Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

05 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:07:00 Win2K-f 121.73.10.69 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		67.43.236.99:5190 CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
US:130.107.176.154:35503
CA:72.10.166.195:80 		135 pcap raw alerts
ruleset 		irc
http
545 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
14 of 36
15 of 36
14 of 36		 8f02a694dd
NEW
9b09258622
NEW
b6e55274d0
NEW
cd0d825f7a
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:00:39:00 WinXP 222.239.165.149 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
[Firefox:12 hits: 06-21 to 08-04]
58c343a8d8
[Firefox:13 hits: 06-21 to 08-04] 		none[4]
58c343a8d8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
01:04:00 Win2K-f 67.62.51.160 (CAVTEL.NET):
CAVALIER,
BALTIMORE, MARYLAND, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:05:00 Win2K-f 75.16.255.87 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:06:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
01:07:00 Win2K-f 118.217.20.32 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxima.ircgalaxy.pl
US:208.111.148.15:80
HK:210.245.211.11:65520
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
34 of 36		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a2e1613c42
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
01:11:00 WinXP 75.40.135.141 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:36:00 Win2K-f 218.239.82.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:126 hits: 06-17 to 08-04]
53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
01:42:00 Win2K-f 208.127.8.130 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a CA:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset 		irc
221 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 32 5aeb9abc92
[Firefox: 5 hits: 07-15 to 08-04] 		none[none] none:none
 none|none none none
01:47:00 Win2K-f 211.208.216.185 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
none
0 of 32		 4c3df24b32
[Firefox:126 hits: 06-17 to 08-04]
6a4845ca11
[Firefox: 6 hits: 06-27 to 07-15]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		4c3df24b32 [1]
none [none]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
none|none
ASProtect| 		lines=81
none
lines=90 		trace
none
trace
01:50:00 Win2K-f 118.220.60.57 (-):
. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
[Firefox:81 hits: 06-17 to 08-04]
667f0c59f3
[Firefox:10 hits: 07-04 to 08-04] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:02:54:00 WinXP 218.160.68.189 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 ba4da2e65e
NEW 		none[none] none:none
 none|none none none
02:59:00 WinXP 62.180.208.146 (IGNITE.NET):
BT-IGNITE DIAL-IN,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:03:10:00 WinXP 218.210.225.206 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a  
HK:210.245.211.11:65520
TW:218.210.225.206:707 		135 pcap raw alerts
ruleset 		other
6 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:03:24:00 Win2K-f 24.87.46.107 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 		72.10.172.218:9928 CA:teek.ihshsd8.com 135 pcap raw alerts
ruleset 		irc
624 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33 e3d90a3753
[Firefox: 2 hits: 07-20 to 07-28] 		none[none] none:none
 none|none none none
T:03:43:00 WinXP 222.150.9.1 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:234 hits: 01-05 to 08-04] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:48:00 Win2K-f 67.48.115.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LEES SUMMIT, MISSOURI, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:49:00 WinXP 206.171.179.241 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:09:00 WinXP 196.208.45.8 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. 		n/a   135 pcap raw alerts
ruleset 		other
1029 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 36 48eb22b404
NEW 		none[none] none:none
 none|none none none
T:04:21:00 WinXP 62.241.125.28 (EVC.NET):
DHCP POOL EVC,
BASEL, BASEL-STADT, CH. 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox: 3 hits: 08-02 to 08-04] 		none[none] none:none
 none|none none none
04:40:00 WinXP 218.210.225.206 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.37.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:50:00 Win2K-f 218.211.223.175 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:05:04:00 WinXP 123.220.86.99 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 996e09cd66
NEW 		none[none] none:none
 none|none none none
05:13:00 WinXP 220.145.38.166 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:234 hits: 01-05 to 08-04] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:16:00 WinXP 118.7.143.36 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:234 hits: 01-05 to 08-04] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:22:00 Win2K-f 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 32		 3cd7958258
[Firefox:17 hits: 06-17 to 08-02]
41efedf70f
[Firefox:16 hits: 06-19 to 08-02]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
41efedf70f[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
05:35:00 WinXP 207.14.219.93 (SPRINTSVC.NET):
KNOXY.NET INC,
HOLDEN, MISSOURI, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
53 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
T:05:46:00 WinXP 64.139.104.242 (RCABLETV.COM):
NCI DATA.COM INC,
REPUBLIC, WASHINGTON, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:49:00 WinXP 84.221.183.36 (CUST-ADSL.TISCALI.IT):
TISCALI ITALIA SPA,
BARI, PUGLIA, IT. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:912 hits: 12-31 to 08-04] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:05:56:00 Win2K-f 4.153.53.201 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GALLATIN, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
05:57:00 WinXP 81.97.156.216 (NTL.COM):
NTL INFRASTRUCTURE - OLDHAM,
MANCHESTER, ENGLAND, UK. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
US:204.13.161.51:80 		445 pcap raw alerts
ruleset 		http
http
http
http
32 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29
0 of 36		 a12cab51ef
[Firefox:426 hits: 01-01 to 08-04]
ed09ab098b
NEW 		40f7f463c4 [0]
none [none] 		ASM:Graph
none:none
 ASPack|
none|none 		lines=281
embedded dns
none 		trace
none
06:05:00 Win2K-f 130.13.144.163 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		92.114.4.2:6667 :irc.qifort.rr.nu 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		23 of 36 3de9abec19
[Firefox: 3 hits: 08-02 to 08-02] 		none[none] none:none
 none|none none none
T:06:08:00 WinXP 130.13.144.163 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a :irc.qifort.rr.nu
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 36 3de9abec19
[Firefox: 3 hits: 08-02 to 08-02] 		none[none] none:none
 none|none none none
06:12:00 WinXP 123.220.86.99 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 996e09cd66
NEW 		none[none] none:none
 none|none none none
T:06:12:00 WinXP 66.50.89.11 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:912 hits: 12-31 to 08-04] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:13:00 Win2K-f 172.168.7.168 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80 		135 pcap raw alerts
ruleset 		http
96 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
06:24:00 WinXP 70.131.34.130 (PACBELL.NET):
AT&T INTERNET SERVICES,
LIBERTYVILLE, ILLINOIS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:453 hits: 01-01 to 08-04] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
06:50:00 WinXP 69.105.31.245 (PACBELL.NET):
PPPOX POOL - RBACK4.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:205.128.79.126:80
US:206.33.43.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:09:00 Win2K-f 71.148.35.37 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:10:00 WinXP 125.172.52.212 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:453 hits: 01-01 to 08-04] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
07:13:00 WinXP 208.84.201.89 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.66.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
b7082104e4
[Firefox:68 hits: 06-18 to 08-04] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
07:22:00 Win2K-f 170.51.211.0 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 5e51742035
NEW 		none[none] none:none
 none|none none none
07:31:00 WinXP 194.208.177.9 (TELE.NET):
TELEPORT C&S GMBH,
AT. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
07:33:00 WinXP 130.13.222.0 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		ftp
185 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 35 d190f1f6c6
[Firefox: 8 hits: 07-29 to 08-02] 		none[none] none:none
 none|none none none
T:07:34:00 Win2K-f 121.254.117.25 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:48:00 WinXP 218.160.56.45 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 ba4da2e65e
NEW 		none[none] none:none
 none|none none none
T:07:56:00 WinXP 85.127.117.53 (-):
LAC4-VIECH4-DYNAMIC-IPS,
AT. 		92.114.4.2:6667 :irc.qifort.rr.nu 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 36 db5186af31
NEW 		none[none] none:none
 none|none none none
07:57:00 Win2K-f 85.127.117.53 (-):
LAC4-VIECH4-DYNAMIC-IPS,
AT. 		92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 36 db5186af31
NEW 		none[none] none:none
 none|none none none
T:07:58:00 Win2K-f 97.94.114.28 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:59:00 WinXP 170.51.105.232 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
08:03:00 Win2K-f 85.207.191.228 (BLUETONE.CZ):
XDSL NORTH MORAVIA,
BRNO, JIHOMORAVSKY KRAJ, CZ. (DSL) 		92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 36 dd0a240cb1
NEW 		none[none] none:none
 none|none none none
08:03:00 WinXP 85.207.175.12 (BLUETONE.CZ):
XDSL MORAVIA,
BRNO, JIHOMORAVSKY KRAJ, CZ. (DSL) 		92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 36 75d6140ae5
NEW 		none[none] none:none
 none|none none none
08:06:00 Win2K-f 116.127.206.183 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:dl2.teenpassage.com
US:206.33.45.125:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
116 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 36
34 of 36		 0423cf032e
NEW
abfd90f95a
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
08:11:00 Win2K-f 97.94.114.28 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:12:00 WinXP 218.164.22.36 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
6 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox: 9 hits: 04-05 to 08-01] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
08:14:00 WinXP 85.137.29.64 (ONO.COM):
CABLEMODEM-AUNA-ZONA-SUR,
MADRID, MADRID, ES. 		92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		16 of 36 db5186af31
NEW 		none[none] none:none
 none|none none none
T:08:16:00 Win2K-f 85.137.29.64 (ONO.COM):
CABLEMODEM-AUNA-ZONA-SUR,
MADRID, MADRID, ES. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		16 of 36 db5186af31
NEW 		none[none] none:none
 none|none none none
08:29:00 Win2K-f 89.51.91.30 (PPPOOL.DE):
FREENET CITYLINE GMBH,
DE. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:42:00 WinXP 69.132.0.68 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:78 hits: 01-03 to 07-29] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:09:39:00 WinXP 88.193.108.33 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox: 9 hits: 04-05 to 08-01] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
09:41:00 WinXP 88.193.108.33 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox: 9 hits: 04-05 to 08-01] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
09:48:00 WinXP 189.51.133.164 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
09:52:00 WinXP 62.180.168.207 (IGNITE.NET):
BT IGNITE DIAL-IN,
DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:09:54:00 Win2K-f 76.226.96.162 (SBCGLOBAL.NET):
PPPOX SE3.SFLDMI,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:58:00 WinXP 69.89.162.232 (QCOL.NET):
QCOL INC,
ADDISON, PENNSYLVANIA, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:09:59:00 Win2K-f 201.213.60.244 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
10:12:00 WinXP 67.1.55.153 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
MARCOLA, OREGON, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		http
132 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 33		 0617ab2cf7
NEW
b33f1ae548
NEW
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
10:18:00 Win2K-f 170.51.156.197 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
10:19:00 Win2K-f 170.51.204.113 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
10:24:00 Win2K-f 170.51.105.232 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:10:28:00 Win2K-f 70.168.9.104 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:206.33.43.126:80
US:207.123.42.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
28 of 33		 da00a8e7a1
NEW
f685f8e027
[Firefox: 4 hits: 06-18 to 07-18] 		none[none]
f685f8e027[1] 		none:none
ASM:Graph
 none|none
Armadillo| 		none
lines=82 		none
trace
10:41:00 WinXP 166.230.140.160 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:285 hits: 12-31 to 08-04] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:10:43:00 WinXP 190.188.210.171 (NET.AR):
PRIMA S.A,
AR. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 dae77d66f3
[Firefox: 8 hits: 07-08 to 07-29] 		none[none] none:none
 none|none none none
10:49:00 WinXP 89.32.32.56 (AIRBITES.RO):
SC ISP TOPALL SRL,
RO. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 7bff4f7b36
NEW 		none[none] none:none
 none|none none none
11:00:00 Win2K-f 122.132.188.98 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
11:06:00 Win2K-f 92.32.80.87 (IKBCC.COM):
EU-ZZ,
UK. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:06:00 Win2K-f 61.217.106.159 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:06:00 WinXP 91.64.143.75 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:07:00 Win2K-f 78.131.107.100 (-):
EMKTV DEBRECEN DOCSIS,
BUCHAREST, BUCURESTI, RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:07:00 Win2K-f 88.161.150.95 (PROXAD.NET):
PROXAD / FREE SAS,
FOURMIES, NORD-PAS-DE-CALAIS, FR. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:07:00 WinXP 190.26.38.115 (-):
. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:08:00 WinXP 85.94.103.80 (CRNAGORA.NET):
INTERNET CRNA GORA ADSL,
CS. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:08:00 WinXP 125.224.86.112 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:09:00 WinXP 78.131.107.100 (-):
EMKTV DEBRECEN DOCSIS,
BUCHAREST, BUCURESTI, RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:09:00 Win2K-f 94.50.6.13 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:12:00 Win2K-f 89.136.88.235 (-):
ASTRAL MIERCUREA CIUC DOCSIS NETWORK,
RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:35:00 Win2K-f 207.144.168.202 (SPIRITTELECOM.COM):
CHESTER TELEPHONE COMPANY,
CHESTER, SOUTH CAROLINA, US. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 342558e090
NEW 		none[none] none:none
 none|none none none
11:43:00 WinXP 125.224.86.112 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
http
532 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
13 of 31
12 of 36		 97e14fd904
NEW
e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29]
ffb8969e88
NEW 		none[none]
fda109a6fd[0]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=583
embedded dns
none 		none
trace
none
11:44:00 Win2K-f 88.254.108.62 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ULUS,
ANKARA, ANKARA, TR. 		n/a   445 pcap raw alerts
ruleset 		ftp
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:273 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
11:44:00 Win2K-f 88.161.150.95 (PROXAD.NET):
PROXAD / FREE SAS,
FOURMIES, NORD-PAS-DE-CALAIS, FR. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:46:00 WinXP 84.187.96.52 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 		118.236.126.84:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
56 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36 4db283bb0f
NEW 		none[none] none:none
 none|none none none
11:48:00 Win2K-f 213.242.234.228 (-):
PPTP CONNECTIONS,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
T:12:00:00 WinXP 78.150.229.161 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 36 088a2c88f9
NEW 		none[none] none:none
 none|none none none
12:07:00 WinXP 98.28.240.80 (-):
. 		n/a RU:moscow-advokat.ru
:irc.kar.net
:flanders.be.eu.undernet.org
RU:irc.tsk.ru
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
:washington.dc.us.undernet.org
US:lia.zanet.net
FI:london.uk.eu.undernet.org 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:30 hits: 01-14 to 07-12] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
T:12:08:00 WinXP 78.96.66.48 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:09:00 Win2K-f 91.85.142.153 (ECLIPSE.NET.UK):
ECLIPSE NETWORKING LIMITED,
UK. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
12:16:00 Win2K-f 122.26.204.172 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		118.236.126.84:13001 HK:proxima.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 33 4a6ba0f5ba
[Firefox: 3 hits: 06-28 to 06-30] 		none[none] none:none
 none|none none none
12:22:00 WinXP 69.232.234.92 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:205.128.79.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:34:00 Win2K-f 118.108.162.5 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:273 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
T:12:39:00 WinXP 118.108.183.154 (-):
. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 36 126d94470d
NEW 		none[none] none:none
 none|none none none
12:44:00 WinXP 24.27.11.51 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KYLE, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:50:00 WinXP 92.5.1.139 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		118.236.126.84:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36 e72624fb94
NEW 		none[none] none:none
 none|none none none
13:02:00 WinXP 65.212.110.53 (HARTCOM.NET):
HART TELECOM,
HARTWELL, GEORGIA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:sptc02.information.com
US:ads1.revenue.net
:adserving.cpxinteractive.com
:ad.yieldmanager.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
29 of 29		 20b196f32e
NEW
a12cab51ef
[Firefox:426 hits: 01-01 to 08-04] 		none[none]
40f7f463c4[0] 		none:none
ASM:Graph
 none|none
ASPack| 		none
lines=281
embedded dns 		none
trace
T:13:03:00 Win2K-f 202.67.18.57 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 bfdd1696a0
NEW 		none[none] none:none
 none|none none none
T:13:07:00 WinXP 60.44.153.28 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:274 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
T:13:11:00 WinXP 130.13.148.119 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
US:207.123.46.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
126 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 32		 7f66e51c85
[Firefox: 5 hits: 07-11 to 08-04]
9d12fe9d3b
[Firefox: 5 hits: 07-11 to 08-04] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
13:15:00 Win2K-f 85.243.223.230 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:273 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
13:16:00 Win2K-f 24.160.202.39 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. (100Mbps) 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
13:18:00 Win2K-f 170.51.52.119 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:13:30:00 Win2K-f 118.7.5.186 (-):
. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
13:36:00 Win2K-f 78.97.88.51 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:38:00 Win2K-f 62.215.19.204 (-):
FAST TELCO CUSTOMER ACCESS SERVERS,
KW. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:40:00 WinXP 90.151.131.213 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
13:41:00 Win2K-f 88.134.240.78 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a :chat-shqip.org
:w3bs.chat-shqip.org
118.236.126.84:12351
118.236.126.84:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
13:44:00 Win2K-f 85.250.23.65 (NETVISION.NET.IL):
BROADBAND-PT,
TEL AVIV, TEL AVIV, IL. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:45:00 WinXP 94.28.230.29 (-):
. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:46:00 WinXP 89.137.161.16 (-):
ASTRAL GIURGIU DOCSIS NETWORK,
RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:47:00 WinXP 94.28.205.207 (-):
. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
63 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:13:50:00 Win2K-f 89.137.186.174 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:50:00 Win2K-f 91.66.14.112 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
90 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:51:00 Win2K-f 91.67.51.9 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:02:00 Win2K-f 94.28.205.207 (-):
. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:02:00 WinXP 89.43.122.169 (PLATINIUMNET.RO):
SC PLATINIUM ANDREEA NET SRL,
RO. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
94 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:03:00 Win2K-f 92.3.101.70 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a HK:proxim.ircgalaxy.pl
:chat-shqip.org
:w3bs.chat-shqip.org
118.236.126.84:12351
118.236.126.84:13001
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 36 e72624fb94
NEW 		none[none] none:none
 none|none none none
14:05:00 Win2K-f 86.106.49.159 (UPCNET.RO):
SC UPC ROMANIA SA,
CLUJ-NAPOCA, CLUJ, RO. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
irc
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:14:05:00 Win2K-f 78.97.89.68 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
68 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:14:11:00 WinXP 85.250.23.65 (NETVISION.NET.IL):
BROADBAND-PT,
TEL AVIV, TEL AVIV, IL. 		69.42.216.90:9890 69.42.216.90:2010 :f.unicat.org
FR:www.members.lycos.co.uk
:adware.rxmods.net 		445 pcap raw alerts
ruleset 		ftp
irc
http
549 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 35
13 of 31		 cd75030ece
[Firefox: 5 hits: 07-29 to 07-29]
e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		none[none]
fda109a6fd[0] 		none:none
ASM:Graph
 none|none
ASProtect| 		none
lines=583
embedded dns 		none
trace
T:14:13:00 WinXP 91.87.209.206 (SMTP.WIMI.BE):
MOBISTAR,
BE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:14:13:00 WinXP 78.51.107.177 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
113 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
14:23:00 WinXP 89.137.144.50 (-):
ASTRAL MIERCUREA-CIUC DOCSIS NETWORK,
RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:25:00 Win2K-f 91.67.51.9 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
71 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:26:00 Win2K-f 122.43.61.89 (-):
POWERCOMM,
KR. 		n/a HK:proxim.ircgalaxy.pl
:chat-shqip.org
:w3bs.chat-shqip.org
118.236.126.84:12351
118.236.126.84:13001
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 33
32 of 33		 8a93930ea8
[Firefox:10 hits: 07-06 to 07-28]
bc94f66052
[Firefox:10 hits: 07-06 to 07-28] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
14:26:00 WinXP 89.204.231.126 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
IE. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:27:00 Win2K-f 88.134.239.115 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BEXBACH, SAARLAND, DE. 		n/a :chat-shqip.org
:w3bs.chat-shqip.org
118.236.126.84:12351
118.236.126.84:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
T:14:32:00 Win2K-f 24.80.171.205 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:14:36:00 WinXP 91.64.194.111 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 6686b0fe5f
[Firefox: 4 hits: 06-06 to 07-18] 		none[4] none:none
 ASProtect| none trace
T:14:37:00 WinXP 60.254.216.29 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
64 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 36 cae23b7b95
NEW 		none[none] none:none
 none|none none none
14:37:00 WinXP 77.20.73.229 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.90:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
91 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:40:00 WinXP 91.64.150.247 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. 		69.42.216.90:9890 69.42.216.90:2010 :f.unicat.org
FR:www.members.lycos.co.uk
:adware.rxmods.net 		445 pcap raw alerts
ruleset 		ftp
irc
http
610 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 35
13 of 31		 cd75030ece
[Firefox: 5 hits: 07-29 to 07-29]
e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		none[none]
fda109a6fd[0] 		none:none
ASM:Graph
 none|none
ASProtect| 		none
lines=583
embedded dns 		none
trace
14:47:00 WinXP 89.241.82.196 (-):
OPAL TELECOM DSL,
LUTON, ENGLAND, UK. 		69.42.216.90:9890 69.42.216.90:2010 :f.unicat.org
FR:www.members.lycos.co.uk
:adware.rxmods.net 		445 pcap raw alerts
ruleset 		ftp
irc
http
68367 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 35
13 of 31		 cd75030ece
[Firefox: 5 hits: 07-29 to 07-29]
e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		none[none]
fda109a6fd[0] 		none:none
ASM:Graph
 none|none
ASProtect| 		none
lines=583
embedded dns 		none
trace
T:15:00:00 Win2K-f 89.137.144.50 (-):
ASTRAL MIERCUREA-CIUC DOCSIS NETWORK,
RO. 		69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
55 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:348 hits: 03-31 to 07-29] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
15:02:00 WinXP 24.27.122.88 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. 		n/a UA:citi-bank.ru
:parex-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 35 9716d7995a
[Firefox: 3 hits: 07-26 to 08-04] 		none[none] none:none
 none|none none none
T:15:04:00 WinXP 94.28.149.64 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:05:00 WinXP 88.134.239.115 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BEXBACH, SAARLAND, DE. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
54 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 315f0adc54
NEW 		none[none] none:none
 none|none none none
15:07:00 Win2K-f 202.223.78.231 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
JP. 		118.236.126.84:12351 :chat-shqip.org
:w3bs.chat-shqip.org
118.236.126.84:13001 		445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 36 11b342745b
[Firefox: 2 hits: 08-02 to 08-04] 		none[none] none:none
 none|none none none
15:21:00 WinXP 97.104.4.65 (-):
. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
http
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
29 of 29
0 of 36		 5e6dc14632
NEW
a12cab51ef
[Firefox:426 hits: 01-01 to 08-04]
dfdd703611
NEW 		none[none]
40f7f463c4[0]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASPack|
none|none 		none
lines=281
embedded dns
none 		none
trace
none
T:15:24:00 WinXP 166.230.134.162 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:285 hits: 12-31 to 08-04] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:15:26:00 WinXP 41.214.187.56 (-):
. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 a12b896387
[Firefox: 2 hits: 07-29 to 07-30] 		none[none] none:none
 none|none none none
15:27:00 WinXP 204.116.40.221 (SPIRITTELECOM.COM):
INFO AVENUE INTERNET SERVICES LLC,
CHESTER, SOUTH CAROLINA, US. (DSL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 a0044bcb25
NEW 		none[none] none:none
 none|none none none
T:15:30:00 WinXP 4.152.249.163 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NORTH CAROLINA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:15:35:00 WinXP 151.118.169.210 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. 		n/a   135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32 9d12fe9d3b
[Firefox: 5 hits: 07-11 to 08-04] 		none[none] none:none
 none|none none none
15:38:00 Win2K-f 124.98.124.159 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		other
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:39:00 Win2K-f 220.215.129.206 (CATV01.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:43:00 WinXP 71.85.116.230 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:273 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
T:15:51:00 Win2K-f 92.3.101.70 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		118.236.126.84:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36 e72624fb94
NEW 		none[none] none:none
 none|none none none
T:15:52:00 WinXP 221.191.137.222 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		118.236.126.84:13001 :chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:241 hits: 06-27 to 08-04] 		none[none] none:none
 none|none none none
15:52:00 Win2K-f 220.57.120.4 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
15:54:00 WinXP 24.80.114.65 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
0 of 33
2 of 32		 607b60ad51
[Firefox:12 hits: 06-20 to 08-04]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04]
e5c7bce70e
[Firefox:12 hits: 06-20 to 08-04] 		none[4]
e07c29c4ae[1]
e5c7bce70e[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
FSG|
Armadillo| 		none
lines=92
lines=81 		trace
trace
trace
T:16:04:00 WinXP 65.183.149.120 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
BURLINGTON, VERMONT, US. 		72.10.172.218:9928 CA:teek.ihshsd8.com 135 pcap raw alerts
ruleset 		irc
591 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 30 2aa59ba425
[Firefox: 7 hits: 02-10 to 08-04] 		2aa59ba425 [1] ASM:Graph
 ASPack| lines=10 trace
16:14:00 WinXP 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80 		135 pcap raw alerts
ruleset 		http
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
57ce4acac2
[Firefox:96 hits: 06-17 to 08-04]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
16:39:00 Win2K-f 63.27.116.192 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
162 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
16:52:00 Win2K-f 24.68.242.36 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
1 of 33
0 of 32		 48f8b1a711
[Firefox: 8 hits: 06-19 to 08-02]
aecf2a5fc9
[Firefox: 6 hits: 06-19 to 08-02]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
aecf2a5fc9[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:00:00 WinXP 210.79.183.121 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 33		 3ed16ae12d
[Firefox: 8 hits: 06-19 to 07-23]
79c01ec060
[Firefox:12 hits: 06-18 to 07-23]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		3ed16ae12d [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
17:27:00 WinXP 24.76.186.78 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:17:27:00 WinXP 124.241.151.109 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
b7082104e4
[Firefox:68 hits: 06-18 to 08-04]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
17:35:00 Win2K-f 70.70.221.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:35:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 		194.109.11.65:6556 :0x80.my-secure.name
NL:0x80.my1x1.com
NL:0x80.martiansong.com
NL:0x80.goingformars.com
:0xff.memzero.info 		135 pcap raw alerts
ruleset 		other
213 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33 fe22b8315f
[Firefox: 5 hits: 06-19 to 08-04] 		none[4] none:none
 StarForce| none trace
17:38:00 WinXP 24.81.76.116 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 36
31 of 36		 e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04]
e87e85c617
NEW
fee1248b85
NEW 		e07c29c4ae [1]
none [none]
none [none] 		ASM:Graph
none:none
none:none
 FSG|
none|none
none|none 		lines=92
none
none 		trace
none
none
T:17:49:00 Win2K-f 170.51.222.63 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:49:00 WinXP 189.51.133.164 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:viking.dal.net
US:lia.zanet.net
:flanders.be.eu.undernet.org
:washington.dc.us.undernet.org
BE:london.uk.eu.undernet.org
SE:broadway.ny.us.dal.net
:gaspode.zanet.org.za
SE:coins.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:17:53:00 WinXP 61.222.236.159 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
57ce4acac2
[Firefox:96 hits: 06-17 to 08-04]
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:18:01:00 Win2K-f 96.15.185.168 (-):
. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.126.124:80
US:207.123.42.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
118 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33		 6d86a1ff5a
[Firefox:25 hits: 06-25 to 08-01]
7f6e032fc0
[Firefox:25 hits: 06-25 to 08-01] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:02:00 WinXP 96.33.83.47 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:78 hits: 01-03 to 07-29] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:13:00 Win2K-f 130.13.153.21 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 32 8fba02579a
[Firefox: 5 hits: 06-13 to 07-29] 		none[4] none:none
 StarForce| none trace
18:17:00 WinXP 218.211.65.183 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
18:52:00 WinXP 70.73.132.132 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		72.10.172.218:7763 CA:fuck.urpal43sourpalhuh.com 135 pcap raw alerts
ruleset 		irc
631 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 32 54f5031c41
[Firefox: 2 hits: 03-03 to 07-07] 		18557d626e [0] ASM:Graph
 ASPack| lines=34 trace
19:08:00 WinXP 170.51.73.81 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:19:09:00 Win2K-f 211.135.43.3 (ZAQ.NE.JP):
KEIHAN CABLE TELEVISION CO. LTD,
JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
33 of 33
0 of 32		 07fabc79ef
[Firefox: 9 hits: 06-19 to 07-15]
53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		07fabc79ef [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
19:10:00 Win2K-f 200.112.250.167 (CMET.NET):
CMET SACI,
SANTIAGO, REGION METROPOLITANA, CL. 		64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:19:18:00 WinXP 66.19.187.195 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:912 hits: 12-31 to 08-04] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
19:25:00 WinXP 76.254.85.127 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:70 hits: 01-08 to 08-04] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
19:33:00 Win2K-f 75.16.255.87 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:35:00 Win2K-f 24.188.12.106 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:35:00 WinXP 68.114.154.93 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 35fb1345c4
NEW 		none[none] none:none
 none|none none none
T:19:37:00 WinXP 75.190.139.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:912 hits: 12-31 to 08-04] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:42:00 WinXP 68.91.193.239 (SWBELL.NET):
PPPOX POOL - RBACK7 AUSTTX,
AUSTIN, TEXAS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:285 hits: 12-31 to 08-04] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:19:42:00 Win2K-f 200.112.250.167 (CMET.NET):
CMET SACI,
SANTIAGO, REGION METROPOLITANA, CL. 		64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:75 hits: 05-22 to 08-04] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:19:51:00 WinXP 119.72.219.0 (-):
. 		n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
SE:coins.dal.net
NL:london.uk.eu.undernet.org
AT:graz.at.eu.undernet.org
:flanders.be.eu.undernet.org
SE:vancouver.dal.net
:caen.fr.eu.undernet.org
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
19:55:00 Win2K-f 66.16.121.130 (CAVTEL.NET):
CAVALIER TELEPHONE,
BALTIMORE, MARYLAND, US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:04:00 Win2K-f 69.59.105.136 (NCTV.COM):
NORTHLAND CABLE TELEVISION,
GREENWOOD, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
20:17:00 WinXP 114.120.7.70 (-):
. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 509b3029f8
[Firefox:13 hits: 07-25 to 07-29] 		none[none] none:none
 none|none none none
20:20:00 Win2K-f 4.237.248.12 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
171 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:28:00 WinXP 24.70.125.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:16 hits: 06-18 to 07-24]
e53a9ea82e
[Firefox:16 hits: 06-18 to 07-24] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
20:28:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
20:43:00 Win2K-f 211.215.75.108 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32
0 of 32		 8a75955033
[Firefox:16 hits: 06-20 to 08-02]
9276c8b36b
[Firefox:16 hits: 06-20 to 08-02]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[4]
9276c8b36b[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:21:09:00 WinXP 71.189.119.92 (-):
LINDA LIU,
ONTARIO, CALIFORNIA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:17:00 Win2K-f 99.128.19.18 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04]
b7082104e4
[Firefox:68 hits: 06-18 to 08-04] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
21:28:00 WinXP 4.252.133.217 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SYCAMORE, ILLINOIS, US. (DIAL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:196 hits: 01-01 to 08-04] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:21:28:00 Win2K-f 172.133.124.87 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:39:00 Win2K-f 24.71.146.51 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:42:00 Win2K-f 74.75.3.142 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 32		 4c3df24b32
[Firefox:126 hits: 06-17 to 08-04]
53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:22:08:00 WinXP 117.99.52.74 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:78 hits: 01-03 to 07-29] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
22:09:00 Win2K-f 98.140.228.4 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
22:13:00 WinXP 70.168.9.104 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
0 of 33
28 of 33		 da00a8e7a1
NEW
e07c29c4ae
[Firefox:159 hits: 06-19 to 08-04]
f685f8e027
[Firefox: 4 hits: 06-18 to 07-18] 		none[none]
e07c29c4ae[1]
f685f8e027[1] 		none:none
ASM:Graph
ASM:Graph
 none|none
FSG|
Armadillo| 		none
lines=92
lines=82 		none
trace
trace
T:22:15:00 WinXP 117.99.17.68 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 a2f7de98c7
NEW 		none[none] none:none
 none|none none none
T:22:22:00 WinXP 200.100.239.3 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 d4a2f8f9d9
NEW 		none[none] none:none
 none|none none none
T:22:35:00 WinXP 119.94.11.184 (-):
. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
117 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
28 of 33		 56a3822608
[Firefox: 2 hits: 07-05 to 07-15]
a4c433c5d3
[Firefox: 2 hits: 07-05 to 07-15] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
22:36:00 WinXP 122.146.225.3 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1118 hits: 06-17 to 08-04]
73f1082158
[Firefox:562 hits: 06-18 to 08-04] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:01:00 WinXP 89.116.192.73 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 2ccf9be927
NEW 		none[none] none:none
 none|none none none
T:23:13:00 WinXP 211.213.1.56 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
30 of 33		 5558f5601e
NEW
8c0d3d722b
NEW 		none[4]
8c0d3d722b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
23:13:00 Win2K-f 210.205.136.57 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:206.33.43.126:80
US:206.33.45.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 33
0 of 32		 6f630e7aa2
[Firefox: 3 hits: 06-30 to 07-25]
a08f3b74a4
[Firefox:374 hits: 06-18 to 08-04]
b5919931fe
[Firefox:223 hits: 06-20 to 08-04] 		none[none]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 none|none
Armadillo|
ASProtect| 		none
lines=81
lines=90 		none
trace
trace
23:55:00 WinXP 218.162.156.3 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:23:56:00 WinXP 218.162.156.3 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:391 hits: 12-31 to 08-04] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace