Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

21 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:36:00 WinXP 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:04:00 WinXP 130.13.118.11 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a CA:dong.nagitiriheiwu.net 135 pcap raw alerts
ruleset 		irc
http
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		14 of 36 ff06f98413
[Firefox: 3 hits: 08-14 to 08-19] 		none[none] none:none
 none|none none none
01:06:00 Win2K-f 71.109.125.164 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.148.43:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
0 of 32
31 of 33		 277034540e
[Firefox: 6 hits: 07-12 to 08-18]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20]
ea43badccf
[Firefox: 6 hits: 07-12 to 08-18] 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
01:13:00 WinXP 24.210.243.206 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:30:00 WinXP 4.235.6.200 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ORLANDO, FLORIDA, US. (DIAL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
36 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:481 hits: 01-01 to 08-20] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
02:05:00 WinXP 116.126.249.246 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
2 of 35		 6ec2a8994b
[Firefox:16 hits: 06-18 to 08-20]
bcf66a38c8
[Firefox: 3 hits: 07-30 to 08-20] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
02:09:00 WinXP 86.155.14.166 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWANSEA, WALES, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:496 hits: 01-01 to 08-20] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
02:59:00 Win2K-f 122.110.4.112 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:00:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:02:00 WinXP 4.236.111.205 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:03:04:00 WinXP 210.187.156.119 (TM.NET.MY):
INFRA-TMNET,
IPOH, PERAK, MY. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
:www.proxy-socks.net
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 35 452313e1c7
NEW 		none[none] none:none
 none|none none none
03:14:00 Win2K-f 24.30.174.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:16:00 WinXP 123.225.126.122 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:307 hits: 01-05 to 08-20] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:22:00 WinXP 70.65.17.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:33:00 WinXP 202.71.56.189 (WARABI.NE.JP):
WARABI CABLE VISION CO. LTD,
WARABI, SAITAMA, JP. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox:13 hits: 04-05 to 08-13] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
T:03:47:00 WinXP 92.9.17.161 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:307 hits: 01-05 to 08-20] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:52:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
57ce4acac2
[Firefox:138 hits: 06-17 to 08-20] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:14:00 WinXP 117.99.15.83 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:04:17:00 WinXP 119.228.165.158 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:97 hits: 01-08 to 08-20] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:04:18:00 WinXP 79.76.74.63 (AS9105.COM):
TELINCO,
UK. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:66 hits: 01-14 to 08-20] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:04:22:00 WinXP 76.177.220.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
YULEE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
04:29:00 Win2K-f 99.170.21.97 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.73.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:12:00 WinXP 72.230.139.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
05:45:00 WinXP 220.156.25.124 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:307 hits: 01-05 to 08-20] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:47:00 WinXP 98.140.43.243 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:05:50:00 WinXP 144.138.215.12 (TMNS.NET.AU):
TELSTRAINTERNET31,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
b7082104e4
[Firefox:108 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
05:53:00 Win2K-f 98.141.161.158 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:06:47:00 WinXP 189.67.23.217 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:998 hits: 12-31 to 08-20] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:58:00 Win2K-f 219.251.192.240 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32
33 of 33
0 of 32		 5364c612fa
[Firefox: 4 hits: 07-06 to 08-07]
53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[none]
none [4]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
tElock|
ASProtect| 		none
none
lines=90 		none
trace
trace
06:59:00 WinXP 81.158.255.244 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:998 hits: 12-31 to 08-20] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:59:00 WinXP 218.36.66.120 (KRLINE.NET):
KRLINE INTERNET SERVICE INC,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
118 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
31 of 33
0 of 33		 b6dd987421
NEW
d789c8d157
[Firefox: 3 hits: 07-05 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
T:07:00:00 WinXP 81.158.255.244 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:998 hits: 12-31 to 08-20] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:07:02:00 Win2K-f 70.70.215.5 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
07:26:00 WinXP 118.86.3.168 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:89 hits: 01-03 to 08-16] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:46:00 Win2K-f 65.189.151.214 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:47:00 Win2K-f 218.211.221.153 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
07:54:00 WinXP 65.190.158.4 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:54:00 WinXP 98.140.228.136 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:07:55:00 WinXP 41.214.185.159 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 68a76c215f
[Firefox: 2 hits: 08-14 to 08-19] 		none[none] none:none
 none|none none none
T:08:13:00 Win2K-f 208.81.160.189 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:24:00 WinXP 190.31.140.221 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:89 hits: 01-03 to 08-16] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:31:00 WinXP 70.234.255.166 (SBCGLOBAL.NET):
PPPOX POOL - BRAS21.RCSNTX,
BEDFORD, TEXAS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:97 hits: 01-08 to 08-20] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
08:32:00 Win2K-f 24.87.153.239 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:44:00 WinXP 117.99.17.192 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:08:45:00 Win2K-f 63.17.197.127 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:209.84.20.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:45:00 WinXP 117.99.17.192 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
US:lia.zanet.net
:brussels.be.eu.undernet.org
SE:broadway.ny.us.dal.net
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
SE:coins.dal.net
SE:qis.md.us.dal.net
:lulea.se.eu.undernet.org
NL:london.uk.eu.undernet.org
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
08:53:00 Win2K-f 96.10.122.204 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:08:57:00 WinXP 66.137.92.241 (SWBELL.NET):
DIAL POOL - NAS1.LGVWTX,
CARTHAGE, TEXAS, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 		445 pcap raw alerts
ruleset 		http
http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:221 hits: 01-01 to 08-20] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
09:11:00 WinXP 117.99.6.210 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:09:21:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:22:00 WinXP 74.235.192.96 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:66 hits: 01-14 to 08-20] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
09:22:00 WinXP 82.243.230.52 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 289328df27
[Firefox: 2 hits: 08-07 to 08-07] 		none[none] none:none
 none|none none none
T:09:22:00 WinXP 82.243.230.52 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 289328df27
[Firefox: 2 hits: 08-07 to 08-07] 		none[none] none:none
 none|none none none
T:09:42:00 WinXP 124.84.31.2 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:496 hits: 01-01 to 08-20] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
09:43:00 WinXP 124.241.150.97 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
61 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
b7082104e4
[Firefox:108 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
10:10:00 Win2K-f 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:209.84.20.126:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 32		 3cd7958258
[Firefox:19 hits: 06-17 to 08-16]
41efedf70f
[Firefox:18 hits: 06-19 to 08-16]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
41efedf70f[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
T:10:11:00 WinXP 130.13.47.196 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:346 hits: 12-31 to 08-20] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
10:12:00 Win2K-f 217.34.42.213 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
FARNHAM, ENGLAND, UK. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		http
127 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 34
30 of 32
0 of 32		 4864a03a4b
[Firefox: 3 hits: 07-24 to 08-10]
7452c8448d
[Firefox:11 hits: 06-17 to 08-10]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[none]
none [4]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
PolyEnE|
ASProtect| 		none
none
lines=90 		none
trace
trace
T:10:28:00 WinXP 123.254.10.129 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:496 hits: 01-01 to 08-20] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
10:43:00 Win2K-f 98.141.161.7 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:43:00 WinXP 70.45.135.221 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
SAN JUAN, PUERTO RICO, PR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:998 hits: 12-31 to 08-20] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
10:47:00 WinXP 200.100.75.3 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 e253fef35b
[Firefox: 4 hits: 08-10 to 08-20] 		none[none] none:none
 none|none none none
10:59:00 WinXP 123.254.10.129 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:496 hits: 01-01 to 08-20] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:11:07:00 WinXP 190.188.184.21 (NET.AR):
PRIMA S.A,
AR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 9d51993bf7
NEW 		none[none] none:none
 none|none none none
11:15:00 WinXP 4.243.185.152 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PACIFICA, CALIFORNIA, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:11:31:00 Win2K-f 172.162.36.60 (AOL.COM):
AMERICA ONLINE,
US. 		n/a   135 pcap raw alerts
ruleset 		other
177 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 703944cf7c
NEW 		none[none] none:none
 none|none none none
T:11:32:00 Win2K-f 65.68.19.187 (-):
POPLAR PCS,
JONESBORO, ARKANSAS, US. (100Mbps) 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:199.93.44.126:80
US:209.84.20.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
28 of 32		 3f0a5b2ebe
[Firefox:13 hits: 06-18 to 08-20]
c6bfb5f0f2
[Firefox:13 hits: 06-18 to 08-20] 		none[4]
c6bfb5f0f2[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:11:39:00 WinXP 76.168.72.3 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VENICE, CALIFORNIA, US. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:346 hits: 12-31 to 08-20] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:11:40:00 WinXP 124.155.93.241 (ASAHI-NET.OR.JP):
ASAHI-NET-CIDR-BLK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 8ae058b2d0
[Firefox:10 hits: 05-01 to 08-17] 		e6a9383b75 [0] ASM:Graph
 none|none lines=59 trace
11:45:00 WinXP 70.74.220.25 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
11:51:00 Win2K-f 209.127.80.67 (-):
PREVISORA INSURANCE COMPANY CARACAS,
HOUSTON, TEXAS, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
122 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
32 of 36		 a8c074e136
NEW
fc22cbd605
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:12:00:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:12:02:00 Win2K-f 24.210.243.206 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
12:08:00 WinXP 63.160.228.188 (SPRINTLINK.NET):
SPRINT,
ST. JOSEPH, MICHIGAN, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:11:00 WinXP 24.195.233.174 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:28:00 WinXP 209.29.92.100 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:47:00 WinXP 24.39.158.80 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SARATOGA SPRINGS, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:207.123.47.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:14:00 WinXP 71.43.175.67 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:13:19:00 WinXP 79.112.225.19 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
[Firefox: 8 hits: 07-04 to 08-18] 		none[none] none:none
 none|none none none
T:13:23:00 WinXP 65.190.162.167 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:66 hits: 01-14 to 08-20] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
13:23:00 WinXP 65.190.162.167 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:66 hits: 01-14 to 08-20] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:13:38:00 WinXP 67.10.217.119 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUGAR LAND, TEXAS, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:13:45:00 WinXP 208.188.17.59 (SWBELL.NET):
AS101 RCSNTX DIAL POOL,
DALLAS, TEXAS, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:346 hits: 12-31 to 08-20] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
14:03:00 WinXP 201.0.9.36 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
irc
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 4b2541d5f7
NEW 		none[none] none:none
 none|none none none
T:14:03:00 WinXP 201.0.9.36 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 4b2541d5f7
NEW 		none[none] none:none
 none|none none none
T:14:10:00 WinXP 70.119.53.5 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:14:14:00 WinXP 81.182.101.127 (T-ONLINE.HU):
T-ONLINE ADSL CLIENTS (DYNAMIC ADDRESS POOL),
BUDAPEST, BUDAPEST, HU. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:346 hits: 12-31 to 08-20] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
14:33:00 WinXP 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:01:00 WinXP 207.5.200.185 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:06:00 Win2K-f 65.37.2.56 (FRONTIERNET.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
ROCHESTER, NEW YORK, US. 		210.245.211.11:65520 77.91.227.179:80 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
DE:hereall.net
IL:ksn.a1001186.wrs.flutix.com
EU:viacodecright2.com
IL:wr.kastora.com
IL:dl.bundlext.com 		135 pcap raw alerts
ruleset 		irc
http
2463 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36
14 of 36
26 of 36
4 of 36
8 of 36
34 of 36		 591b10ae0c
NEW
75d013e972
[Firefox: 3 hits: 08-20 to 08-20]
7f172e7407
NEW
83b181dc8f
NEW
b646ed5e8f
NEW
ed8407ee00
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none 		none
none
none
none
none
none
15:13:00 Win2K-f 68.74.78.170 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:15:14:00 Win2K-f 130.13.200.232 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 36 9824b60bec
[Firefox: 5 hits: 08-18 to 08-20] 		none[none] none:none
 none|none none none
15:14:00 WinXP 130.13.200.232 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		63.173.172.98:7000  
US:63.173.172.98:7000 		139 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 9824b60bec
[Firefox: 5 hits: 08-18 to 08-20] 		none[none] none:none
 none|none none none
15:25:00 WinXP 63.17.197.127 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:15:40:00 WinXP 69.225.203.116 (PACBELL.NET):
PPPOX POOL - RBACK5 IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:15:48:00 WinXP 12.76.4.108 (ATT.NET):
AT&T WORLDNET SERVICES,
LAWRENCEVILLE, NEW JERSEY, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:346 hits: 12-31 to 08-20] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:15:49:00 WinXP 170.51.104.110 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 1338638084
NEW 		none[none] none:none
 none|none none none
16:15:00 WinXP 24.76.186.78 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		http
96 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
25 of 34
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
b6cf789b7d
[Firefox: 2 hits: 07-22 to 08-04]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
none|none
FSG| 		none
none
lines=92 		trace
none
trace
16:36:00 WinXP 165.166.224.88 (INFOAVE.NET):
INFO AVENUE INTERNET SERVICES LLC,
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:37 hits: 01-02 to 08-18] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
T:16:36:00 WinXP 165.166.224.88 (INFOAVE.NET):
INFO AVENUE INTERNET SERVICES LLC,
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:37 hits: 01-02 to 08-18] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
T:16:54:00 WinXP 72.183.48.212 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:24:00 Win2K-f 12.219.9.244 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
WATERLOO, IOWA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:30:00 Win2K-f 24.43.97.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:31:00 WinXP 118.7.7.89 (-):
. 		n/a HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 670c7c2788
NEW 		none[none] none:none
 none|none none none
17:33:00 WinXP 63.160.74.73 (MEGALINK.NET):
OXFORD NETWORKS,
OXFORD, MAINE, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
135 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 35
32 of 36		 800a150255
NEW
d68923548b
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
17:41:00 Win2K-f 70.241.125.246 (SWBELL.NET):
PPPOX POOL - RBACK21 HSTNTX,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:56:00 WinXP 211.215.83.187 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 DE:dl2.teenpassage.com 135 pcap raw alerts
ruleset 		irc
55 lines 		Yeah : 1.8
profile 		none summary
tarball 		0 of 33 4c3df24b32
[Firefox:162 hits: 06-17 to 08-20] 		4c3df24b32 [1] ASM:Graph
 Armadillo| lines=81 trace
17:58:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.69:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
762 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
0 of 32
32 of 35		 4113025530
[Firefox: 5 hits: 07-30 to 08-18]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20]
e3ca792d99
[Firefox: 5 hits: 07-30 to 08-18] 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
T:18:01:00 WinXP 66.217.37.161 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:478 hits: 12-31 to 08-20] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
18:03:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
57ce4acac2
[Firefox:138 hits: 06-17 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
18:14:00 WinXP 117.99.19.90 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 35 001b6f7107
[Firefox: 4 hits: 07-29 to 08-08] 		none[none] none:none
 none|none none none
T:18:18:00 WinXP 205.240.136.138 (-):
SALINA-SPAVINAW TELEPHONE,
KANSAS, OKLAHOMA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:998 hits: 12-31 to 08-20] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:19:00 WinXP 68.149.34.20 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:207.123.37.124:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:23:00 Win2K-f 71.99.134.243 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ST. PETERSBURG, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:43:00 Win2K-f 202.103.8.131 (163DATA.COM.CN):
CHINANET HUBEI PROVINCE NETWORK,
WUHAN, HUBEI, CN. 		77.91.227.179:80 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
DE:hereall.net
:www.upononjob.cn
:mulfika.cn
EU:viacodecright2.com
IL:ksn.a1001186.wrs.flutix.com
IL:wr.kastora.com 		135 pcap raw alerts
ruleset 		irc
http
2226 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36
34 of 36
30 of 32
14 of 36
26 of 36
5 of 36
0 of 32
8 of 36		 591b10ae0c
NEW
723ead74bb
NEW
7452c8448d
[Firefox:11 hits: 06-17 to 08-10]
75d013e972
[Firefox: 3 hits: 08-20 to 08-20]
7f172e7407
NEW
9d7e724938
NEW
b5919931fe
[Firefox:429 hits: 06-20 to 08-20]
df688a6301
NEW 		none[none]
none [none]
none [4]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
PolyEnE|
none|none
none|none
none|none
ASProtect|
none|none 		none
none
none
none
none
none
lines=90
none 		none
none
trace
none
none
none
trace
none
T:18:44:00 WinXP 209.29.95.199 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		http
109 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
e07c29c4ae
[Firefox:337 hits: 06-19 to 08-20] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
19:23:00 Win2K-f 98.140.59.201 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:23:00 WinXP 122.146.240.169 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.46:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:58:00 Win2K-f 4.130.236.165 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:204.160.104.126:80
US:204.160.126.124:80
US:8.12.222.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
268 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36
32 of 36		 0a836cbce2
NEW
15f9f6c10f
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:20:05:00 WinXP 204.210.117.93 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
[Firefox:27 hits: 01-26 to 08-17] 		dfe02a1e52 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:20:00 WinXP 75.16.46.38 (SBCGLOBAL.NET):
RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:496 hits: 01-01 to 08-20] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:20:27:00 Win2K-f 190.134.136.63 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:31:00 WinXP 79.163.196.106 (-):
IDEA,
PL. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
8 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 35 dbbc586732
[Firefox:21 hits: 07-28 to 08-20] 		none[none] none:none
 none|none none none
20:57:00 Win2K-f 121.73.4.199 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:21:07:00 Win2K-f 75.116.22.9 (-):
ALLTEL SIP CUSTOMERS - PHOENIX,
PHOENIX, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:204.160.126.124:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:12:00 Win2K-f 75.116.22.9 (-):
ALLTEL SIP CUSTOMERS - PHOENIX,
PHOENIX, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20]
b5919931fe
[Firefox:429 hits: 06-20 to 08-20] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
21:37:00 WinXP 189.10.98.116 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:51:00 WinXP 219.248.224.61 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:162 hits: 06-17 to 08-20]
53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:22:06:00 WinXP 12.166.11.185 (PLACEPROPERTIES.COM):
PLACE PROPERTIES,
MARTIN, TENNESSEE, US. 		n/a EU:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com 		445 pcap raw alerts
ruleset 		http
http
http
29 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:481 hits: 01-01 to 08-20] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:22:07:00 Win2K-f 70.240.137.159 (SWBELL.NET):
PPPOX POOL - BRAS2 OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
a08f3b74a4
[Firefox:554 hits: 06-18 to 08-20] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:09:00 Win2K-f 219.251.122.220 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:162 hits: 06-17 to 08-20]
53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
22:10:00 WinXP 76.200.159.149 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:97 hits: 01-08 to 08-20] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
22:11:00 WinXP 24.84.106.134 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BLAINE, WASHINGTON, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36
31 of 36		 390fc2abcf
NEW
d8819d5861
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
22:43:00 Win2K-f 24.68.188.114 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:21 hits: 06-18 to 08-19]
e53a9ea82e
[Firefox:21 hits: 06-18 to 08-19] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
22:55:00 WinXP 58.106.48.140 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.44.124:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
135 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 48bc07f9ed
[Firefox: 3 hits: 06-21 to 07-04]
a5308d87d0
[Firefox: 5 hits: 06-21 to 07-04] 		none[4]
a5308d87d0[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:23:14:00 Win2K-f 121.124.128.187 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.219:80
US:208.111.148.226:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
124 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
[Firefox:18 hits: 06-21 to 08-19]
58c343a8d8
[Firefox:20 hits: 06-21 to 08-20] 		none[4]
58c343a8d8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
23:17:00 WinXP 121.125.22.27 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.219:80
US:208.111.148.226:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
131 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
29 of 33		 6ec2a8994b
[Firefox:16 hits: 06-18 to 08-20]
857b781ca9
[Firefox:11 hits: 06-18 to 08-16] 		none[4]
857b781ca9[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:23:40:00 Win2K-f 118.100.113.217 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
23:45:00 Win2K-f 209.253.123.98 (TOS.NET):
MDI ACCESS,
CHICAGO, ILLINOIS, US. 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
23:57:00 Win2K-f 70.73.107.59 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1671 hits: 06-17 to 08-20]
73f1082158
[Firefox:837 hits: 06-18 to 08-20] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace