Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 July 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:13:00 WinXP 66.60.210.74 (NEWULMTEL.NET):
NEW ULM TELECOM INC,
NEW ULM, MINNESOTA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:205.128.79.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:13:00 Win2K-f 75.143.199.121 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:205.128.79.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
29 of 35		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
692f0b6760
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:00:18:00 Win2K-f 125.181.167.38 (-):
POWC-211,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.44.124:80
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
http
104 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 35
32 of 33		 1d569ef2a7
NEW
58408136a4
[Firefox: 6 hits: 06-28 to 07-18] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:00:21:00 WinXP 123.214.225.68 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:199.93.44.124:80
US:205.128.79.125:80
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		0 of 32
29 of 32		 73f1082158
[Firefox:471 hits: 06-18 to 07-26]
9d677c3f70
[Firefox: 3 hits: 06-20 to 07-26] 		73f1082158 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
00:44:00 WinXP 75.63.207.56 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
DALLAS, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.44.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:52:00 WinXP 193.248.114.102 (ABO.WANADOO.FR):
WANADOO FRANCE,
BREST, BRETAGNE, FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:59 hits: 12-14 to 07-26] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
01:00:00 Win2K-f 67.1.14.238 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
MERIDIAN, IDAHO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
121 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:04:00 WinXP 116.59.243.199 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:01:11:00 Win2K-f 218.210.137.61 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:205.128.66.124:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
382 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 49f8b27cca
NEW
e414dccc52
NEW 		49f8b27cca [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
ASProtect| 		lines=82
none 		trace
trace
T:01:21:00 WinXP 69.232.237.217 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:207.123.37.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:26:00 Win2K-f 203.140.243.212 (KCT.AD.JP):
KCT CORPORATION,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
307 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 35 66aff298fe
NEW 		none[none] none:none
 none|none none none
02:00:00 WinXP 24.85.45.15 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 509b3029f8
[Firefox: 2 hits: 07-25 to 07-25] 		none[none] none:none
 none|none none none
T:02:15:00 WinXP 122.26.226.201 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:746 hits: 07-11 to 07-26] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:02:24:00 Win2K-f 125.58.98.162 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26]
b5919931fe
[Firefox:156 hits: 06-20 to 07-26] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
02:33:00 WinXP 219.97.166.107 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:03:04:00 Win2K-f 203.140.243.212 (KCT.AD.JP):
KCT CORPORATION,
JP. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
317 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 35 66aff298fe
NEW 		none[none] none:none
 none|none none none
T:03:05:00 Win2K-f 70.70.221.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
03:10:00 Win2K-f 71.70.219.17 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GOLDSBORO, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:12:00 WinXP 220.220.133.202 (PLALA.OR.JP):
NTT COMMUNICATIONS CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:59:00 WinXP 24.86.194.115 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
268 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32 e759d2b517
[Firefox: 4 hits: 06-21 to 07-02] 		none[4] none:none
 PolyEnE| none trace
T:04:01:00 WinXP 218.168.64.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
04:32:00 WinXP 117.96.3.233 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 ed67210b9b
NEW 		none[none] none:none
 none|none none none
T:04:32:00 Win2K-f 222.239.170.219 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80
HK:210.245.211.11:65520
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
109 lines 		Yeah : 1.8
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:117 hits: 06-17 to 07-26]
8390780c27
[Firefox:25 hits: 06-18 to 07-26] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
04:55:00 WinXP 196.208.89.171 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.124:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
05:08:00 WinXP 12.76.155.195 (ATT.NET):
AT&T WORLDNET SERVICES,
SHELTON, CONNECTICUT, US. (DIAL) 		n/a EU:siliconfireware.ru
:www.proxy-socks.net
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1137 hits: 05-01 to 07-26] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
05:10:00 WinXP 119.72.88.95 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1447 hits: 12-31 to 07-26] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:05:10:00 WinXP 119.72.88.95 (-):
. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1447 hits: 12-31 to 07-26] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
05:30:00 WinXP 220.108.28.160 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
06:06:00 WinXP 121.124.123.62 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
[Firefox: 9 hits: 06-21 to 07-23]
58c343a8d8
[Firefox:10 hits: 06-21 to 07-23] 		none[4]
58c343a8d8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:06:11:00 Win2K-f 212.183.67.137 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
06:13:00 WinXP 118.236.101.237 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox:17 hits: 06-22 to 07-26] 		none[4] none:none
 none|none none trace
07:07:00 Win2K-f 222.239.170.219 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:206.33.45.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32		 4c3df24b32
[Firefox:117 hits: 06-17 to 07-26]
8390780c27
[Firefox:25 hits: 06-18 to 07-26] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
07:15:00 WinXP 209.226.132.177 (BELL.CA):
BELL CANADA,
LINSDAY, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
182 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:25:00 Win2K-f 75.85.112.104 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PLACENTIA, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:41:00 WinXP 155.239.58.158 (TELKOM-IPNET.CO.ZA):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:59 hits: 12-14 to 07-26] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
07:46:00 WinXP 118.240.39.36 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:746 hits: 07-11 to 07-26] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:08:18:00 Win2K-f 218.211.65.183 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
08:23:00 Win2K-f 170.51.101.111 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:39:00 WinXP 4.224.36.197 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CINCINNATI, OHIO, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.42:80 		135 pcap raw alerts
ruleset 		other
107 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:49:00 WinXP 121.84.149.243 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:09:08:00 WinXP 118.7.67.175 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:09:00 WinXP 66.101.65.1 (VINEYARD.NET):
EDUCOMP INC,
OAK BLUFFS, MASSACHUSETTS, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:09:17:00 WinXP 68.197.118.228 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
LODI, NEW JERSEY, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:09:27:00 WinXP 190.137.254.199 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 7f6ea12654
[Firefox: 7 hits: 07-13 to 07-25] 		none[none] none:none
 none|none none none
09:28:00 Win2K-f 61.34.136.26 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.46.125:80
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
29 of 32		 57ce4acac2
[Firefox:81 hits: 06-17 to 07-26]
83f26f5044
[Firefox:16 hits: 06-20 to 07-26] 		57ce4acac2 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
09:37:00 WinXP 217.151.135.242 (GAZSVYAZ.RU):
GAZSVYAZ-MSK,
RU. 		n/a DE:siliconfireware.ru
RU:www.bbin.ru
:wpad
RU:195.200.213.52:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1137 hits: 05-01 to 07-26] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:09:41:00 WinXP 204.193.218.2 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 34 4c171459ff
NEW 		none[none] none:none
 none|none none none
09:49:00 WinXP 170.51.128.61 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
09:53:00 WinXP 130.13.119.77 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
198 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 34 07ad6afc45
NEW 		none[none] none:none
 none|none none none
T:09:53:00 Win2K-f 130.13.119.77 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.143.2:80 		445 pcap raw alerts
ruleset 		shell
ftp
irc
212 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 34 07ad6afc45
NEW 		none[none] none:none
 none|none none none
T:10:02:00 WinXP 124.195.159.68 (-):
. 		67.43.236.98:5190 HK:proxim.ircgalaxy.pl
CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
US:130.107.149.33:55158
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		irc
http
344 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 34
16 of 35
8 of 35
13 of 35		 1c19adfbb5
NEW
474312616d
NEW
62376cb971
NEW
f82e1a0066
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:10:09:00 Win2K-f 130.13.17.244 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 07e8575141
NEW 		none[none] none:none
 none|none none none
T:10:43:00 Win2K-f 170.51.51.215 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
10:56:00 WinXP 68.146.119.40 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 34 917f99560a
[Firefox: 3 hits: 07-22 to 07-22] 		none[none] none:none
 none|none none none
11:33:00 WinXP 4.175.249.46 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITEHALL, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.44.126:80
US:199.93.46.124:80 		135 pcap raw alerts
ruleset 		other
163 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:53:00 WinXP 24.87.45.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:01:00 WinXP 209.216.178.102 (GORGE.NET):
GORGE NETWORKS INC,
HOOD RIVER, OREGON, US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:10:00 WinXP 83.25.88.50 (TPNET.PL):
NEOSTRADA PLUS,
GDANSK, POMORSKIE, PL. (DSL) 		194.54.90.246:80 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 34 d0a6e01449
NEW 		none[none] none:none
 none|none none none
12:17:00 WinXP 206.248.81.61 (CHOICECABLE.NET):
PONCE SITE - CHOICE CABLE TV,
PONCE, PUERTO RICO, PR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 34 e33940cb85
NEW 		none[none] none:none
 none|none none none
12:45:00 Win2K-f 4.174.19.53 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ORLANDO, FLORIDA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:51:00 WinXP 24.59.8.171 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROME, NEW YORK, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:13:14:00 Win2K-f 24.80.174.52 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
13:25:00 WinXP 62.201.100.242 (T-ONLINE.HU):
T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL),
HU. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 ed67210b9b
NEW 		none[none] none:none
 none|none none none
T:13:36:00 Win2K-f 219.71.115.11 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		http
189 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
30 of 35
0 of 32		 017226a316
NEW
9b03689ec5
NEW
b5919931fe
[Firefox:156 hits: 06-20 to 07-26] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
13:41:00 WinXP 4.244.81.186 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:46:00 Win2K-f 170.51.111.115 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:13:55:00 WinXP 75.137.152.32 (CHARTER.COM):
CHARTER COMMUNICATIONS,
CARROLLTON, GEORGIA, US. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 35 a40ec6f7e3
[Firefox: 2 hits: 07-26 to 07-26] 		none[none] none:none
 none|none none none
T:13:55:00 Win2K-f 170.51.139.13 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
13:57:00 WinXP 208.102.239.94 (FUSE.NET):
FUSE INTERNET ACCESS,
CINCINNATI, OHIO, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 ea096a2bdf
[Firefox:11 hits: 07-12 to 07-23] 		none[none] none:none
 none|none none none
T:14:02:00 WinXP 98.141.178.102 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:09:00 Win2K-f 72.175.161.249 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
14:16:00 Win2K-f 172.162.43.130 (AOL.COM):
AMERICA ONLINE,
US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:14:24:00 WinXP 66.25.69.215 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1447 hits: 12-31 to 07-26] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
14:25:00 WinXP 70.238.51.28 (-):
VUE INC,
SEARCY, ARKANSAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.220.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
14:29:00 Win2K-f 170.51.80.249 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 4de42f8aea
NEW 		none[none] none:none
 none|none none none
T:14:32:00 Win2K-f 122.146.225.25 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26]
b5919931fe
[Firefox:156 hits: 06-20 to 07-26] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
15:03:00 WinXP 68.197.118.228 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
LODI, NEW JERSEY, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:13:00 Win2K-f 172.191.244.68 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:205.128.79.124:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:42:00 Win2K-f 70.76.139.162 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
377 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 9a91743938
[Firefox: 4 hits: 07-03 to 07-26] 		none[none] none:none
 none|none none none
15:43:00 Win2K-f 4.160.216.64 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GREENSBURG, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.79.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
109 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:09:00 WinXP 4.231.130.138 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUSTIN, TEXAS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:45:00 Win2K-f 99.170.21.97 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:47:00 WinXP 210.79.157.22 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKOROZAWA, SAITAMA, JP. 		n/a   445 pcap raw alerts
ruleset 		other
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:04:00 Win2K-f 172.135.148.103 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80 		135 pcap raw alerts
ruleset 		other
117 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 3373948767
[Firefox:10 hits: 07-03 to 07-21]
c73f738c30
[Firefox:10 hits: 07-03 to 07-21] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:17:08:00 WinXP 209.213.9.148 (SSLISP.COM):
ELTOPIA.COM LLC,
PASCO, WASHINGTON, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:11:00 Win2K-f 12.74.68.173 (ATT.NET):
AT&T WORLDNET SERVICES,
MORRISTOWN, NEW JERSEY, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.115:80 		135 pcap raw alerts
ruleset 		other
153 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:17:15:00 WinXP 71.119.238.41 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
YUCAIPA, CALIFORNIA, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1447 hits: 12-31 to 07-26] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
17:25:00 WinXP 121.84.82.144 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a HK:proxim.ircgalaxy.pl
RU:mxs.mail.ru
US:mail.earthlink.net
US:yutunrz.1dumb.com
US:mx1.hotmail.com
US:mailin-01.mx.aol.com
US:mailin-04.mx.aol.com
US:mcduii.3-a.net
:jdjsloy.dynserv.com
**:wyqggvow.afraid.org
**:nttstziinpa.hn.org
US:fcnhysydw.yi.org
US:dlivmg.1dumb.com
US:neytteybbo.3-a.net
US:143.215.15.145:80
US:143.215.15.60:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 35 e8558d5eae
NEW 		none[none] none:none
 none|none none none
T:17:32:00 Win2K-f 72.67.206.76 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:34:00 WinXP 63.21.121.100 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1137 hits: 05-01 to 07-26] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:17:35:00 WinXP 219.110.153.248 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:39:00 WinXP 219.110.153.248 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:17:58:00 Win2K-f 4.172.147.132 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOKLYN, NEW YORK, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:01:00 WinXP 122.30.138.25 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:746 hits: 07-11 to 07-26] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
18:24:00 Win2K-f 170.51.155.228 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:18:26:00 WinXP 97.93.77.213 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:27:00 WinXP 97.93.77.213 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:32:00 WinXP 61.224.127.24 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:18:46:00 WinXP 222.144.100.159 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:215 hits: 09-28 to 07-26] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:19:01:00 Win2K-f 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
http
142 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
29 of 33		 686d4ca67b
NEW
b7e379b157
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
19:02:00 WinXP 114.120.9.157 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
19:03:00 WinXP 96.254.105.29 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:207.123.47.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
a08f3b74a4
[Firefox:306 hits: 06-18 to 07-26] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:05:00 Win2K-f 216.30.192.4 (-):
JOY'S JAPANIMATION,
GREENSBURG, PENNSYLVANIA, US. (100Mbps) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 dc20b6fe59
[Firefox: 8 hits: 06-23 to 07-20]
f97070ef2b
[Firefox: 8 hits: 06-23 to 07-20] 		dc20b6fe59 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=81
none 		trace
trace
19:07:00 WinXP 190.51.255.102 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 35 89c318e39d
NEW 		none[none] none:none
 none|none none none
T:19:10:00 Win2K-f 66.60.210.74 (NEWULMTEL.NET):
NEW ULM TELECOM INC,
NEW ULM, MINNESOTA, US. 		n/a :xx.nadnadzz.info
CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info
US:130.107.236.61:47445 		135 pcap raw alerts
ruleset 		irc
http
290 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 35
16 of 35
8 of 35
13 of 35		 24d9bb993f
NEW
474312616d
NEW
62376cb971
NEW
f82e1a0066
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
19:21:00 Win2K-f 170.51.161.168 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
20:05:00 Win2K-f 70.121.14.61 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
US:207.123.44.125:80
US:207.123.46.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
31 of 33		 23b2288763
NEW
ef8dc9850c
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:18:00 WinXP 170.51.138.96 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:40:00 Win2K-f 119.95.128.185 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:07:00 Win2K-f 116.126.197.205 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.79.126:80
US:207.123.37.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
[Firefox:71 hits: 06-17 to 07-26]
667f0c59f3
[Firefox: 6 hits: 07-04 to 07-24] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:21:30:00 WinXP 60.234.102.213 (ORCON.NET.NZ):
ORCON INTERNET LTD SUPPORT,
AUCKLAND, AUCKLAND, NZ. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
21:30:00 WinXP 170.51.88.142 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 35 7934c03d62
NEW 		none[none] none:none
 none|none none none
21:49:00 Win2K-f 219.249.4.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
33 of 35		 168aab35a3
[Firefox:71 hits: 06-17 to 07-26]
f7738e7352
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
21:59:00 WinXP 116.126.181.79 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:205.128.79.124:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox:11 hits: 06-20 to 07-25]
9276c8b36b
[Firefox:11 hits: 06-20 to 07-25] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:14:00 WinXP 98.175.30.79 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.115:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:15:00 WinXP 216.211.252.176 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 a483ba8aa1
[Firefox:11 hits: 07-09 to 07-23] 		none[none] none:none
 none|none none none
22:48:00 WinXP 210.139.205.234 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
JP. 		n/a EU:siliconfireware.ru
:wpad
RU:www.bbin.ru
RU:195.200.213.52:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:498 hits: 05-04 to 07-25] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:22:51:00 Win2K-f 4.175.249.37 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITEHALL, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80
US:205.128.79.124:80 		135 pcap raw alerts
ruleset 		other
136 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:946 hits: 06-17 to 07-26]
73f1082158
[Firefox:471 hits: 06-18 to 07-26] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:56:00 Win2K-f 124.111.123.99 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80
US:205.128.79.124:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 1509c8d024
[Firefox:11 hits: 06-17 to 07-25]
bd3f6e4ea3
[Firefox: 4 hits: 07-07 to 07-25] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
22:59:00 WinXP 114.120.99.163 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:22:59:00 WinXP 114.120.99.163 (-):
. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3268 hits: 12-31 to 07-26] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
23:12:00 Win2K-f 122.146.82.183 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:17:00 WinXP 130.13.152.31 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667   139 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
NEW 		none[none] none:none
 none|none none none
23:18:00 Win2K-f 130.13.152.31 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		25 of 35 7377a34aeb
NEW 		none[none] none:none
 none|none none none
23:39:00 WinXP 84.72.101.99 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:505 hits: 12-31 to 07-25] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:23:51:00 WinXP 96.15.122.118 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.124:80
US:205.128.66.126:80
HK:210.245.211.11:65520
DE:85.114.143.2:80 		135 pcap raw alerts
ruleset 		irc
138 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 33
31 of 33		 6d86a1ff5a
[Firefox:22 hits: 06-25 to 07-26]
7f6e032fc0
[Firefox:22 hits: 06-25 to 07-26] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:23:57:00 WinXP 212.183.73.39 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
GRAZ, STEIERMARK, AT. (DSL) 		64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:27 hits: 05-22 to 07-26] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace