-f 24.66.37.84 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:05:00 Win2K-f 218.251.107.247 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.90.2:443 		445 pcap raw alerts
ruleset 		shell
ftp
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 33 deae225172
NEW 		none[none] none:none
 none|none none none
17:07:00 WinXP 63.170.68.53 (TELEBARBADOS.COM):
ANTILLES CROSSING INTERNATIONAL,
GOODLAND, KANSAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:118 hits: 05-03 to 07-11] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:08:00 WinXP 63.170.68.53 (TELEBARBADOS.COM):
ANTILLES CROSSING INTERNATIONAL,
GOODLAND, KANSAS, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:118 hits: 05-03 to 07-11] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:14:00 Win2K-f 66.208.65.44 (WCTC.NET):
SOLARUS,
WISCONSIN RAPIDS, WISCONSIN, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
73f1082158
[Firefox:354 hits: 06-18 to 07-17]
b5919931fe
[Firefox:133 hits: 06-20 to 07-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:17:29:00 WinXP 4.167.195.222 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MIAMI, FLORIDA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		2 of 33 9609fd9311
NEW 		none[none] none:none
 none|none none none
T:17:30:00 WinXP 67.9.96.139 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:sprw.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 33
29 of 29		 382623979d
NEW
a12cab51ef
[Firefox:1122 hits: 05-01 to 07-16] 		none[none]
40f7f463c4[0] 		none:none
ASM:Graph
 none|none
ASPack| 		none
lines=281
embedded dns 		none
trace
T:18:22:00 Win2K-f 133.205.219.152 (MESH.AD.JP):
JAPAN NETWORK INFORMATION CENTER,
OSAKA, OSAKA, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:18:35:00 WinXP 24.100.17.191 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
shell
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:18:38:00 Win2K-f 125.200.95.176 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 802ec969fd
NEW 		none[none] none:none
 none|none none none
T:18:53:00 Win2K-f 122.120.44.235 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 c434d8c3a4
NEW 		none[none] none:none
 none|none none none
T:18:58:00 WinXP 125.58.79.60 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.44.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:01:00 Win2K-f 69.216.162.51 (-):
CITY OF NORWAY,
DETROIT, MICHIGAN, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.44.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
b7082104e4
[Firefox:50 hits: 06-18 to 07-17] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
19:13:00 WinXP 218.168.153.16 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
19:41:00 WinXP 222.239.30.169 (-):
INCHON CABLE TV NAMDONG BROADCAST,
INCHON, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
HK:210.245.211.11:65520
US:4.23.60.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
27 of 32		 59f7ed630c
NEW
bf3159a5dd
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
19:53:00 Win2K-f 125.224.2.229 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:19:58:00 WinXP 24.84.52.42 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.220.126:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 1a3a423319
[Firefox: 2 hits: 06-26 to 06-27]
d4c7af762e
[Firefox: 2 hits: 06-26 to 06-27] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:04:00 Win2K-f 4.224.96.165 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:20:35:00 WinXP 76.90.201.114 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 55fe9d9ade
[Firefox:51 hits: 05-03 to 06-20] 		4bce6c4887 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:20:39:00 WinXP 218.161.39.143 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:20:43:00 WinXP 12.74.56.159 (ATT.NET):
AT&T WORLDNET SERVICES,
ABILENE, TEXAS, US. (DIAL) 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
20:46:00 Win2K-f 218.161.39.143 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:20:48:00 Win2K-f 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32		 3cd7958258
[Firefox: 6 hits: 06-17 to 07-10]
41efedf70f
[Firefox: 5 hits: 06-19 to 07-10] 		none[4]
41efedf70f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
20:53:00 WinXP 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
118 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32		 3cd7958258
[Firefox: 6 hits: 06-17 to 07-10]
41efedf70f
[Firefox: 5 hits: 06-19 to 07-10] 		none[4]
41efedf70f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:21:03:00 Win2K-f 75.17.16.167 (SBCGLOBAL.NET):
RBACK34D.IRVNCA,
HOUSTON, TEXAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:04:00 WinXP 24.89.192.238 (EASTLINK.CA):
EASTLINK,
HALIFAX, NOVA SCOTIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:08:00 Win2K-f 172.193.36.44 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
1 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
c562e2226d
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:21:11:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:16:00 WinXP 76.176.87.113 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FALLBROOK, CALIFORNIA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
US:sprw.information.com 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 33
29 of 29		 dd01765c05
NEW
df17a625ee
[Firefox:489 hits: 05-04 to 07-16] 		none[none]
9bbdd086c5[0] 		none:none
ASM:Graph
 none|none
ASPack| 		none
lines=186
embedded dns 		none
trace
21:25:00 WinXP 70.184.3.66 (COX.NET):
COX COMMUNICATIONS,
WARNER ROBINS, GEORGIA, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 87e1117f2a
NEW
b4fe4581c3
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:36:00 Win2K-f 61.229.172.217 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:41:00 Win2K-f 61.229.172.217 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:21:48:00 WinXP 70.168.9.35 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17]
e07c29c4ae
[Firefox:104 hits: 06-19 to 07-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:21:52:00 WinXP 98.25.97.90 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1421 hits: 12-31 to 07-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:21:54:00 Win2K-f 124.195.155.29 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
93 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:56:00 Win2K-f 75.63.207.56 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
DALLAS, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.110.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:01:00 WinXP 203.91.167.161 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:207.123.44.125:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:729 hits: 06-17 to 07-17]
a08f3b74a4
[Firefox:235 hits: 06-18 to 07-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:04:00 Win2K-f 85.181.10.77 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:05:00 Win2K-f 218.211.223.185 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:22:11:00 WinXP 63.19.97.153 (UU.NET):
UUNET TECHNOLOGIES INC,
CECILIA, KENTUCKY, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
DE:ebookfinaltrash.ru
:wpad
US:204.13.161.51:80
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1122 hits: 05-01 to 07-16] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:22:29:00 Win2K-f 118.108.109.145 (-):
. 		217.170.244.2:443  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:22:40:00 Win2K-f 75.49.185.25 (SBCGLOBAL.NET):
SOCAL COMPUTERS,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		http
307 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 33
0 of 32		 2a4ec56dfe
NEW
37de553249
NEW
b5919931fe
[Firefox:133 hits: 06-20 to 07-17] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
22:42:00 WinXP 122.125.161.51 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:46:00 WinXP 118.236.247.72 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 3b4e3deb2a
NEW 		none[none] none:none
 none|none none none
T:22:51:00 Win2K-f 12.72.53.66 (ATT.NET):
AT&T WORLDNET SERVICES,
LAKE ELSINORE, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:03:00 WinXP 24.84.161.44 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:317 hits: 05-01 to 07-15] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:23:03:00 WinXP 24.84.161.44 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:317 hits: 05-01 to 07-15] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:23:06:00 Win2K-f 61.231.148.9 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		217.170.244.2:443   445 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
T:23:09:00 WinXP 99.11.78.41 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
999 lines 		Yeah : 1.3
profile 		none summary
tarball 		9 of 33 1f8cd4c49d
NEW 		none[none] none:none
 none|none none none
T:23:50:00 WinXP 218.164.145.160 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:51:00 Win2K-f 218.47.188.66 (PLALA.OR.JP):
PLALA NETWORKS INC,
KAWAGOE, SAITAMA, JP. 		n/a  
CZ:217.170.244.2:443
CZ:82.114.64.251:443 		445 pcap raw alerts
ruleset 		shell
ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 28 7fdfe363d5
[Firefox:2965 hits: 12-31 to 07-17] 		10862ea8b8 [0] ASM:Graph
 FSG| lines=1933
embedded dns 		trace
23:53:00 WinXP 118.236.147.9 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:59:00 Win2K-f 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:ksn.a1001186.wrs.mcboo.com
US:microsoft.com
US:206.251.244.226:80 		135 pcap raw alerts
ruleset 		irc
http
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none