Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

23 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:11:00 Win2K-f 24.30.174.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:207.123.37.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:00:39:00 WinXP 220.156.25.87 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
00:42:00 WinXP 75.82.147.241 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:205.128.73.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:45:00 Win2K-f 96.51.42.208 (-):
. 		72.10.172.218:9928 CA:teek.ihshsd8.com 135 pcap raw alerts
ruleset 		irc
http
647 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36
none		 57b907a474
[Firefox: 2 hits: 08-09 to 08-12]
88765a5690
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
00:47:00 Win2K-f 70.249.81.46 (SWBELL.NET):
PPPOX POOL - BRAS2 OKCYOK 070704,
EDMOND, OKLAHOMA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
00:55:00 Win2K-f 122.146.241.161 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
382 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
30 of 35		 3db2c812c0
[Firefox: 2 hits: 07-23 to 08-20]
797fdec34a
[Firefox: 2 hits: 07-23 to 08-20] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
00:55:00 Win2K-f 150.199.94.114 (MO.US):
MORENET,
COLUMBIA, MISSOURI, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.47.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:59:00 WinXP 118.219.237.248 (-):
. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:204.160.104.126:80
US:207.123.47.126:80
US:8.12.202.125:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
122 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
31 of 33		 0f7b6b4c31
[Firefox: 3 hits: 08-09 to 08-18]
168aab35a3
[Firefox:110 hits: 06-17 to 08-20] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
T:01:20:00 WinXP 89.165.24.189 (-):
NEDA GOSTAR SABA DATA TRANSFER COMPANY PRIVATE JOINT STOCK,
IR. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		27 of 32 f190da6fbe
[Firefox:25 hits: 01-02 to 08-20] 		d8dc6af14c [0] ASM:Graph
 PolyEnE| lines=68 trace
01:24:00 WinXP 213.102.100.97 (TELE2.DE):
TELE2 GERMANY GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
01:25:00 WinXP 218.210.80.111 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
57ce4acac2
[Firefox:142 hits: 06-17 to 08-22] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:31:00 WinXP 114.120.52.201 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
01:33:00 WinXP 116.124.41.204 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.174:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
0 of 33
0 of 33		 168aab35a3
[Firefox:110 hits: 06-17 to 08-20]
4c3df24b32
[Firefox:166 hits: 06-17 to 08-22]
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[4]
4c3df24b32[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:45:00 Win2K-f 74.219.199.189 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
0 of 32		 126a1d4446
NEW
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[none]
73f1082158[1] 		none:none
ASM:Graph
 none|none
Armadillo| 		none
lines=81 		none
trace
T:02:22:00 WinXP 194.97.234.200 (PPPOOL.DE):
FREENET CITYLINE GMBH,
FRANKFURT, HESSEN, DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
02:38:00 WinXP 220.156.72.177 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		none f8be62d9a3
NEW 		none[none] none:none
 none|none none none
02:40:00 WinXP 76.244.146.109 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:44:00 Win2K-f 96.11.103.48 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
IL:ksn.a1001186.wrs.flutix.com
IL:wr.kastora.com
115.126.2.110:80
US:208.111.148.174:80
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		irc
http
393 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 36
26 of 36
32 of 36
35 of 36		 75d013e972
[Firefox: 6 hits: 08-20 to 08-22]
812a0cf35a
NEW
95a1e56583
[Firefox: 4 hits: 08-02 to 08-09]
b39357c344
[Firefox: 4 hits: 08-02 to 08-09] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
02:48:00 WinXP 75.33.114.78 (-):
DHCP STLSMO RBACK,
ST. LOUIS, MISSOURI, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
135 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
0 of 33
32 of 33		 c925f34dbe
[Firefox: 2 hits: 06-27 to 08-11]
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22]
f3f14bc33d
[Firefox: 2 hits: 06-27 to 08-11] 		none[none]
e07c29c4ae[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
FSG|
none|none 		none
lines=92
none 		none
trace
none
03:03:00 Win2K-f 216.205.217.140 (CINERGYCOM.NET):
CINERGY COMMUNICATIONS COMPANY,
JACKSON, TENNESSEE, US. (DSL) 		210.245.211.11:65520 IL:wr.kastora.com
HK:proxim.ircgalaxy.pl
IL:dl.bundlext.com
US:berlinads4.com
US:b158.mcboo.com
US:microsoft.com
US:download.microsoft.com
115.126.2.110:80
IL:194.90.224.86:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
http
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		b5919931fe [1] ASM:Graph
 ASProtect| lines=90 trace
T:03:11:00 WinXP 96.14.173.122 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.173.42:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
135 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
35 of 36		 95a1e56583
[Firefox: 4 hits: 08-02 to 08-09]
b39357c344
[Firefox: 4 hits: 08-02 to 08-09] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:03:30:00 Win2K-f 69.89.163.144 (QCOL.NET):
QCOL INC,
CONFLUENCE, PENNSYLVANIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:03:40:00 WinXP 206.248.211.41 (NTELOS.NET):
NTELOS - WAYNESBORO ADSL DHCP RANGE,
WAYNESBORO, VIRGINIA, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
7 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox:11 hits: 08-08 to 08-22] 		none[none] none:none
 none|none none none
T:03:45:00 WinXP 70.66.200.144 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COURTENAY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
55 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
T:03:57:00 Win2K-f 12.227.205.168 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
DAVENPORT, IOWA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:04:00 WinXP 116.0.207.246 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
04:07:00 WinXP 130.13.96.177 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 2dac184b3e
NEW 		none[none] none:none
 none|none none none
04:38:00 WinXP 121.102.148.121 (HI-HO.NE.JP):
PANASONIC NETWORK SERVICES INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
04:42:00 WinXP 4.229.195.131 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LANSING, MICHIGAN, US. (DIAL) 		194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset 		other
712 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 32 15d4d85dc0
[Firefox: 8 hits: 06-10 to 08-22] 		none[4] none:none
 StarForce| none trace
04:43:00 Win2K-f 76.177.220.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
YULEE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:53:00 Win2K-f 4.252.19.125 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BLAINE, MINNESOTA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
05:05:00 Win2K-f 212.124.173.87 (YUBC.NET):
YUBC SYSTEM,
CS. (DSL) 		n/a :hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1550 hits: 04-27 to 07-25] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:05:06:00 Win2K-f 211.58.238.63 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
05:14:00 Win2K-f 211.76.41.133 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
197 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
30 of 33
0 of 32		 9963e9c1ff
NEW
a647a60592
NEW
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
05:25:00 Win2K-f 116.127.164.194 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:209.84.20.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
125 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33
0 of 32		 776985f561
[Firefox: 7 hits: 06-24 to 08-19]
8ec6129efe
[Firefox: 7 hits: 06-24 to 08-19]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		776985f561 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=82
none
lines=90 		trace
trace
trace
T:05:37:00 WinXP 221.185.72.136 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
NAGOYA, AICHI, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:41:00 WinXP 76.182.2.6 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
DE:ebookfinaltrash.ru
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
http
39 lines 		Yeah : 0.8
profile 		none summary
tarball 		none
29 of 29
none		 27efd0d239
NEW
a12cab51ef
[Firefox:484 hits: 01-01 to 08-22]
bde0cba53d
NEW 		none[none]
40f7f463c4[0]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASPack|
none|none 		none
lines=281
embedded dns
none 		none
trace
none
05:44:00 Win2K-f 24.78.169.3 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:03:00 Win2K-f 80.222.132.192 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:06:05:00 Win2K-f 70.249.81.46 (SWBELL.NET):
PPPOX POOL - BRAS2 OKCYOK 070704,
EDMOND, OKLAHOMA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:15:00 WinXP 82.237.18.201 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) 		n/a :hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1550 hits: 04-27 to 07-25] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
T:06:19:00 WinXP 67.1.14.198 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
MERIDIAN, IDAHO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
183 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
06:31:00 WinXP 60.249.198.98 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
57ce4acac2
[Firefox:142 hits: 06-17 to 08-22] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:37:00 Win2K-f 219.39.220.70 (BBTEC.NET):
SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
89 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
06:39:00 Win2K-f 59.147.143.159 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
06:48:00 WinXP 78.84.114.21 (MICROLINK.LV):
TELEKOM,
RIGA, RIGA, LV. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 0af737004d
NEW 		none[none] none:none
 none|none none none
07:02:00 WinXP 213.45.204.195 (POOL21345.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A,
BOLOGNA, EMILIA-ROMAGNA, IT. 		n/a   445 pcap raw alerts
ruleset 		shell
shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
07:03:00 Win2K-f 68.74.72.22 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:12:00 WinXP 70.77.58.240 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.173.53:80
HK:210.245.211.11:65520
US:69.28.178.10:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
135 lines 		Yeah : 1.8
profile 		none summary
tarball 		none
none		 6905ca887e
NEW
9a2feabbac
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:22:00 Win2K-f 68.149.138.251 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:25:00 WinXP 93.148.27.40 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1550 hits: 04-27 to 07-25] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
07:40:00 WinXP 98.135.77.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 34		 0bfa79dc19
[Firefox: 7 hits: 07-22 to 08-18]
8dfb3b619f
[Firefox: 8 hits: 07-22 to 08-18] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:43:00 WinXP 124.115.15.45 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22]
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
07:50:00 WinXP 221.125.195.35 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:503 hits: 01-01 to 08-22] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:07:58:00 WinXP 76.87.52.32 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a RU:moscow-advokat.ru
SE:coins.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:492 hits: 12-31 to 08-22] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:08:11:00 WinXP 130.13.41.228 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
08:22:00 Win2K-f 70.184.14.218 (COX.NET):
COX COMMUNICATIONS,
JOHNSTON, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:08:51:00 WinXP 209.239.21.49 (EXECULINK.COM):
EXECULINK INTERNET SERVICES CORPORATION,
LONDON, ONTARIO, CA. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:58:00 WinXP 172.129.240.155 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
270 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32 9bc67c754e
[Firefox: 3 hits: 06-28 to 08-14] 		none[none] none:none
 none|none none none
T:09:33:00 WinXP 217.202.196.227 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 88a52ae8ef
NEW 		none[none] none:none
 none|none none none
09:33:00 WinXP 217.202.196.227 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 88a52ae8ef
NEW 		none[none] none:none
 none|none none none
09:43:00 WinXP 130.13.190.79 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		other
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
09:47:00 Win2K-f 71.101.192.250 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PALMETTO, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
09:50:00 Win2K-f 219.251.192.240 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
US:192.221.99.126:80
US:205.128.73.126:80
US:207.123.42.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
115 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 32
33 of 33		 5364c612fa
[Firefox: 5 hits: 07-06 to 08-21]
53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
09:51:00 Win2K-f 116.127.164.191 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:192.221.99.126:80
US:205.128.73.126:80
US:207.123.42.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
100 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 776985f561
[Firefox: 7 hits: 06-24 to 08-19]
8ec6129efe
[Firefox: 7 hits: 06-24 to 08-19] 		776985f561 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
10:29:00 Win2K-f 84.146.239.6 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
REGENSBURG, BAYERN, DE. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
http
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:37:00 Win2K-f 125.58.82.209 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:10:45:00 WinXP 83.181.43.250 (TELE2.AT):
TELE2 AUSTRIA,
VIENNA, WIEN, AT. 		n/a :www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
EU:crutop.nu
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
:kargai.ru
:kfwfceki.ru
:nhuwxyuw.ru
RU:alfabank.ru
:udluzuq.ru
:fiazpvnne.ru
:ppxuub.ru
:lvwgdhwlj.ru
:www.proxy-socks.net
:raxeqajrf.ru
GB:www.candidateverifier.com 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none 55920d1404
NEW 		none[none] none:none
 none|none none none
10:46:00 WinXP 83.181.43.250 (TELE2.AT):
TELE2 AUSTRIA,
VIENNA, WIEN, AT. 		n/a :www.google.com.au
US:www.yahoo.com
:jbeegvia.ru 		135 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none f26cd0d5b0
NEW 		none[none] none:none
 none|none none none
11:04:00 WinXP 218.217.145.166 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
83 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:24:00 Win2K-f 218.211.147.249 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
11:28:00 WinXP 4.184.80.75 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAKEWOOD, NEW JERSEY, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:10:00 WinXP 118.7.119.116 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:12:10:00 Win2K-f 76.177.220.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
YULEE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:23:00 WinXP 200.57.22.240 (BESTEL.COM.MX):
CABLE NET INTERNATIONAL S.A. DE C.V,
MX. 		210.245.211.11:65520 DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:26:00 Win2K-f 200.57.22.240 (BESTEL.COM.MX):
CABLE NET INTERNATIONAL S.A. DE C.V,
MX. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none f93c947614
NEW 		none[none] none:none
 none|none none none
12:33:00 Win2K-f 199.224.91.67 (EPIX.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
BLOOMSBURG, PENNSYLVANIA, US. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:209.84.20.126:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
135 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 33
31 of 33		 ba4637f8f0
[Firefox: 8 hits: 07-01 to 08-19]
d02ae67164
[Firefox: 8 hits: 07-01 to 08-19] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:12:36:00 WinXP 85.139.230.175 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none e4157a2cc3
NEW 		none[none] none:none
 none|none none none
T:12:43:00 Win2K-f 193.248.34.251 (ABO.WANADOO.FR):
WANADOO FRANCE,
LIMOGES, LIMOUSIN, FR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:46:00 WinXP 91.66.21.234 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b19b1a3b65
NEW 		none[none] none:none
 none|none none none
12:52:00 Win2K-f 200.57.20.116 (BESTEL.COM.MX):
CABLE NET INTERNATIONAL S.A. DE C.V,
MX. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
9 lines 		Yeah : 1.3
profile 		none summary
tarball 		none f93c947614
NEW 		none[none] none:none
 none|none none none
T:12:55:00 WinXP 200.57.20.116 (BESTEL.COM.MX):
CABLE NET INTERNATIONAL S.A. DE C.V,
MX. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
9 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
12:56:00 WinXP 24.65.48.130 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VICTORIA, BRITISH COLUMBIA, CA. (DSL) 		210.245.211.11:65520 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 07ecb6c660
NEW 		none[none] none:none
 none|none none none
T:12:58:00 Win2K-f 59.113.64.24 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:08:00 Win2K-f 71.107.109.206 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:09:00 WinXP 217.184.14.252 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
BERLIN, BERLIN, DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:13:11:00 Win2K-f 71.126.226.80 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMBRIDGE, MASSACHUSETTS, US. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:47:00 WinXP 202.39.210.91 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:52:00 WinXP 67.241.62.146 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:30 hits: 01-02 to 08-22] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
13:53:00 WinXP 12.73.101.246 (ATT.NET):
AT&T WORLDNET SERVICES,
TACOMA, WASHINGTON, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:39 hits: 01-02 to 08-21] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
14:16:00 WinXP 87.196.150.183 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
LISBON, LISBOA, PT. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a0044bcb25
[Firefox: 8 hits: 08-02 to 08-22] 		none[none] none:none
 none|none none none
T:14:17:00 WinXP 87.196.150.183 (NET.NOVIS.PT):
NOVIS TELECOM S.A,
LISBON, LISBOA, PT. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a0044bcb25
[Firefox: 8 hits: 08-02 to 08-22] 		none[none] none:none
 none|none none none
14:17:00 WinXP 66.52.224.125 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SEATTLE, WASHINGTON, US. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
14:21:00 WinXP 66.53.83.18 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:492 hits: 12-31 to 08-22] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:14:21:00 WinXP 66.53.83.18 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:492 hits: 12-31 to 08-22] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
14:26:00 Win2K-f 70.70.215.5 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
794 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 292524fd0a
NEW 		none[none] none:none
 none|none none none
14:28:00 Win2K-f 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:198.78.201.126:80
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:00:00 WinXP 24.195.233.174 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:29:00 Win2K-f 172.131.110.43 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:33:00 Win2K-f 24.82.156.163 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PORTAGE, MANITOBA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:15:39:00 WinXP 68.114.154.17 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:15 hits: 08-02 to 08-15] 		none[none] none:none
 none|none none none
15:48:00 WinXP 4.231.5.111 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW IBERIA, LOUISIANA, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
:www.proxy-socks.net 		445 pcap raw alerts
ruleset 		http
http
http
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none
29 of 29		 4b8f246a8b
NEW
df17a625ee
[Firefox:223 hits: 01-01 to 08-22] 		none[none]
9bbdd086c5[0] 		none:none
ASM:Graph
 none|none
ASPack| 		none
lines=186
embedded dns 		none
trace
15:51:00 Win2K-f 76.216.91.0 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
DALLAS, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:207.123.37.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:02:00 WinXP 97.96.138.54 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
33 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:484 hits: 01-01 to 08-22] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:16:03:00 Win2K-f 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.124:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:04:00 Win2K-f 70.60.10.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NASHPORT, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:16:17:00 WinXP 66.172.229.168 (LONGLINES.COM):
ORANGE CITY COMMUNICATIONS,
SIOUX CITY, IOWA, US. 		n/a   135 pcap raw alerts
ruleset 		other
433 lines 		Yeah : 1.3
profile 		none summary
tarball 		none a98959852f
NEW 		none[none] none:none
 none|none none none
16:33:00 Win2K-f 206.171.178.11 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:48:00 Win2K-f 206.171.178.11 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:204.160.104.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:03:00 Win2K-f 190.208.70.21 (-):
. 		n/a :hail.dns2go.com 445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 5f78ff609d
[Firefox:1550 hits: 04-27 to 07-25] 		d4a06bdc3a [0] ASM:Graph
 none|none lines=4 trace
17:05:00 WinXP 122.25.64.42 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:28:00 WinXP 205.240.136.245 (-):
SALINA-SPAVINAW TELEPHONE,
KANSAS, OKLAHOMA, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:29:00 WinXP 205.240.136.245 (-):
SALINA-SPAVINAW TELEPHONE,
KANSAS, OKLAHOMA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:29:00 WinXP 122.25.64.42 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:316 hits: 01-05 to 08-22] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
17:37:00 WinXP 130.13.34.167 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:17:39:00 Win2K-f 67.10.81.170 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. (100Mbps) 		194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset 		other
267 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 32 15d4d85dc0
[Firefox: 8 hits: 06-10 to 08-22] 		none[4] none:none
 StarForce| none trace
17:58:00 Win2K-f 75.16.229.49 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:04:00 WinXP 70.76.160.49 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:18:04:00 WinXP 70.76.160.49 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:18:00 WinXP 58.107.53.179 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none
0 of 33		 29e37f674b
NEW
410269507b
NEW
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
18:27:00 WinXP 4.159.113.248 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GRAND RAPIDS, MICHIGAN, US. (DIAL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:492 hits: 12-31 to 08-22] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:18:55:00 Win2K-f 192.203.2.145 (AF.MIL):
ENGINEERING ANALYSIS AF,
SAN ANTONIO, TEXAS, US. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.153.231:80
US:208.111.153.236:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
119 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 35
32 of 35		 2d76ff4e53
[Firefox: 5 hits: 07-23 to 08-20]
7df1377ee3
[Firefox: 5 hits: 07-23 to 08-20] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
19:11:00 Win2K-f 76.78.54.50 (APOGEENET.NET):
APOGEE TELECOM INC,
AUSTIN, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
195 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 4399ada715
NEW
8bda658cfc
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:19:11:00 WinXP 4.170.48.79 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MIAMI, FLORIDA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22]
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
19:17:00 WinXP 61.227.99.23 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		80.83.116.59:9890 DE:f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:408 hits: 03-31 to 08-13] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:19:00 Win2K-f 122.53.120.18 (PLDT.NET):
IPG,
PH. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:21:00 WinXP 117.99.11.88 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
5 lines 		Yeah : 1.8
profile 		none summary
tarball 		36 of 36 e253fef35b
[Firefox: 6 hits: 08-10 to 08-22] 		none[none] none:none
 none|none none none
T:19:53:00 Win2K-f 208.105.186.90 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:26:00 WinXP 69.80.164.227 (APOGEENET.NET):
SUNY BROCKPORT,
BROCKPORT, NEW YORK, US. 		210.245.211.11:65520 194.54.90.246:80 HK:proxima.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		none b7d380ff22
NEW 		none[none] none:none
 none|none none none
20:39:00 WinXP 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a   135 pcap raw alerts
ruleset 		other
74 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:41:00 WinXP 122.53.41.215 (PLDT.NET):
IPG,
PH. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:192.221.108.126:80
US:207.123.42.126:80
US:4.23.60.125:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
162 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:35 hits: 06-18 to 08-19]
76ee340669
[Firefox:36 hits: 06-18 to 08-19] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
T:20:45:00 Win2K-f 221.143.126.172 (GUTZWILLER.CH):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:192.221.108.126:80
US:207.123.42.126:80
US:4.23.60.125:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
118 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 9d571adc3c
[Firefox: 5 hits: 07-04 to 08-15]
a704164588
[Firefox: 7 hits: 07-04 to 08-15] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:52:00 WinXP 67.2.242.55 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
SIOUX CITY, IOWA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:207.123.46.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
150 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
73f1082158
[Firefox:875 hits: 06-18 to 08-22] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:06:00 Win2K-f 190.139.120.122 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:29:00 Win2K-f 24.80.98.70 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 		135 pcap raw alerts
ruleset 		http
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
0 of 32
2 of 32		 607b60ad51
[Firefox:24 hits: 06-20 to 08-22]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22]
e5c7bce70e
[Firefox:23 hits: 06-20 to 08-22] 		none[4]
b5919931fe[1]
e5c7bce70e[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
ASProtect|
Armadillo| 		none
lines=90
lines=81 		trace
trace
trace
21:30:00 Win2K-f 69.107.174.37 (PACBELL.NET):
3CIM INC,
SAN JOSE, CALIFORNIA, US. (DSL) 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:199.93.44.126:80
US:207.123.37.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
132 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
0 of 32
29 of 33		 1f59c01aef
[Firefox: 6 hits: 08-01 to 08-20]
b5919931fe
[Firefox:449 hits: 06-20 to 08-22]
dc92683d9a
[Firefox:13 hits: 06-19 to 08-20] 		none[none]
b5919931fe[1]
dc92683d9a[1] 		none:none
ASM:Graph
ASM:Graph
 none|none
ASProtect|
Armadillo| 		none
lines=90
lines=82 		none
trace
trace
T:21:30:00 Win2K-f 200.43.27.133 (NET.AR):
APOLO-GOLD-TELECOM,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:33:00 WinXP 144.134.21.178 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:52:00 Win2K-f 24.69.103.232 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
402 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 36 c4c5a56ffe
[Firefox: 5 hits: 08-15 to 08-22] 		none[none] none:none
 none|none none none
22:11:00 WinXP 203.153.41.34 (-):
RAILWAY BOARD NEW DELHI,
DELHI, DELHI, IN. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none
0 of 33		 77bf3c6d25
NEW
88fd020726
NEW
e07c29c4ae
[Firefox:356 hits: 06-19 to 08-22] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
22:41:00 WinXP 59.158.242.115 (UCOM.NE.JP):
G-KG0018N,
JP. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:503 hits: 01-01 to 08-22] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:22:41:00 WinXP 70.187.5.187 (COX.NET):
COX COMMUNICATIONS,
RESTON, VIRGINIA, US. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:205.128.73.126:80
US:207.123.37.124:80
US:207.123.46.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
118 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 33
32 of 36		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
bea8cb1865
[Firefox: 6 hits: 08-11 to 08-22] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
22:53:00 Win2K-f 211.176.160.19 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.153.231:80
US:208.111.153.236:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
151 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
30 of 33		 2e04b06527
[Firefox: 5 hits: 06-18 to 08-16]
5c054291de
[Firefox: 5 hits: 06-18 to 08-16] 		none[4]
5c054291de[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:23:07:00 Win2K-f 24.71.146.51 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.201.126:80
US:207.123.37.123:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:23 hits: 06-18 to 08-22]
e53a9ea82e
[Firefox:23 hits: 06-18 to 08-22] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
23:09:00 Win2K-f 208.77.181.35 (MYCOMSPAN.COM):
COMSPAN BANDON NETWORK LLC,
BANDON, OREGON, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 35
32 of 35		 2d76ff4e53
[Firefox: 5 hits: 07-23 to 08-20]
7df1377ee3
[Firefox: 5 hits: 07-23 to 08-20] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
23:11:00 WinXP 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.201.126:80
US:207.123.37.123:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:15:00 Win2K-f 222.234.234.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
114 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 b74e792974
[Firefox: 5 hits: 06-18 to 08-22]
f0e73c39a8
[Firefox: 6 hits: 06-18 to 08-22] 		b74e792974 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
23:17:00 Win2K-f 58.224.59.163 (HANANET.NET):
HANARO TELECOM INC,
KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:199.93.41.126:80
US:199.93.44.126:80
US:4.23.60.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
110 lines 		Yeah : 1.8
profile 		none summary
tarball 		0 of 33
31 of 33		 a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22]
ddd2a2b264
[Firefox: 2 hits: 06-17 to 06-26] 		a08f3b74a4 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
23:32:00 WinXP 213.76.123.203 (TPNET.PL):
TELEKOMUNIKACJA POLSKA S.A. CST,
GDANSK, POMORSKIE, PL. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru
US:adult-empire.com 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:32:00 WinXP 213.76.123.203 (TPNET.PL):
TELEKOMUNIKACJA POLSKA S.A. CST,
GDANSK, POMORSKIE, PL. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1009 hits: 12-31 to 08-22] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
23:46:00 Win2K-f 79.133.137.224 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
US:microsoft.com
US:download.microsoft.com
DE:85.114.141.207:80 		445 pcap raw alerts
ruleset 		irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
23:52:00 WinXP 193.248.161.200 (STATIC-IP.OLEANE.FR):
TELECOM,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:356 hits: 12-31 to 08-22] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
23:54:00 Win2K-f 99.250.162.5 (STERLINGSTUDENTS.NET):
ROGERS CABLE COMMUNICATIONS INC,
CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
none
0 of 33		 53bfe15e91
[Firefox:1754 hits: 06-17 to 08-22]
74beb44673
NEW
a08f3b74a4
[Firefox:586 hits: 06-18 to 08-22] 		none[4]
none [none]
a08f3b74a4[1] 		none:none
none:none
ASM:Graph
 tElock|
none|none
Armadillo| 		none
none
lines=81 		trace
none
trace