Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:09:00 WinXP 193.250.67.234 (ABO.WANADOO.FR):
WANADOO,
ROTTERDAM, ZUID-HOLLAND, NL. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:89 hits: 01-08 to 08-16] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:00:11:00 Win2K-f 98.141.161.7 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:15:00 WinXP 130.13.235.233 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
T:00:15:00 Win2K-f 130.13.235.233 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
00:27:00 Win2K-f 64.192.64.16 (WCG.NET):
LIGHTCORE A CENTURYTELCOMPANY,
NASHUA, NEW HAMPSHIRE, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33
0 of 32		 1b94c1cc14
[Firefox: 5 hits: 07-01 to 08-16]
62728ad1cd
[Firefox: 5 hits: 07-01 to 08-16]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:00:27:00 WinXP 4.226.156.13 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:01:00 WinXP 220.111.105.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:489 hits: 01-01 to 08-17] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
01:01:00 WinXP 86.96.39.226 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 df2fb91a31
NEW 		none[none] none:none
 none|none none none
01:12:00 WinXP 216.79.246.125 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
LAUREL, MISSISSIPPI, US. 		n/a   135 pcap raw alerts
ruleset 		other
177 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
01:26:00 Win2K-f 96.52.60.154 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.148.54:80
US:208.111.148.69:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
35 of 36		 3691f5fd4e
NEW
80538105fd
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:28:00 Win2K-f 219.68.33.249 (GIGA.NET.TW):
HOSHIN GIGAMEDIA CENTER INC,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:05:00 Win2K-f 93.81.99.49 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		0 of 32 b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		b5919931fe [1] ASM:Graph
 ASProtect| lines=90 trace
02:10:00 WinXP 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
58 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
[Firefox:119 hits: 06-17 to 08-17] 		57ce4acac2 [1] ASM:Graph
 Armadillo| lines=81 trace
02:29:00 Win2K-f 219.241.199.120 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:151 hits: 06-17 to 08-17]
53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
02:35:00 WinXP 222.234.234.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
HK:210.245.211.11:65520
US:8.12.202.125:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
102 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 b74e792974
[Firefox: 3 hits: 06-18 to 08-06]
f0e73c39a8
[Firefox: 4 hits: 06-18 to 08-06] 		b74e792974 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
02:47:00 WinXP 211.200.251.205 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 776985f561
[Firefox: 4 hits: 06-24 to 08-09]
8ec6129efe
[Firefox: 4 hits: 06-24 to 08-09] 		776985f561 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
T:02:56:00 Win2K-f 203.40.161.68 (BIGPOND.COM):
TELSTRAINTERNET2,
PERTH, WESTERN AUSTRALIA, AU. 		n/a   135 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
03:51:00 WinXP 80.121.48.49 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:89 hits: 01-08 to 08-16] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
03:59:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 e30fb27bda
[Firefox: 2 hits: 07-07 to 07-10] 		none[none] none:none
 none|none none none
04:04:00 WinXP 211.23.128.125 (MMEDIA.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
57ce4acac2
[Firefox:119 hits: 06-17 to 08-17] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:08:00 WinXP 123.212.80.186 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32
0 of 33		 8a75955033
[Firefox:23 hits: 06-20 to 08-17]
9276c8b36b
[Firefox:23 hits: 06-20 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
9276c8b36b[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
04:56:00 Win2K-f 210.233.218.71 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 32		 3ed16ae12d
[Firefox:12 hits: 06-19 to 08-15]
79c01ec060
[Firefox:20 hits: 06-18 to 08-15]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		3ed16ae12d [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:05:10:00 Win2K-f 218.210.137.61 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80 		135 pcap raw alerts
ruleset 		other
382 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 49f8b27cca
[Firefox: 3 hits: 06-24 to 08-13]
e414dccc52
[Firefox: 3 hits: 06-24 to 08-13] 		49f8b27cca [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
ASProtect| 		lines=82
none 		trace
trace
T:05:10:00 Win2K-f 221.187.96.243 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
HK:proxim.ircgalaxy.pl 		445 pcap raw alerts
ruleset 		irc
http
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
05:14:00 Win2K-f 130.13.235.235 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667   139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
T:05:14:00 WinXP 130.13.235.235 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
T:05:14:00 WinXP 93.102.71.179 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
05:16:00 WinXP 86.155.14.73 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWANSEA, WALES, UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:489 hits: 01-01 to 08-17] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
05:17:00 Win2K-f 65.13.222.2 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
RALEIGH, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
132 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36
0 of 32
34 of 36		 551469eb00
NEW
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
d0fc9f3a1b
NEW 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
T:05:28:00 Win2K-f 118.160.91.216 (-):
. 		210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
HK:proxim.ircgalaxy.pl 		445 pcap raw alerts
ruleset 		irc
http
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
05:31:00 WinXP 64.181.82.85 (WVFIBERNET.NET):
FIBERNET OF WV,
SPENCER, WEST VIRGINIA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:472 hits: 01-01 to 08-17] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:05:42:00 Win2K-f 122.25.114.22 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
05:43:00 WinXP 122.133.114.249 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
06:20:00 WinXP 86.56.42.186 (-):
INFOCITY CUSTOMER NETWORK,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:89 hits: 01-08 to 08-16] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
06:21:00 WinXP 122.26.88.221 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:06:25:00 WinXP 4.243.146.30 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN FRANCISCO, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
172 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:31:00 Win2K-f 217.230.74.140 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:06:55:00 Win2K-f 93.80.163.134 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:06:58:00 WinXP 220.210.236.78 (MEGAEGG.NE.JP):
ENERGIA COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
06:58:00 Win2K-f 75.179.35.8 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.126.124:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
b7082104e4
[Firefox:93 hits: 06-18 to 08-17] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
07:02:00 Win2K-f 70.71.251.80 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:02:00 WinXP 60.40.78.175 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
07:08:00 WinXP 144.134.21.101 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
b7082104e4
[Firefox:93 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
07:25:00 WinXP 189.118.105.163 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:46:00 WinXP 114.120.18.232 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:48:00 Win2K-f 64.53.54.182 (AMHSPARTA.ORG):
SKYBEST COMMUNICATIONS INC,
WEST JEFFERSON, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:56:00 WinXP 12.78.5.19 (ATT.NET):
AT&T WORLDNET SERVICES,
MIAMI, FLORIDA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:337 hits: 12-31 to 08-17] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
08:11:00 WinXP 209.226.111.3 (BELL.CA):
BELL CANADA,
PRESCOTT, ONTARIO, CA. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 36 4b1bcdf2c3
NEW 		none[none] none:none
 none|none none none
T:08:11:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
57ce4acac2
[Firefox:119 hits: 06-17 to 08-17] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:12:00 WinXP 211.178.55.79 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.42.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32
31 of 33		 8390780c27
[Firefox:34 hits: 06-18 to 08-17]
af88ae89f8
[Firefox: 5 hits: 06-18 to 08-06] 		none[4]
af88ae89f8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:08:13:00 WinXP 114.120.17.208 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 fb5f707480
NEW 		none[none] none:none
 none|none none none
T:08:14:00 WinXP 71.43.102.123 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:17:00 WinXP 98.135.173.248 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:25:00 WinXP 130.13.44.39 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667   139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 74c6c141d8
[Firefox: 5 hits: 08-02 to 08-15] 		none[none] none:none
 none|none none none
T:08:25:00 Win2K-f 130.13.44.39 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 74c6c141d8
[Firefox: 5 hits: 08-02 to 08-15] 		none[none] none:none
 none|none none none
09:14:00 WinXP 220.57.120.8 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:09:34:00 WinXP 118.7.121.237 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:48:00 Win2K-f 125.58.77.24 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
b7082104e4
[Firefox:93 hits: 06-18 to 08-17] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
09:50:00 WinXP 124.195.153.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
09:59:00 WinXP 118.7.100.39 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 55d0af189c
[Firefox: 3 hits: 07-11 to 08-08] 		none[none] none:none
 none|none none none
T:10:18:00 WinXP 130.13.203.131 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:7000   445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 9824b60bec
NEW 		none[none] none:none
 none|none none none
10:20:00 WinXP 130.13.203.131 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:7000   139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 9824b60bec
NEW 		none[none] none:none
 none|none none none
T:10:38:00 WinXP 213.22.89.44 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:49:00 Win2K-f 65.84.20.233 (-):
TRAVEL HOUSE INC,
BARRINGTON, ILLINOIS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:207.123.37.125:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
31 of 35		 31bca45359
NEW
421ecabb8c
[Firefox: 4 hits: 07-24 to 08-10] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:17:00 WinXP 96.14.0.30 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:192.221.108.126:80
US:205.128.73.126:80
US:207.123.46.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 34		 0bfa79dc19
[Firefox: 6 hits: 07-22 to 08-08]
8dfb3b619f
[Firefox: 7 hits: 07-22 to 08-08] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:11:17:00 Win2K-f 130.13.118.11 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a CA:dong.nagitiriheiwu.net 135 pcap raw alerts
ruleset 		irc
http
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 36 ff06f98413
NEW 		none[none] none:none
 none|none none none
11:19:00 Win2K-f 130.13.118.11 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		72.10.172.218:7763 CA:fuck.urpal43sourpalhuh.com
US:72.8.143.164:82 		135 pcap raw alerts
ruleset 		irc
9 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
12:10:00 Win2K-f 130.13.44.39 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 74c6c141d8
[Firefox: 5 hits: 08-02 to 08-15] 		none[none] none:none
 none|none none none
12:24:00 WinXP 114.120.17.208 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 fb5f707480
NEW 		none[none] none:none
 none|none none none
12:42:00 WinXP 70.117.12.67 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:49:00 WinXP 65.25.92.79 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENVILLE, PENNSYLVANIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
12:54:00 Win2K-f 69.110.85.225 (-):
JAY KWON,
SAN FRANCISCO, CALIFORNIA, US. (100Mbps) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 		135 pcap raw alerts
ruleset 		http
irc
1288 lines 		Yeah : 1.8
profile 		none summary
tarball 		5 of 36
34 of 36
19 of 35
17 of 35
27 of 36
0 of 32
29 of 33		 117e3903ba
NEW
1f59c01aef
[Firefox: 3 hits: 08-01 to 08-11]
37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
dc92683d9a
[Firefox:10 hits: 06-19 to 08-13] 		none[none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1]
dc92683d9a[1] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
ASProtect|
Armadillo| 		none
none
none
none
none
lines=90
lines=82 		none
none
none
none
none
trace
trace
T:13:04:00 Win2K-f 196.208.111.32 (TELKOM-IPNET.CO.ZA):
AFRINIC,
ZA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:07:00 WinXP 71.43.102.123 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:13:07:00 WinXP 71.43.102.123 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:13:13:00 WinXP 71.79.67.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
13:15:00 Win2K-f 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:15:00 WinXP 63.17.137.245 (UU.NET):
UUNET TECHNOLOGIES INC,
SOUTH BERWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
13:23:00 WinXP 85.86.26.33 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
SAN SEBASTIAN, PAIS VASCO, ES. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 8350eec99e
NEW 		none[none] none:none
 none|none none none
13:25:00 WinXP 89.116.192.73 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 2ccf9be927
NEW 		none[none] none:none
 none|none none none
13:30:00 Win2K-f 61.219.228.49 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
57ce4acac2
[Firefox:119 hits: 06-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:34:00 WinXP 79.136.92.216 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:flanders.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
:irc.kar.net
RU:irc.tsk.ru
:washington.dc.us.undernet.org
:gaspode.zanet.org.za
:caen.fr.eu.undernet.org
NL:london.uk.eu.undernet.org 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:32 hits: 01-14 to 08-17] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
T:13:34:00 WinXP 79.136.92.216 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:32 hits: 01-14 to 08-17] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
T:13:40:00 WinXP 76.90.236.168 (-):
. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
[Firefox: 7 hits: 07-04 to 08-13] 		none[none] none:none
 none|none none none
13:50:00 WinXP 69.108.119.12 (PACBELL.NET):
IRVNCA INTERNAL,
LOS ANGELES, CALIFORNIA, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:162 hits: 01-01 to 08-13] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
13:51:00 Win2K-f 99.139.86.207 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:13:54:00 Win2K-f 71.101.191.109 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PALMETTO, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:14:00:00 WinXP 72.139.83.96 (ROGERS.COM):
ROGERS CABLE INC. FLFRD,
TORONTO, ONTARIO, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
105 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:14:00:00 Win2K-f 63.160.228.188 (SPRINTLINK.NET):
SPRINT,
ST. JOSEPH, MICHIGAN, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:07:00 WinXP 71.111.181.135 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ALOHA, OREGON, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
14:15:00 WinXP 75.51.249.145 (-):
HASSAN MAHFOOD,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
14:23:00 WinXP 85.243.44.32 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PORTO, PORTO, PT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:89 hits: 01-08 to 08-16] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
14:38:00 WinXP 71.65.24.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:14:41:00 Win2K-f 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:41:00 WinXP 200.82.114.39 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 ec93bb7379
NEW 		none[none] none:none
 none|none none none
T:14:55:00 Win2K-f 24.78.177.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
32 of 36
0 of 32		 607b60ad51
[Firefox:19 hits: 06-20 to 08-17]
9b6b16824e
NEW
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 tElock|
none|none
ASProtect| 		none
none
lines=90 		trace
none
trace
T:14:55:00 WinXP 69.232.232.155 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
15:14:00 Win2K-f 205.246.145.121 (-):
CABLE TV,
COCHRANTON, PENNSYLVANIA, US. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:194.90.224.86:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
1096 lines 		Yeah : 1.8
profile 		none summary
tarball 		17 of 35
27 of 36
5 of 36
0 of 32
28 of 33
31 of 33		 5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
6b53eb4980
NEW
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
ba4637f8f0
[Firefox: 4 hits: 07-01 to 08-17]
d02ae67164
[Firefox: 4 hits: 07-01 to 08-17] 		none[none]
none [none]
none [none]
b5919931fe[1]
none [none]
none [none] 		none:none
none:none
none:none
ASM:Graph
none:none
none:none
 none|none
none|none
none|none
ASProtect|
none|none
none|none 		none
none
none
lines=90
none
none 		none
none
none
trace
none
none
T:15:27:00 WinXP 98.26.215.33 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:41:00 WinXP 68.145.226.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:15:43:00 WinXP 68.145.226.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
15:45:00 Win2K-f 205.240.139.185 (-):
SALINA-SPAVINAW TELEPHONE,
SALINA, OKLAHOMA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
1066 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
27 of 36
0 of 32
28 of 33
31 of 33
5 of 36		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
ba4637f8f0
[Firefox: 4 hits: 07-01 to 08-17]
d02ae67164
[Firefox: 4 hits: 07-01 to 08-17]
d37a98d0b6
NEW 		none[none]
none [none]
none [none]
b5919931fe[1]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
ASM:Graph
none:none
none:none
none:none
 none|none
none|none
none|none
ASProtect|
none|none
none|none
none|none 		none
none
none
lines=90
none
none
none 		none
none
none
trace
none
none
none
T:15:51:00 WinXP 75.119.114.36 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:52:00 WinXP 66.61.156.38 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:windowsupdate.microsoft.com
EU:antivirusxp08.net
EU:stat.antivirusxp08.net
IL:wr.mcboo.com
IL:194.90.224.86:80 		135 pcap raw alerts
ruleset 		http
irc
2321 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
33 of 33
17 of 35
27 of 36
29 of 33
0 of 33
5 of 36		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
a86bdb31d3
[Firefox: 4 hits: 07-03 to 08-08]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17]
e0868b5099
NEW 		none[none]
none [4]
none [none]
none [none]
none [none]
e07c29c4ae[1]
none [none] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
tElock|
none|none
none|none
none|none
FSG|
none|none 		none
none
none
none
none
lines=92
none 		none
trace
none
none
none
trace
none
T:15:55:00 Win2K-f 116.123.154.137 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 		135 pcap raw alerts
ruleset 		irc
http
1204 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
27 of 36
31 of 33
24 of 33
5 of 36
0 of 32		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
6e2eaa0359
[Firefox: 5 hits: 07-10 to 08-13]
740e3bffe0
[Firefox: 6 hits: 06-25 to 08-13]
a6be68f739
NEW
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
none|none
ASProtect| 		none
none
none
none
none
none
lines=90 		none
none
none
none
none
none
trace
T:15:57:00 WinXP 209.239.16.108 (EXECULINK.COM):
EXECULINK INTERNET SERVICES CORPORATION,
KITCHENER, ONTARIO, CA. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:57:00 WinXP 209.239.16.108 (EXECULINK.COM):
EXECULINK INTERNET SERVICES CORPORATION,
KITCHENER, ONTARIO, CA. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:974 hits: 12-31 to 08-17] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:59:00 WinXP 189.118.233.219 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 36 4877e110a8
NEW 		none[none] none:none
 none|none none none
16:04:00 Win2K-f 201.93.6.137 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
IL:62.90.134.24:80 		445 pcap raw alerts
ruleset 		irc
http
7 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 35 5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none] none:none
 none|none none none
T:16:15:00 Win2K-f 99.128.124.132 (-):
. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:16:22:00 WinXP 72.188.110.8 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com
GB:new.egg.com 		445 pcap raw alerts
ruleset 		http
http
http
http
33 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:216 hits: 01-01 to 08-17] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
16:31:00 WinXP 76.166.30.67 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:36 hits: 01-02 to 07-24] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
16:57:00 WinXP 24.46.59.226 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
BROOKLYN, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
17:06:00 Win2K-f 76.200.216.27 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:17:14:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
57ce4acac2
[Firefox:119 hits: 06-17 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
17:15:00 WinXP 12.215.83.12 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MARION, IOWA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:64 hits: 01-14 to 08-17] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:17:16:00 Win2K-f 209.250.154.159 (PATHCOM.COM):
METADATA SYSTEMS SOFTWARE INC,
MISSISSAUGA, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
153 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:25:00 Win2K-f 70.125.73.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:30:00 Win2K-f 68.145.121.87 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:194.90.224.86:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
1218 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
19 of 35
7 of 36
17 of 35
27 of 36
32 of 36
0 of 32		 0081629431
NEW
37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
4f0a09bac9
NEW
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
8646fc5510
NEW
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
none|none
ASProtect| 		none
none
none
none
none
none
lines=90 		none
none
none
none
none
none
trace
17:49:00 Win2K-f 189.82.36.232 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:microsoft.com 		135 pcap raw alerts
ruleset 		irc
http
164 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 35
17 of 35
27 of 36		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
17:57:00 WinXP 114.120.52.137 (-):
. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 a12b896387
[Firefox: 3 hits: 07-29 to 08-05] 		none[none] none:none
 none|none none none
18:06:00 Win2K-f 4.231.163.48 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:06:00 Win2K-f 144.134.21.191 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
18:08:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
18:16:00 WinXP 67.37.80.219 (AMERITECH.NET):
AT&T INTERNET SERVICES,
WESTLAND, MICHIGAN, US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:162 hits: 01-01 to 08-13] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
18:17:00 Win2K-f 130.13.140.91 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
T:18:18:00 WinXP 130.13.140.91 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox: 9 hits: 07-27 to 08-15] 		none[none] none:none
 none|none none none
T:18:19:00 WinXP 97.93.77.213 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
403 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 36 c4c5a56ffe
NEW 		none[none] none:none
 none|none none none
18:28:00 Win2K-f 4.152.213.65 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VIRGINIA BEACH, VIRGINIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:18:44:00 WinXP 64.109.36.144 (AMERITECH.NET):
DIAL POOL TNT1-APTNWI,
DE PERE, WISCONSIN, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
18:47:00 WinXP 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
IL:194.90.224.86:80
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		irc
http
1286 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
33 of 35
17 of 35
27 of 36
0 of 33
32 of 35		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
4113025530
[Firefox: 4 hits: 07-30 to 08-16]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17]
e3ca792d99
[Firefox: 4 hits: 07-30 to 08-16] 		none[none]
none [none]
none [none]
none [none]
e07c29c4ae[1]
none [none] 		none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
none|none
FSG|
none|none 		none
none
none
none
lines=92
none 		none
none
none
none
trace
none
18:56:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
19:05:00 WinXP 66.217.39.188 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
19:06:00 Win2K-f 172.163.64.220 (AOL.COM):
AMERICA ONLINE,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
70 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
b7082104e4
[Firefox:93 hits: 06-18 to 08-17] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
19:07:00 WinXP 124.111.206.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:194.90.224.86:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
1116 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33
17 of 35
0 of 33		 533d15b5ce
[Firefox:16 hits: 06-21 to 08-16]
58c343a8d8
[Firefox:17 hits: 06-21 to 08-16]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
58c343a8d8[1]
none [none]
e07c29c4ae[1] 		none:none
ASM:Graph
none:none
ASM:Graph
 tElock|
Armadillo|
none|none
FSG| 		none
lines=82
none
lines=92 		trace
trace
none
trace
T:19:25:00 WinXP 208.61.169.79 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
NASHVILLE, TENNESSEE, US. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox: 6 hits: 08-08 to 08-16] 		none[none] none:none
 none|none none none
19:26:00 WinXP 71.136.17.66 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 33		 73ce2b74da
[Firefox: 7 hits: 06-18 to 08-15]
79c01ec060
[Firefox:20 hits: 06-18 to 08-15]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		73ce2b74da [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
19:27:00 WinXP 211.179.67.66 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:151 hits: 06-17 to 08-17]
53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:19:32:00 Win2K-f 70.184.78.246 (COX.NET):
COX COMMUNICATIONS,
TUCSON, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:36:00 WinXP 99.135.34.59 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:337 hits: 12-31 to 08-17] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:19:41:00 WinXP 222.15.161.119 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:291 hits: 01-05 to 08-17] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
19:46:00 Win2K-f 71.108.10.169 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
137 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 33
31 of 33		 277034540e
[Firefox: 5 hits: 07-12 to 08-15]
ea43badccf
[Firefox: 5 hits: 07-12 to 08-15] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
19:47:00 Win2K-f 24.79.215.40 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
160 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
2 of 32		 607b60ad51
[Firefox:19 hits: 06-20 to 08-17]
e5c7bce70e
[Firefox:19 hits: 06-20 to 08-17] 		none[4]
e5c7bce70e[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:47:00 Win2K-f 122.52.74.82 (PLDT.NET):
IPG,
PH. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:59:00 Win2K-f 96.14.74.144 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
20:09:00 Win2K-f 60.54.5.66 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:24:00 Win2K-f 24.82.101.167 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:24:00 WinXP 114.120.113.54 (-):
. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 35 038ff57c9e
NEW 		none[none] none:none
 none|none none none
20:28:00 WinXP 70.182.251.209 (MAXONCORP.COM):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
203 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
33 of 36		 aa9a5814b5
NEW
d65dae6c35
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:38:00 Win2K-f 4.229.195.10 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LANSING, MICHIGAN, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
875 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 15d4d85dc0
[Firefox: 5 hits: 06-10 to 08-17] 		none[4] none:none
 StarForce| none trace
20:40:00 WinXP 190.226.4.142 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
20:51:00 Win2K-f 211.52.164.88 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
107 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
0 of 33
0 of 32		 168aab35a3
[Firefox:98 hits: 06-17 to 08-17]
4c3df24b32
[Firefox:151 hits: 06-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
4c3df24b32[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:55:00 WinXP 209.252.105.148 (MCLEODUSA.NET):
MDI ACCESS,
ROCHESTER, MINNESOTA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:21:02:00 WinXP 76.172.168.91 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:489 hits: 01-01 to 08-17] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
21:08:00 WinXP 61.219.208.75 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
57ce4acac2
[Firefox:119 hits: 06-17 to 08-17] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:08:00 WinXP 216.203.250.11 (ALGX.NET):
XO COMMUNICATIONS,
SCOTTSDALE, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
131 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:21:15:00 WinXP 24.109.69.35 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 35 dbbc586732
[Firefox:17 hits: 07-28 to 08-15] 		none[none] none:none
 none|none none none
T:21:24:00 WinXP 77.125.80.101 (INTER.NET.IL):
EURONET DIGITAL COMMUNICATIONS,
IL. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:30:00 WinXP 205.246.145.121 (-):
CABLE TV,
COCHRANTON, PENNSYLVANIA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:windowsupdate.microsoft.com
EU:antivirusxp08.net
EU:stat.antivirusxp08.net
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
2446 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
5 of 36
17 of 35
27 of 36
28 of 33
31 of 33
0 of 33		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
383da7c1f6
NEW
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
ba4637f8f0
[Firefox: 4 hits: 07-01 to 08-17]
d02ae67164
[Firefox: 4 hits: 07-01 to 08-17]
e07c29c4ae
[Firefox:278 hits: 06-19 to 08-17] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
e07c29c4ae[1] 		none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
none|none
FSG| 		none
none
none
none
none
none
lines=92 		none
none
none
none
none
none
trace
T:21:30:00 Win2K-f 68.144.135.11 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:21:31:00 WinXP 4.224.195.60 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:48:00 Win2K-f 68.146.195.227 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:49:00 WinXP 144.134.21.191 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
22:21:00 Win2K-f 70.119.123.253 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:24:00 Win2K-f 118.219.237.248 (-):
. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:194.90.224.86:80 		135 pcap raw alerts
ruleset 		http
irc
1053 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
31 of 33
19 of 35
17 of 35
27 of 36
0 of 32
5 of 36		 0f7b6b4c31
[Firefox: 2 hits: 08-09 to 08-15]
168aab35a3
[Firefox:98 hits: 06-17 to 08-17]
37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17]
b6b0a0add1
NEW 		none[none]
none [4]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
tElock|
none|none
none|none
none|none
ASProtect|
none|none 		none
none
none
none
none
lines=90
none 		none
trace
none
none
none
trace
none
T:22:29:00 Win2K-f 210.127.111.49 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 33
0 of 32		 0537139fe7
[Firefox: 4 hits: 06-21 to 07-10]
49b6f2dd5d
[Firefox: 4 hits: 06-21 to 07-10]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
49b6f2dd5d[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:29:00 Win2K-f 210.127.111.49 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
131 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
29 of 33
0 of 32		 0537139fe7
[Firefox: 4 hits: 06-21 to 07-10]
49b6f2dd5d
[Firefox: 4 hits: 06-21 to 07-10]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
49b6f2dd5d[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:22:43:00 Win2K-f 67.10.153.22 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KATY, TEXAS, US. 		210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
HK:proxim.ircgalaxy.pl
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 		445 pcap raw alerts
ruleset 		irc
http
409 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35
27 of 36
5 of 36		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
dee23a69e8
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
22:44:00 Win2K-f 67.10.153.22 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KATY, TEXAS, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
22:45:00 Win2K-f 4.236.141.42 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:51:00 WinXP 68.150.55.65 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
73f1082158
[Firefox:769 hits: 06-18 to 08-17] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:53:00 WinXP 202.125.61.154 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:22:53:00 WinXP 202.125.61.154 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:462 hits: 12-31 to 08-17] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:22:57:00 WinXP 72.251.36.108 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:08:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
23:33:00 Win2K-f 210.68.130.216 (MYSON.COM.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 177159de26
NEW
9c50aa3c45
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:23:33:00 WinXP 97.104.15.114 (-):
. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 36
29 of 29		 261e2f257e
NEW
542b016bb5
NEW
a12cab51ef
[Firefox:472 hits: 01-01 to 08-17] 		none[none]
none [none]
40f7f463c4[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASPack| 		none
none
lines=281
embedded dns 		none
none
trace
23:34:00 WinXP 67.150.126.10 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
23:34:00 Win2K-f 24.85.84.13 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1512 hits: 06-17 to 08-17]
a08f3b74a4
[Firefox:498 hits: 06-18 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:23:40:00 Win2K-f 219.250.172.79 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 		135 pcap raw alerts
ruleset 		irc
http
1165 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
5 of 35
27 of 36
29 of 32
28 of 32
0 of 32		 37f41fd8ab
[Firefox:89 hits: 07-24 to 08-17]
5ab0a45f63
[Firefox:107 hits: 07-24 to 08-17]
626f8ef2b9
NEW
664857e986
[Firefox: 3 hits: 08-17 to 08-17]
8a75955033
[Firefox:23 hits: 06-20 to 08-17]
9276c8b36b
[Firefox:23 hits: 06-20 to 08-17]
b5919931fe
[Firefox:342 hits: 06-20 to 08-17] 		none[none]
none [none]
none [none]
none [none]
none [4]
9276c8b36b[1]
b5919931fe[1] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
ASM:Graph
 none|none
none|none
none|none
none|none
tElock|
Armadillo|
ASProtect| 		none
none
none
none
none
lines=81
lines=90 		none
none
none
none
trace
trace
trace
23:54:00 Win2K-f 219.250.172.79 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
142 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox:23 hits: 06-20 to 08-17]
9276c8b36b
[Firefox:23 hits: 06-20 to 08-17] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace