Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

19 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:05:00 WinXP 70.118.224.188 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:00:05:00 Win2K-f 61.1.156.8 (NDL1NMS-A.SANCHARNET.IN):
NATIONAL INTERNET BACKBONE,
BANGALORE, KARNATAKA, IN. 		n/a   445 pcap raw alerts
ruleset 		irc
http
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
00:15:00 Win2K-f 71.115.95.52 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ELKHART, INDIANA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
00:21:00 Win2K-f 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18]
b7082104e4
[Firefox:97 hits: 06-18 to 08-18] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
00:24:00 WinXP 61.34.194.118 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. (100Mbps) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
131 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
30 of 33
0 of 33		 3690b64ca2
[Firefox: 5 hits: 06-18 to 07-13]
a6fb77fd26
[Firefox: 5 hits: 06-18 to 07-13]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
a6fb77fd26[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
T:00:40:00 Win2K-f 58.226.67.114 (HANANET.NET):
HANARO TELECOM INC,
KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 32		 4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
00:53:00 Win2K-f 24.85.166.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:05:00 WinXP 219.110.167.35 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
01:50:00 Win2K-f 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		irc
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
01:55:00 Win2K-f 61.105.130.237 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
34 of 36
0 of 32		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
928e2a1591
NEW
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 tElock|
none|none
ASProtect| 		none
none
lines=90 		trace
none
trace
02:19:00 Win2K-f 93.80.155.19 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:32:00 Win2K-f 70.182.79.231 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
32 of 36		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18]
bea8cb1865
[Firefox: 3 hits: 08-11 to 08-17] 		none[4]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
none|none 		none
lines=90
none 		trace
trace
none
02:34:00 WinXP 89.41.38.60 (PANEVO.RO):
SC PAN ELECTRO SRL,
RO. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 5bd33f839a
NEW 		none[none] none:none
 none|none none none
T:02:34:00 WinXP 89.41.38.60 (PANEVO.RO):
SC PAN ELECTRO SRL,
RO. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 5bd33f839a
NEW 		none[none] none:none
 none|none none none
T:02:35:00 Win2K-f 116.127.232.15 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
:lolika.cn
IL:62.90.134.24:80 		135 pcap raw alerts
ruleset 		irc
http
895 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 33
17 of 35
27 of 36
0 of 32
31 of 33		 06f27eb5cb
[Firefox: 7 hits: 07-02 to 08-09]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18]
d27dfd506b
[Firefox: 7 hits: 07-02 to 08-09] 		none[none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
ASProtect|
none|none 		none
none
none
lines=90
none 		none
none
none
trace
none
02:42:00 Win2K-f 218.211.83.32 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
02:52:00 WinXP 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:02:54:00 Win2K-f 89.207.65.70 (-):
JOINT STOCK COMPANY SVYAZIST,
RU. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
http
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:107 hits: 07-24 to 08-18]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
03:12:00 WinXP 193.250.28.104 (ABO.WANADOO.FR):
WANADOO FRANCE,
LYON, RHONE-ALPES, FR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:93 hits: 01-08 to 08-18] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
03:13:00 Win2K-f 122.53.117.223 (PLDT.NET):
IPG,
PH. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
141 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:33 hits: 06-18 to 08-16]
76ee340669
[Firefox:34 hits: 06-18 to 08-16] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
03:18:00 Win2K-f 24.71.146.51 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:20 hits: 06-18 to 08-15]
e53a9ea82e
[Firefox:20 hits: 06-18 to 08-15] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
03:21:00 Win2K-f 70.248.127.208 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:03:25:00 Win2K-f 68.146.195.227 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
03:35:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 e30fb27bda
[Firefox: 3 hits: 07-07 to 08-18] 		none[none] none:none
 none|none none none
T:03:36:00 WinXP 211.186.86.214 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
115.126.2.110:80 		135 pcap raw alerts
ruleset 		irc
http
1240 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
19 of 35
0 of 33
17 of 35
27 of 36
0 of 33		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
37f41fd8ab
[Firefox:107 hits: 07-24 to 08-18]
4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
none [none]
4c3df24b32[1]
none [none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
none:none
none:none
ASM:Graph
 tElock|
none|none
Armadillo|
none|none
none|none
FSG| 		none
none
lines=81
none
none
lines=92 		trace
none
trace
none
none
trace
T:03:36:00 WinXP 77.57.94.128 (SOLPA.NET):
CABLECOM,
ZURICH, ZURICH, CH. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 25d78144c5
[Firefox: 9 hits: 08-01 to 08-17] 		none[none] none:none
 none|none none none
03:49:00 WinXP 193.248.251.240 (STATIC-IP.OLEANE.FR):
TELECOM,
PARIS, ILE-DE-FRANCE, FR. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
EU:ebookfinaltrash.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 33
0 of 36		 55bbb36238
NEW
7dfa79a0fe
NEW 		none[4]
none [none] 		none:none
none:none
 ASPack|
none|none 		none
none 		trace
none
T:04:00:00 WinXP 86.56.42.186 (-):
INFOCITY CUSTOMER NETWORK,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:93 hits: 01-08 to 08-18] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
04:13:00 WinXP 193.248.248.1 (ABO.WANADOO.FR):
WANADOO FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:339 hits: 12-31 to 08-18] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
04:34:00 WinXP 114.120.71.28 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
04:38:00 Win2K-f 64.139.110.105 (JCURRY):
NCI DATA.COM INC,
OROVILLE, WASHINGTON, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:39:00 Win2K-f 118.217.125.194 (-):
. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
US:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
115.126.2.110:80
IL:194.90.224.86:80 		135 pcap raw alerts
ruleset 		irc
http
893 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
19 of 35
17 of 35
29 of 32
27 of 36
0 of 32		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
37f41fd8ab
[Firefox:107 hits: 07-24 to 08-18]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
61426996c3
[Firefox: 8 hits: 06-20 to 08-14]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
none [none]
none [none]
61426996c3[1]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
ASM:Graph
none:none
ASM:Graph
 tElock|
none|none
none|none
Armadillo|
none|none
ASProtect| 		none
none
none
lines=82
none
lines=90 		trace
none
none
trace
none
trace
04:40:00 Win2K-f 116.127.164.194 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.219:80
US:208.111.148.226:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
106 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 776985f561
[Firefox: 5 hits: 06-24 to 08-18]
8ec6129efe
[Firefox: 5 hits: 06-24 to 08-18] 		776985f561 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
T:04:43:00 WinXP 193.248.248.1 (ABO.WANADOO.FR):
WANADOO FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:339 hits: 12-31 to 08-18] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
04:48:00 WinXP 123.224.229.72 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:492 hits: 01-01 to 08-18] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
04:56:00 Win2K-f 65.184.28.105 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:04:57:00 Win2K-f 92.84.77.46 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
115.126.2.110:80 		445 pcap raw alerts
ruleset 		irc
http
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 35 5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18] 		none[none] none:none
 none|none none none
T:04:57:00 WinXP 122.52.75.194 (PLDT.NET):
IPG,
PH. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 		135 pcap raw alerts
ruleset 		http
irc
1212 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
19 of 35
17 of 35
33 of 33
0 of 33		 16874933ea
[Firefox:33 hits: 06-18 to 08-16]
37f41fd8ab
[Firefox:107 hits: 07-24 to 08-18]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
76ee340669
[Firefox:34 hits: 06-18 to 08-16]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		16874933ea [1]
none [none]
none [none]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
none:none
none:none
ASM:Graph
 Armadillo|
none|none
none|none
PolyEnE|
FSG| 		lines=82
none
none
none
lines=92 		trace
none
none
trace
trace
05:17:00 Win2K-f 61.222.6.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:05:22:00 WinXP 203.91.165.254 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b7082104e4
[Firefox:97 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
T:05:31:00 Win2K-f 118.218.20.206 (-):
. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
112 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
667f0c59f3
[Firefox:15 hits: 07-04 to 08-17] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
05:35:00 WinXP 86.155.13.179 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWANSEA, WALES, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:492 hits: 01-01 to 08-18] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:05:46:00 Win2K-f 151.200.151.83 (VERIZON.NET):
VERIZON INTERNET SERVICES,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:53:00 WinXP 83.25.70.85 (TPNET.PL):
NEOSTRADA PLUS,
GDANSK, POMORSKIE, PL. (DSL) 		194.54.90.246:80 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
8 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 34 d0a6e01449
NEW 		none[none] none:none
 none|none none none
T:05:54:00 WinXP 83.25.70.85 (TPNET.PL):
NEOSTRADA PLUS,
GDANSK, POMORSKIE, PL. (DSL) 		194.54.90.246:80 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 34 d0a6e01449
NEW 		none[none] none:none
 none|none none none
T:06:07:00 Win2K-f 82.239.28.58 (PROXAD.NET):
PROXAD / FREE SAS,
CHAMBERY, RHONE-ALPES, FR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:17:00 WinXP 75.82.147.241 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:27:00 Win2K-f 58.236.196.140 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
101 lines 		Yeah : 1.8
profile 		none summary
tarball 		0 of 33
none		 4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
6a4845ca11
[Firefox: 8 hits: 06-27 to 08-15] 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
06:34:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:06:41:00 Win2K-f 211.200.251.205 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33
0 of 32		 776985f561
[Firefox: 5 hits: 06-24 to 08-18]
8ec6129efe
[Firefox: 5 hits: 06-24 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		776985f561 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=82
none
lines=90 		trace
trace
trace
06:43:00 Win2K-f 70.184.12.52 (COX.NET):
COX COMMUNICATIONS,
NORTH KINGSTOWN, RHODE ISLAND, US. 		210.245.211.11:65520  
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:48:00 Win2K-f 211.176.30.55 (-):
HANMAG FUTURES COPORATION,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
667f0c59f3
[Firefox:15 hits: 07-04 to 08-17] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:06:56:00 Win2K-f 66.14.179.161 (GTE.NET):
GENUITY DSL,
TAMPA, FLORIDA, US. (DSL) 		210.245.211.11:65520  
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:57:00 WinXP 75.17.13.137 (SBCGLOBAL.NET):
RBACK34B.IRVNCA,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b7082104e4
[Firefox:97 hits: 06-18 to 08-18] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
T:07:08:00 Win2K-f 72.130.63.190 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TORRANCE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:16:00 Win2K-f 60.40.229.185 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:32:00 WinXP 12.214.251.105 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MILTON, FLORIDA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:34 hits: 01-14 to 08-18] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
07:36:00 Win2K-f 68.145.61.126 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
659 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 36
2 of 36
17 of 35
27 of 36
31 of 33		 2027bcd8e6
NEW
4946ffd9b2
NEW
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
d70e9267fe
[Firefox: 5 hits: 06-24 to 07-21] 		none[none]
none [none]
none [none]
none [none]
none [4] 		none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
PolyEnE| 		none
none
none
none
none 		none
none
none
none
trace
T:07:43:00 WinXP 77.20.208.50 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 bfec7d0b0b
[Firefox: 7 hits: 08-06 to 08-17] 		none[none] none:none
 none|none none none
07:44:00 WinXP 86.149.157.10 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:339 hits: 12-31 to 08-18] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:07:56:00 WinXP 67.10.216.218 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUGAR LAND, TEXAS, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:469 hits: 12-31 to 08-18] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:08:01:00 WinXP 118.87.15.13 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
0 of 33
34 of 36		 0b951c2832
NEW
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18]
e4ed4df0f0
NEW 		none[none]
e07c29c4ae[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
FSG|
none|none 		none
lines=92
none 		none
trace
none
08:03:00 WinXP 82.4.211.105 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
LUTON, ENGLAND, UK. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:13:00 WinXP 88.168.4.224 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:spi.domainsponsor.com
RU:www.bbin.ru
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
30 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
35 of 36		 57a990cbab
NEW
6b08153f86
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:08:17:00 WinXP 89.51.56.188 (PPPOOL.DE):
FREENET CITYLINE GMBH,
DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
08:18:00 Win2K-f 210.233.218.71 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 3ed16ae12d
[Firefox:13 hits: 06-19 to 08-18]
79c01ec060
[Firefox:22 hits: 06-18 to 08-18] 		3ed16ae12d [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
08:25:00 WinXP 172.191.150.67 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		http
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:08:29:00 WinXP 4.252.67.254 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:469 hits: 12-31 to 08-18] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
08:34:00 Win2K-f 125.4.155.199 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. 		n/a CA:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset 		irc
http
595 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 30
14 of 36		 2aa59ba425
[Firefox: 8 hits: 02-10 to 08-05]
ff06f98413
[Firefox: 2 hits: 08-14 to 08-18] 		2aa59ba425 [1]
none [none] 		ASM:Graph
none:none
 ASPack|
none|none 		lines=10
none 		trace
none
08:39:00 Win2K-f 119.94.173.114 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
US:ksn.a1001186.wrs.mcboo.com
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.kastora.com
IL:dl.bundlext.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		irc
http
1166 lines 		Yeah : 1.8
profile 		none summary
tarball 		2 of 36
31 of 33
17 of 35
27 of 36
28 of 33
0 of 32		 50d02fc3ff
NEW
56a3822608
[Firefox: 7 hits: 07-05 to 08-15]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
a4c433c5d3
[Firefox: 6 hits: 07-05 to 08-10]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
ASProtect| 		none
none
none
none
none
lines=90 		none
none
none
none
none
trace
T:08:40:00 WinXP 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:48:00 WinXP 220.219.252.185 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:09:00 WinXP 78.84.0.162 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9e4ccec7e5
NEW 		none[none] none:none
 none|none none none
09:10:00 WinXP 64.32.122.210 (CODETEL.NET.DO):
VERIZON DOMINICANA,
SANTIAGO, SANTIAGO, DO. 		n/a   445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:22:00 Win2K-f 202.91.84.6 (SWIFT-ONLINE.COM):
SWIFTMAIL COMMUNICATIONS LIMITED,
IN. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:34:00 Win2K-f 207.5.166.118 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:09:35:00 Win2K-f 119.95.63.66 (-):
. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
163 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36
34 of 36		 050034b1c4
NEW
987f4cb294
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
09:37:00 WinXP 203.91.186.107 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
65 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b7082104e4
[Firefox:97 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
09:38:00 WinXP 118.243.128.111 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:09:42:00 WinXP 211.207.184.110 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
113 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
34 of 36		 168aab35a3
[Firefox:100 hits: 06-17 to 08-18]
7cebed19c8
NEW 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:09:50:00 WinXP 67.9.99.148 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. 		n/a EU:siliconfireware.ru
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
GB:welcome3.smile.co.uk
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
http
http
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:474 hits: 01-01 to 08-18] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:09:51:00 Win2K-f 72.71.212.204 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BARRINGTON, NEW HAMPSHIRE, US. (100Mbps) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:52:00 WinXP 66.53.209.115 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:217 hits: 01-01 to 08-18] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
09:54:00 WinXP 201.172.203.147 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
09:58:00 WinXP 130.13.200.39 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:7000   445 pcap raw alerts
ruleset 		ftp
irc
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 9824b60bec
[Firefox: 2 hits: 08-18 to 08-18] 		none[none] none:none
 none|none none none
10:27:00 WinXP 210.206.10.17 (KONICS.COM):
BORANET-NET-210-206/,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
183 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32
0 of 33
28 of 32		 a1a5fa95b9
[Firefox: 2 hits: 06-22 to 07-21]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18]
e655846fa1
[Firefox: 2 hits: 06-22 to 07-21] 		none[4]
e07c29c4ae[1]
e655846fa1[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
FSG|
Armadillo| 		none
lines=92
lines=82 		trace
trace
trace
10:27:00 Win2K-f 116.127.207.34 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 32		 4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:10:30:00 WinXP 67.10.225.51 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KATY, TEXAS, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
10:39:00 Win2K-f 124.61.35.102 (-):
POWERCOM,
KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
irc
93 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
32 of 33
0 of 32		 4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
58408136a4
[Firefox:12 hits: 06-28 to 08-16]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		4c3df24b32 [1]
none [none]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
none|none
ASProtect| 		lines=81
none
lines=90 		trace
none
trace
T:10:42:00 Win2K-f 78.8.103.118 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		210.245.211.11:65520 US:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.kastora.com 		139 pcap raw alerts
ruleset 		irc
http
398 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 36
17 of 35
27 of 36
3 of 36		 2027bcd8e6
NEW
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
c1902c8af0
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:10:42:00 Win2K-f 124.61.35.102 (-):
POWERCOM,
KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
IL:wr.kastora.com
US:198.78.220.124:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		irc
http
1105 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 36
0 of 33
32 of 33
17 of 35
27 of 36
0 of 32
3 of 36		 2027bcd8e6
NEW
4c3df24b32
[Firefox:154 hits: 06-17 to 08-18]
58408136a4
[Firefox:12 hits: 06-28 to 08-16]
5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18]
664857e986
[Firefox:15 hits: 08-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18]
f5ce0e62c4
NEW 		none[none]
4c3df24b32[1]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
Armadillo|
none|none
none|none
none|none
ASProtect|
none|none 		none
lines=81
none
none
none
lines=90
none 		none
trace
none
none
none
trace
none
10:43:00 Win2K-f 78.8.103.118 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		139 pcap raw alerts
ruleset 		irc
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:56:00 WinXP 59.104.77.80 (SEED.NET.TW):
DIGITAL UNITED I,
KAOHSIUNG, KAO-HSIUNG, TW. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 c707b3f22a
[Firefox: 2 hits: 08-06 to 08-06] 		none[none] none:none
 none|none none none
T:11:02:00 Win2K-f 89.178.11.105 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 35 5ab0a45f63
[Firefox:128 hits: 07-24 to 08-18] 		none[none] none:none
 none|none none none
11:07:00 WinXP 79.132.196.219 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
UA:vit.ln.ua
:baner.vit
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
http
34 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 7dd1fe2970
[Firefox:17 hits: 02-03 to 07-30] 		dcc673c815 [0] ASM:Graph
 ASPack| lines=374
embedded dns 		trace
T:11:13:00 WinXP 213.22.89.153 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:15:00 Win2K-f 124.195.153.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:11:22:00 WinXP 79.132.193.230 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:www.altavista.com
:www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
SE:www.kavkazcenter.com
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:wpad
:ryryodokm.ru
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
NL:www.viruslist.com
:kargai.ru
:kfwfceki.ru
:nhuwxyuw.ru
:udluzuq.ru
RU:alfabank.ru
EU:crutop.nu
:fiazpvnne.ru
:ppxuub.ru
:lvwgdhwlj.ru
:raxeqajrf.ru
US:crime-research.ru
GB:www.candidateverifier.com
:dhagunb.ru
:zpwmktjv.ru
:aadqca.ru
:ygnrqi.ru
:ycgnbe.ru
RU:www.cbr.ru
:yeqsuem.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:21 hits: 04-18 to 08-12] 		none[3] none:none
 tElock| none trace
11:33:00 WinXP 78.52.102.18 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 90825c69eb
NEW 		none[none] none:none
 none|none none none
T:11:33:00 WinXP 78.52.102.18 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 90825c69eb
NEW 		none[none] none:none
 none|none none none
11:38:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:11:47:00 WinXP 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:11:48:00 WinXP 84.75.167.14 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
6 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 25d78144c5
[Firefox: 9 hits: 08-01 to 08-17] 		none[none] none:none
 none|none none none
11:55:00 Win2K-f 24.166.155.151 (RR.COM):
ROAD RUNNER HOLDCO LLC,
APPLETON, WISCONSIN, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:57:00 WinXP 76.193.33.225 (SBCGLOBAL.NET):
PPPOX POOL - RBACK6.CRCHTX,
DALLAS, TEXAS, US. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
GB:welcome3.smile.co.uk
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29
0 of 36
0 of 36		 a12cab51ef
[Firefox:474 hits: 01-01 to 08-18]
a94c932a65
NEW
dfada8893f
NEW 		40f7f463c4 [0]
none [none]
none [none] 		ASM:Graph
none:none
none:none
 ASPack|
none|none
none|none 		lines=281
embedded dns
none
none 		trace
none
none
12:13:00 WinXP 212.95.119.17 (POWERFOREN.DE):
OSNATEL,
DE. (100Mbps) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
12:15:00 Win2K-f 70.60.120.42 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
446 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 35 0cdddf2008
NEW 		none[none] none:none
 none|none none none
12:17:00 WinXP 130.13.47.185 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		shell
ftp
irc
20 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36 a81a7675ae
NEW 		none[none] none:none
 none|none none none
T:12:21:00 Win2K-f 207.5.163.123 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
12:22:00 WinXP 200.49.20.177 (BSR1000.PAPNET.CL):
PLUG AND PLAY NET S.A,
CL. 		n/a RU:moscow-advokat.ru
SE:ced.dal.net
:brussels.be.eu.undernet.org
SE:qis.md.us.dal.net
NL:diemen.nl.eu.undernet.org
:caen.fr.eu.undernet.org
SE:viking.dal.net
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
US:lia.zanet.net
:lulea.se.eu.undernet.org
SE:ozbytes.dal.net
SE:vancouver.dal.net
:flanders.be.eu.undernet.org
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 68a1859771
[Firefox: 3 hits: 08-13 to 08-15] 		none[none] none:none
 none|none none none
T:12:43:00 WinXP 124.241.181.164 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
12:56:00 WinXP 66.232.255.245 (TVCCONNECT.NET):
THAMES VALLEY COMMUNICATIONS INC,
RUSSELLVILLE, ARKANSAS, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
US:sptc01.information.com 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 34
29 of 29		 2a2052dd03
NEW
926ab62d33
NEW
a12cab51ef
[Firefox:474 hits: 01-01 to 08-18] 		none[none]
none [none]
40f7f463c4[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASPack| 		none
none
lines=281
embedded dns 		none
none
trace
T:12:58:00 WinXP 208.222.44.174 (WHEATSTATE.COM):
NETWORK TOOL AND DIE COMPANY,
CHANUTE, KANSAS, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 393d3a40db
[Firefox: 5 hits: 02-14 to 08-15] 		8a0ff8065a [0] ASM:Graph
 PolyEnE| lines=76 trace
T:13:02:00 WinXP 85.152.121.78 (CM-85-152-106-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 68a76c215f
NEW 		none[none] none:none
 none|none none none
13:09:00 Win2K-f 66.57.176.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUMTER, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:10:00 WinXP 76.193.33.225 (SBCGLOBAL.NET):
PPPOX POOL - RBACK6.CRCHTX,
DALLAS, TEXAS, US. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
34 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:474 hits: 01-01 to 08-18] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
13:38:00 WinXP 88.241.253.163 (TTNET.NET.TR):
TT ADSL-ALCATEL DINAMIK_ACI,
MUGLA, MUGLA, TR. (DSL) 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 5bd33f839a
NEW 		none[none] none:none
 none|none none none
T:13:39:00 WinXP 88.241.253.163 (TTNET.NET.TR):
TT ADSL-ALCATEL DINAMIK_ACI,
MUGLA, MUGLA, TR. (DSL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 5bd33f839a
NEW 		none[none] none:none
 none|none none none
T:13:48:00 Win2K-f 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:51:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
13:54:00 Win2K-f 66.207.71.77 (NTELOS.NET):
NTELOS - TRINITY REMOTE ADSL DHCP RANGE,
WAYNESBORO, VIRGINIA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
31 of 35
0 of 32		 039e3fa376
[Firefox: 2 hits: 07-24 to 08-06]
76f2c59ef8
[Firefox: 2 hits: 07-24 to 08-06]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
13:55:00 WinXP 76.177.220.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
YULEE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:14:13:00 WinXP 71.65.24.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:14:23:00 Win2K-f 216.129.125.240 (216.IN-ADDR.ARPA):
LAYER42.NET INC,
SANTA CLARA, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:35:00 WinXP 24.44.234.137 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
NORWALK, CONNECTICUT, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
14:56:00 WinXP 4.244.24.148 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:469 hits: 12-31 to 08-18] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:15:07:00 Win2K-f 121.73.129.4 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
349 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 7f89b38665
[Firefox: 5 hits: 08-02 to 08-16]
a51a50404e
[Firefox: 5 hits: 08-02 to 08-16] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:15:22:00 Win2K-f 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:15:29:00 Win2K-f 74.219.199.189 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
0 of 32		 126a1d4446
NEW
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[none]
73f1082158[1] 		none:none
ASM:Graph
 none|none
Armadillo| 		none
lines=81 		none
trace
15:30:00 Win2K-f 98.140.229.237 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:30:00 Win2K-f 130.13.201.46 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 36 9824b60bec
[Firefox: 2 hits: 08-18 to 08-18] 		none[none] none:none
 none|none none none
15:51:00 Win2K-f 68.121.87.20 (PACBELL.NET):
PPPOX POOL - RBACK4 IRVNCA,
LOS ANGELES, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:16:04:00 Win2K-f 208.84.203.85 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:45:00 WinXP 72.190.126.180 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:217 hits: 01-01 to 08-18] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:16:47:00 WinXP 24.44.234.137 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
NORWALK, CONNECTICUT, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:17:00:00 WinXP 201.0.9.36 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 4b2541d5f7
NEW 		none[none] none:none
 none|none none none
17:13:00 WinXP 116.41.102.110 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
122 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33
0 of 33		 4ab2ecbc0f
[Firefox: 6 hits: 06-29 to 08-13]
65eb2e3aee
[Firefox: 6 hits: 06-29 to 08-13]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
T:17:16:00 WinXP 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:25:00 WinXP 70.62.224.52 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
17:43:00 Win2K-f 199.224.94.50 (EPIX.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
MOUNTAIN TOP, PENNSYLVANIA, US. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
139 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 33
31 of 33		 ba4637f8f0
[Firefox: 7 hits: 07-01 to 08-18]
d02ae67164
[Firefox: 7 hits: 07-01 to 08-18] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
17:48:00 WinXP 70.184.78.246 (COX.NET):
COX COMMUNICATIONS,
TUCSON, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:17:57:00 Win2K-f 65.189.151.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:18:00:00 WinXP 220.57.120.8 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:18:02:00 Win2K-f 77.102.76.42 (BLUEYONDER.CO.UK):
CABLEINET,
UK. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
18:03:00 WinXP 218.211.220.76 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
18:04:00 WinXP 72.228.223.143 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a DE:siliconfireware.ru
:wpad
GB:new.egg.com
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:474 hits: 01-01 to 08-18] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
18:12:00 Win2K-f 75.16.228.74 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:25:00 WinXP 63.19.200.31 (UU.NET):
UUNET TECHNOLOGIES INC,
RALEIGH, NORTH CAROLINA, US. 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:25:00 Win2K-f 121.73.129.4 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		http
349 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 7f89b38665
[Firefox: 5 hits: 08-02 to 08-16]
a51a50404e
[Firefox: 5 hits: 08-02 to 08-16]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:18:26:00 WinXP 62.180.208.140 (IGNITE.NET):
BT-IGNITE DIAL-IN,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:18:29:00 WinXP 4.255.2.109 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CAMBRIDGE, MASSACHUSETTS, US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:988 hits: 12-31 to 08-18] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:29:00 Win2K-f 67.10.81.170 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. (100Mbps) 		194.109.11.65:6556 NL:0x80.online-software.org 135 pcap raw alerts
ruleset 		other
184 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 32 15d4d85dc0
[Firefox: 6 hits: 06-10 to 08-18] 		none[4] none:none
 StarForce| none trace
18:35:00 Win2K-f 61.34.136.32 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
152 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 9d1c8d89a4
[Firefox: 3 hits: 08-10 to 08-17]
b57dbae4a3
[Firefox: 3 hits: 08-10 to 08-17]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
18:51:00 Win2K-f 63.17.154.132 (UU.NET):
UUNET TECHNOLOGIES INC,
NEW YORK, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:18:59:00 Win2K-f 208.126.93.122 (NETINS.NET):
NETINS INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:19:02:00 WinXP 67.150.141.15 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SACRAMENTO, CALIFORNIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		2 of 36 ee4207ce8a
NEW 		none[none] none:none
 none|none none none
T:19:07:00 Win2K-f 24.31.224.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. 		n/a   135 pcap raw alerts
ruleset 		other
258 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 2bc347d52d
[Firefox: 3 hits: 08-04 to 08-14] 		none[none] none:none
 none|none none none
19:09:00 Win2K-f 71.101.199.42 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PALMETTO, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
19:09:00 WinXP 58.188.189.53 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:492 hits: 01-01 to 08-18] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
19:12:00 Win2K-f 61.218.192.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:19:16:00 WinXP 69.202.62.106 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SYRACUSE, NEW YORK, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:spi.domainsponsor.com 		445 pcap raw alerts
ruleset 		http
http
http
http
33 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 36
29 of 29		 47827f43d5
NEW
54c97309d1
NEW
a12cab51ef
[Firefox:474 hits: 01-01 to 08-18] 		none[none]
none [none]
40f7f463c4[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASPack| 		none
none
lines=281
embedded dns 		none
none
trace
19:30:00 Win2K-f 208.127.8.176 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		72.10.172.218:7382 :preek.oihduhdd.net
CA:italian.swiifatecihno.com
US:72.8.143.164:82 		135 pcap raw alerts
ruleset 		irc
222 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 32 5aeb9abc92
[Firefox: 8 hits: 07-15 to 08-09] 		none[none] none:none
 none|none none none
T:19:32:00 WinXP 70.95.190.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KAILUA, HAWAII, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:28 hits: 01-02 to 08-17] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:39:00 WinXP 117.99.25.57 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:469 hits: 12-31 to 08-18] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
19:40:00 WinXP 76.240.77.190 (SWBELL.NET):
PPPOX POOL - RBACK1.AUSTTX,
DALLAS, TEXAS, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 492957db81
[Firefox:16 hits: 01-01 to 08-15] 		064e4d7742 [0] ASM:Graph
 PolyEnE| lines=69
embedded dns 		trace
T:19:40:00 WinXP 76.240.77.190 (SWBELL.NET):
PPPOX POOL - RBACK1.AUSTTX,
DALLAS, TEXAS, US. 		n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
:irc.kar.net
:washington.dc.us.undernet.org
:gaspode.zanet.org.za
:los-angeles.ca.us.undernet.org
US:lia.zanet.net
NL:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 492957db81
[Firefox:16 hits: 01-01 to 08-15] 		064e4d7742 [0] ASM:Graph
 PolyEnE| lines=69
embedded dns 		trace
20:05:00 Win2K-f 74.78.51.236 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MIDDLETOWN, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
20:13:00 WinXP 121.124.128.187 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
1028 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33
0 of 33		 533d15b5ce
[Firefox:17 hits: 06-21 to 08-18]
58c343a8d8
[Firefox:18 hits: 06-21 to 08-18]
e07c29c4ae
[Firefox:297 hits: 06-19 to 08-18] 		none[4]
58c343a8d8[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
20:18:00 Win2K-f 209.127.196.20 (-):
TELSCAPE COMMUNICATIONS INC,
MONROVIA, CALIFORNIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:53:00 Win2K-f 63.23.172.124 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:03:00 Win2K-f 64.192.64.16 (WCG.NET):
LIGHTCORE A CENTURYTELCOMPANY,
NASHUA, NEW HAMPSHIRE, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
120 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
29 of 33
0 of 32		 1b94c1cc14
[Firefox: 6 hits: 07-01 to 08-18]
62728ad1cd
[Firefox: 6 hits: 07-01 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
21:19:00 WinXP 61.193.5.205 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:21:23:00 Win2K-f 219.164.13.225 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
http
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:29:00 Win2K-f 172.130.182.157 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
196 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 703944cf7c
NEW 		none[none] none:none
 none|none none none
T:21:31:00 WinXP 4.232.21.121 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CARSON, CALIFORNIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:41:00 WinXP 98.140.43.243 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:51:00 Win2K-f 24.67.164.171 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KELOWNA, BRITISH COLUMBIA, CA. (DSL) 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:204.160.126.126:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
100 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
1 of 33
0 of 32		 48f8b1a711
[Firefox:12 hits: 06-19 to 08-16]
aecf2a5fc9
[Firefox:10 hits: 06-19 to 08-16]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
aecf2a5fc9[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 PolyEnE|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:04:00 WinXP 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
57ce4acac2
[Firefox:125 hits: 06-17 to 08-18] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:19:00 WinXP 218.211.220.89 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:21:00 WinXP 61.46.132.158 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. 		n/a   135 pcap raw alerts
ruleset 		other
402 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 36 c4c5a56ffe
[Firefox: 2 hits: 08-15 to 08-18] 		none[none] none:none
 none|none none none
22:33:00 Win2K-f 81.40.180.189 (RIMA-TDE.NET):
TELEFONICA DE ESPANA SAU,
ES. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
22:34:00 WinXP 67.128.191.40 (SIDLINGER.COM):
EASTEX TELEPHONE COOPERATIVE INC,
LIVINGSTON, TEXAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7dd0429060
NEW 		none[none] none:none
 none|none none none
22:45:00 Win2K-f 124.61.34.217 (-):
POWERCOM,
KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
141 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 09c3d90250
[Firefox: 4 hits: 08-04 to 08-17]
8f34a39070
[Firefox: 4 hits: 08-04 to 08-17]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
T:22:49:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:57:00 WinXP 91.66.99.18 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 07ecb6c660
NEW 		none[none] none:none
 none|none none none
22:58:00 WinXP 60.47.190.246 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:298 hits: 01-05 to 08-18] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:23:15:00 WinXP 98.141.160.7 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:24:00 WinXP 4.248.1.246 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:469 hits: 12-31 to 08-18] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
23:28:00 Win2K-f 76.226.96.162 (SBCGLOBAL.NET):
PPPOX SE3.SFLDMI,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
73f1082158
[Firefox:788 hits: 06-18 to 08-18] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:56:00 Win2K-f 122.43.61.89 (-):
POWERCOMM,
KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
132 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 33
0 of 32
32 of 33		 8a93930ea8
[Firefox:11 hits: 07-06 to 08-05]
b5919931fe
[Firefox:374 hits: 06-20 to 08-18]
bc94f66052
[Firefox:11 hits: 07-06 to 08-05] 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
23:58:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 36
33 of 33
0 of 33		 3ee26bd073
NEW
53bfe15e91
[Firefox:1560 hits: 06-17 to 08-18]
a08f3b74a4
[Firefox:516 hits: 06-18 to 08-18] 		none[none]
none [4]
a08f3b74a4[1] 		none:none
none:none
ASM:Graph
 none|none
tElock|
Armadillo| 		none
none
lines=81 		none
trace
trace