Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:10:00 Win2K-f 211.179.72.60 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
EU:terahost.cn
:www.upononjob.cn
US:mysoft-forum.net
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
US:192.221.108.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		irc
http
973 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
19 of 35
0 of 33
17 of 35
26 of 36
0 of 32
12 of 36		 168aab35a3
[Firefox:91 hits: 06-17 to 08-15]
37f41fd8ab
[Firefox:83 hits: 07-24 to 08-15]
4c3df24b32
[Firefox:147 hits: 06-17 to 08-15]
5ab0a45f63
[Firefox:101 hits: 07-24 to 08-15]
9bacfaddd9
[Firefox: 3 hits: 08-15 to 08-15]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15]
c5e5182fde
[Firefox: 2 hits: 08-15 to 08-15] 		none[4]
none [none]
4c3df24b32[1]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
none:none
 tElock|
none|none
Armadillo|
none|none
none|none
ASProtect|
none|none 		none
none
lines=81
none
none
lines=90
none 		trace
none
trace
none
none
trace
none
T:00:35:00 Win2K-f 89.179.90.122 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:mysoft-forum.net
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 32 b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		b5919931fe [1] ASM:Graph
 ASProtect| lines=90 trace
00:39:00 Win2K-f 66.168.109.131 (CHARTER.COM):
CHARTER COMMUNICATIONS,
SUWANEE, GEORGIA, US. 		n/a HK:proxim.ircgalaxy.pl
US:mysoft-forum.net
HK:210.245.211.11:65520 		139 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 c80d0ac3fc
NEW 		none[none] none:none
 none|none none none
00:40:00 WinXP 24.80.186.91 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:00:41:00 WinXP 70.95.101.208 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:25 hits: 01-02 to 05-29] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
00:42:00 WinXP 70.95.101.208 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:25 hits: 01-02 to 05-29] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
00:59:00 Win2K-f 89.178.98.230 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 		n/a HK:proxim.ircgalaxy.pl
US:mysoft-forum.net
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
01:05:00 WinXP 82.6.12.228 (NTL.COM):
NTL INFRASTRUCTURE - RENFREW,
WELWYN GARDEN CITY, ENGLAND, UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33 0c5e413f57
NEW 		none[none] none:none
 none|none none none
01:11:00 WinXP 4.226.156.94 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:12:00 WinXP 68.144.166.8 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
55 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
01:14:00 Win2K-f 211.207.184.110 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:207.123.42.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
34 of 36		 168aab35a3
[Firefox:91 hits: 06-17 to 08-15]
7cebed19c8
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:01:19:00 WinXP 62.103.240.172 (OTENET.GR):
MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS,
RHODES, DHODHEKANISOS, GR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:86 hits: 01-03 to 08-14] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:01:19:00 Win2K-f 211.176.30.55 (-):
HANMAG FUTURES COPORATION,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33
0 of 32		 168aab35a3
[Firefox:91 hits: 06-17 to 08-15]
667f0c59f3
[Firefox:13 hits: 07-04 to 08-12]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[4]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 tElock|
none|none
ASProtect| 		none
none
lines=90 		trace
none
trace
T:01:36:00 Win2K-f 208.84.203.85 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
01:38:00 WinXP 211.215.75.249 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32
0 of 33		 8a75955033
[Firefox:20 hits: 06-20 to 08-15]
9276c8b36b
[Firefox:20 hits: 06-20 to 08-15]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[4]
9276c8b36b[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:01:42:00 WinXP 210.79.134.228 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
01:53:00 WinXP 64.192.64.16 (WCG.NET):
LIGHTCORE A CENTURYTELCOMPANY,
NASHUA, NEW HAMPSHIRE, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33		 1b94c1cc14
[Firefox: 4 hits: 07-01 to 08-11]
62728ad1cd
[Firefox: 4 hits: 07-01 to 08-11] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:02:05:00 Win2K-f 118.218.9.130 (-):
. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 6ec2a8994b
[Firefox:14 hits: 06-18 to 08-11]
857b781ca9
[Firefox:10 hits: 06-18 to 08-11] 		none[4]
857b781ca9[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
02:15:00 Win2K-f 122.26.188.79 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:525 hits: 06-27 to 08-15] 		none[none] none:none
 none|none none none
02:43:00 WinXP 68.148.113.40 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:03:21:00 WinXP 121.84.108.245 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:87 hits: 01-08 to 08-15] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
03:36:00 WinXP 72.183.51.15 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
03:39:00 Win2K-f 116.126.239.177 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox:20 hits: 06-20 to 08-15]
9276c8b36b
[Firefox:20 hits: 06-20 to 08-15] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:44:00 WinXP 217.249.196.77 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
MUNICH, BAYERN, DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 36 c48fa79359
NEW 		none[none] none:none
 none|none none none
04:20:00 Win2K-f 122.2.124.79 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
237 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 32
30 of 33		 319dddbd87
[Firefox: 2 hits: 07-13 to 08-13]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15]
bcabcc7cc3
[Firefox: 3 hits: 07-09 to 08-13] 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
04:46:00 WinXP 61.215.245.135 (CATVNET.NE.JP):
CATV NETWORK SERVICES(STNET INCROPORATE),
OSAKA, OSAKA, JP. 		n/a   135 pcap raw alerts
ruleset 		other
876 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 089d3e7af7
NEW 		none[none] none:none
 none|none none none
04:49:00 Win2K-f 24.69.251.173 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KELOWNA, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
1 of 33
0 of 32		 48f8b1a711
[Firefox:11 hits: 06-19 to 08-08]
aecf2a5fc9
[Firefox: 9 hits: 06-19 to 08-08]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[4]
aecf2a5fc9[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
05:02:00 WinXP 210.229.77.190 (ALPHA-NET.NE.JP):
ALPHA CO. LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:09:00 Win2K-f 218.36.66.120 (KRLINE.NET):
KRLINE INTERNET SERVICE INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:11:00 WinXP 125.195.106.45 (MESH.AD.JP):
NEC CORPORATION,
JP. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:383 hits: 06-27 to 08-15] 		none[none] none:none
 none|none none none
05:23:00 Win2K-f 4.225.168.181 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITNEY, TEXAS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:26:00 WinXP 80.164.95.2 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
FREDERIKSBERG, FREDERIKSBERG, DK. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 4442fbf8df
NEW 		none[none] none:none
 none|none none none
05:35:00 WinXP 4.245.8.61 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) 		n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
FI:london.uk.eu.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:05:36:00 WinXP 4.245.8.61 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:06:09:00 WinXP 122.30.116.105 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:06:23:00 WinXP 87.51.127.6 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:213 hits: 01-01 to 08-14] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
06:32:00 WinXP 98.15.250.117 (-):
. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
EU:ebookfinaltrash.ru
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:468 hits: 01-01 to 08-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
06:34:00 Win2K-f 211.176.160.19 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.148.15:80
HK:210.245.211.11:65520
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
30 of 33		 2e04b06527
[Firefox: 4 hits: 06-18 to 08-15]
5c054291de
[Firefox: 4 hits: 06-18 to 08-15] 		none[4]
5c054291de[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
07:01:00 WinXP 89.117.29.213 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		http
147 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
32 of 35		 4113025530
[Firefox: 3 hits: 07-30 to 08-15]
e3ca792d99
[Firefox: 3 hits: 07-30 to 08-15] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:03:00 WinXP 75.177.83.27 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WINSTON SALEM, NORTH CAROLINA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
07:15:00 WinXP 210.175.200.25 (ICN-NET.NE.JP):
ICHINOSEKI CABLE NETWORK CO..LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
07:20:00 WinXP 71.79.184.215 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CUYAHOGA FALLS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:204.160.104.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:41:00 Win2K-f 12.219.244.12 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
RIDGECREST, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
b7082104e4
[Firefox:87 hits: 06-18 to 08-15] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
T:07:42:00 WinXP 220.107.128.208 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
FUNABASHI, CHIBA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
07:43:00 WinXP 216.139.96.35 (GRM.NET):
GRAND RIVER MUTUAL TELEPHONE CORPORATION,
PRINCETON, MISSOURI, US. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox: 3 hits: 08-08 to 08-12] 		none[none] none:none
 none|none none none
T:07:45:00 WinXP 4.225.212.203 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:08:07:00 WinXP 119.94.168.65 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
1009 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 36 17e9dbcb71
NEW 		none[none] none:none
 none|none none none
T:08:27:00 WinXP 86.96.81.248 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:41:00 Win2K-f 69.151.110.34 (SWBELL.NET):
PPPOX POOL - RBACK17 HSTNTX,
HOUSTON, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:58:00 WinXP 83.97.150.17 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:86 hits: 01-03 to 08-14] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:09:06:00 WinXP 4.244.153.11 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:09:44:00 WinXP 4.88.65.143 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MYRTLE BEACH, SOUTH CAROLINA, US. (DIAL) 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a0044bcb25
[Firefox: 4 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
10:18:00 WinXP 216.139.96.35 (GRM.NET):
GRAND RIVER MUTUAL TELEPHONE CORPORATION,
PRINCETON, MISSOURI, US. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox: 3 hits: 08-08 to 08-12] 		none[none] none:none
 none|none none none
10:42:00 WinXP 116.125.9.30 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
10:46:00 Win2K-f 116.123.57.165 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:208.111.173.53:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
34 of 36		 168aab35a3
[Firefox:91 hits: 06-17 to 08-15]
cc53fa213b
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
10:46:00 WinXP 12.219.244.12 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
RIDGECREST, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
b7082104e4
[Firefox:87 hits: 06-18 to 08-15] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
10:49:00 WinXP 76.168.102.104 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SYLMAR, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:53:00 WinXP 201.33.190.214 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:327 hits: 12-31 to 08-15] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:11:05:00 Win2K-f 124.61.35.102 (-):
POWERCOM,
KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
32 of 33		 4c3df24b32
[Firefox:147 hits: 06-17 to 08-15]
58408136a4
[Firefox:11 hits: 06-28 to 08-14] 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
11:20:00 WinXP 89.166.145.213 (OSNANET.DE):
OSNATEL-SUBNET FOR ADSL DIAL-UP,
OSNABRUCK, NIEDERSACHSEN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:11:25:00 WinXP 205.240.136.211 (-):
SALINA-SPAVINAW TELEPHONE,
KANSAS, OKLAHOMA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:02:00 WinXP 124.195.149.116 (-):
. 		67.43.236.98:1863 HK:proxima.ircgalaxy.pl
CA:xx.enterhere.biz
CA:alwayssam.com
CA:zonetech.info
US:130.107.144.229:4182
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		irc
http
390 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 36
16 of 36
14 of 36
35 of 36
18 of 36		 56871fe57c
NEW
78e31db533
[Firefox: 2 hits: 08-13 to 08-15]
9b09258622
[Firefox: 9 hits: 08-05 to 08-15]
c9bc6af5e1
NEW
d5a5e9f7a9
[Firefox: 2 hits: 08-13 to 08-15] 		none[none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none 		none
none
none
none
none
12:03:00 WinXP 24.160.200.22 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
12:04:00 WinXP 86.97.114.193 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox: 3 hits: 08-08 to 08-12] 		none[none] none:none
 none|none none none
12:06:00 WinXP 190.138.137.226 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 c996d575d2
NEW 		none[none] none:none
 none|none none none
12:09:00 Win2K-f 72.230.139.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:28:00 WinXP 65.25.92.79 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENVILLE, PENNSYLVANIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
12:30:00 WinXP 65.25.92.79 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENVILLE, PENNSYLVANIA, US. 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
13:08:00 WinXP 65.190.160.60 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 35 cf83f7cd39
NEW 		none[none] none:none
 none|none none none
T:13:09:00 WinXP 65.190.160.60 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:60 hits: 01-14 to 08-15] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
13:10:00 Win2K-f 96.52.134.173 (-):
. 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:198.78.201.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 35
0 of 32		 1d99ba7f96
NEW
7850b9af42
NEW
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:13:14:00 Win2K-f 64.139.110.105 (JCURRY):
NCI DATA.COM INC,
OROVILLE, WASHINGTON, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.124:80
US:199.93.53.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
13:44:00 WinXP 41.214.171.0 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 35 a3d41629ae
NEW 		none[none] none:none
 none|none none none
14:03:00 Win2K-f 61.32.176.103 (BORA.NET):
DACOM CORP,
KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:04:00 WinXP 209.127.196.20 (-):
TELSCAPE COMMUNICATIONS INC,
MONROVIA, CALIFORNIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
331 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 0ee77eb7eb
NEW 		none[none] none:none
 none|none none none
14:09:00 WinXP 99.135.34.59 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:327 hits: 12-31 to 08-15] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:14:20:00 Win2K-f 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:09:00 WinXP 82.52.104.123 (POOL8252.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
MODENA, EMILIA-ROMAGNA, IT. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:09:00 Win2K-f 196.208.93.158 (TELKOM-IPNET.CO.ZA):
AFRINIC,
CAPE TOWN, WESTERN CAPE, ZA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
74 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
57ce4acac2
[Firefox:114 hits: 06-17 to 08-15] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:14:00 WinXP 76.182.2.6 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
:www.proxy-socks.net
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:468 hits: 01-01 to 08-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
15:24:00 Win2K-f 99.180.48.162 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:24:00 WinXP 211.244.75.160 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 32		 1509c8d024
[Firefox:18 hits: 06-17 to 08-11]
f23b040440
[Firefox: 9 hits: 06-22 to 08-11] 		none[4]
f23b040440[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
15:26:00 WinXP 70.241.17.35 (SWBELL.NET):
PPPOX POOL - RBACK22.HSTNTX,
HOUSTON, TEXAS, US. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:15:26:00 WinXP 70.241.17.35 (SWBELL.NET):
PPPOX POOL - RBACK22.HSTNTX,
HOUSTON, TEXAS, US. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
15:39:00 WinXP 121.72.234.20 (TELSTRACLEAR.NET):
TELSTRACLEAR CHRISTCHURCH CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
349 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 33		 7f89b38665
[Firefox: 4 hits: 08-02 to 08-13]
a51a50404e
[Firefox: 4 hits: 08-02 to 08-13]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
15:40:00 Win2K-f 98.141.161.158 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:57:00 WinXP 222.149.197.12 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 de42c45975
[Firefox: 2 hits: 08-12 to 08-13] 		none[none] none:none
 none|none none none
16:05:00 Win2K-f 98.174.80.235 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:23:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
16:37:00 WinXP 4.252.18.227 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BLAINE, MINNESOTA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		http
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
a08f3b74a4
[Firefox:474 hits: 06-18 to 08-15]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
16:39:00 WinXP 189.10.98.79 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:39:00 WinXP 189.10.98.79 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:47:00 WinXP 75.119.37.81 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 4565d1626f
NEW 		none[none] none:none
 none|none none none
16:47:00 WinXP 200.175.77.56 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
RU:195.200.213.52:80
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:468 hits: 01-01 to 08-15] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
16:47:00 WinXP 75.119.37.81 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 4565d1626f
NEW 		none[none] none:none
 none|none none none
T:16:59:00 WinXP 206.82.91.81 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:86 hits: 01-03 to 08-14] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
17:15:00 Win2K-f 64.75.158.10 (TURQUOISE.NET):
HAWAII ONLINE,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:20:00 WinXP 12.210.144.146 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
PEORIA, ILLINOIS, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:450 hits: 12-31 to 08-15] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
17:25:00 WinXP 220.219.0.161 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:29:00 WinXP 24.46.59.226 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:207.123.42.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:37:00 WinXP 114.120.0.254 (-):
. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 60355a8247
NEW 		none[none] none:none
 none|none none none
T:17:41:00 WinXP 70.73.77.159 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15]
e07c29c4ae
[Firefox:258 hits: 06-19 to 08-15] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
17:49:00 WinXP 70.61.108.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:00:00 Win2K-f 4.224.195.155 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
18:07:00 Win2K-f 74.137.231.116 (INSIGHTBB.COM):
INSIGHT COMMUNICATIONS COMPANY L.P,
EVANSVILLE, INDIANA, US. 		n/a   135 pcap raw alerts
ruleset 		other
36 lines 		Yeah : 1.3
profile 		none summary
tarball 		8 of 33 b7082104e4
[Firefox:87 hits: 06-18 to 08-15] 		none[4] none:none
 tElock| none trace
18:10:00 WinXP 209.250.154.187 (PATHCOM.COM):
YASNA,
NORTH YORK, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
132 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:15:00 WinXP 4.129.69.187 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
RESACA, GEORGIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:42:00 Win2K-f 208.84.201.228 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:198.78.220.124:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:15:00 WinXP 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:20:00 WinXP 4.90.197.42 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHAMBERSBURG, PENNSYLVANIA, US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 9543d041a7
[Firefox: 7 hits: 02-18 to 08-06] 		49e3eed5c5 [0] ASM:Graph
 PolyEnE| lines=77
embedded dns 		trace
T:19:39:00 WinXP 72.174.60.14 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:40:00 WinXP 4.131.137.119 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:278 hits: 01-05 to 08-15] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
19:43:00 Win2K-f 70.73.77.159 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		72.10.172.218:9283 CA:munirah.nagitiriheiwu.net
CA:abc.ihshsd8.com
CA:72.10.169.26:3029
CA:72.10.172.218:9283 		135 pcap raw alerts
ruleset 		other
198 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 32 0dbfaa395e
NEW 		none[4] none:none
 tElock| none trace
T:20:01:00 Win2K-f 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.42.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32		 3cd7958258
[Firefox:18 hits: 06-17 to 08-05]
41efedf70f
[Firefox:17 hits: 06-19 to 08-05] 		none[4]
41efedf70f[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
20:14:00 Win2K-f 99.147.60.122 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15]
b7082104e4
[Firefox:87 hits: 06-18 to 08-15] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
20:27:00 WinXP 67.10.153.22 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KATY, TEXAS, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 c21df65e26
NEW 		none[none] none:none
 none|none none none
T:20:28:00 WinXP 72.251.37.172 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none d362633fb2
NEW 		none[none] none:none
 none|none none none
20:36:00 Win2K-f 218.235.141.107 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
3 of 35
0 of 32		 4b1e5a8e77
[Firefox: 4 hits: 07-05 to 08-06]
9a62aaacc0
[Firefox: 3 hits: 07-25 to 08-06]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
20:40:00 WinXP 75.28.111.75 (SBCGLOBAL.NET):
PPPOX POOL - RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:20:51:00 WinXP 4.245.13.182 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
20:59:00 WinXP 201.212.194.230 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:955 hits: 12-31 to 08-15] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:21:05:00 Win2K-f 210.163.59.66 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		63.173.172.98:6667   139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 36 7c2b50c774
[Firefox:11 hits: 08-01 to 08-15] 		none[none] none:none
 none|none none none
21:24:00 WinXP 121.124.128.187 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.104.126:80
US:205.128.73.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
[Firefox:15 hits: 06-21 to 08-10]
58c343a8d8
[Firefox:16 hits: 06-21 to 08-10] 		none[4]
58c343a8d8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
21:57:00 WinXP 24.24.213.219 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTMINSTER, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1444 hits: 06-17 to 08-15]
73f1082158
[Firefox:734 hits: 06-18 to 08-15] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:14:00 WinXP 61.205.7.189 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
22:40:00 WinXP 98.134.220.99 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
22:49:00 WinXP 119.95.129.67 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.148.174:80
US:208.111.148.219:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
129 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:32 hits: 06-18 to 08-14]
76ee340669
[Firefox:33 hits: 06-18 to 08-14] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
22:56:00 WinXP 121.125.21.205 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
0 of 33		 168aab35a3
[Firefox:91 hits: 06-17 to 08-15]
4c3df24b32
[Firefox:147 hits: 06-17 to 08-15] 		none[4]
4c3df24b32[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:23:03:00 Win2K-f 121.100.81.90 (-):
GYOUNGGIDONGBU CABLE TV CO LTD,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
145 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
34 of 36
0 of 32		 093d0bd693
NEW
a757d26d4b
NEW
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:23:37:00 Win2K-f 69.201.128.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
24 of 33
0 of 32		 00de373b4a
[Firefox: 2 hits: 07-12 to 07-21]
b234759ccf
[Firefox: 2 hits: 07-12 to 07-21]
b5919931fe
[Firefox:320 hits: 06-20 to 08-15] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
23:43:00 WinXP 80.121.51.234 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:87 hits: 01-08 to 08-15] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
23:56:00 WinXP 219.105.126.194 (ADACHI.NE.JP):
CABLE TELEVISION ADACHI CORP,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:481 hits: 01-01 to 08-15] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace