Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

26 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:06:00 Win2K-f 98.141.161.158 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:10:00 Win2K-f 72.136.35.109 (ROGERS.COM):
ROGERS CABLE INC. YM,
TORONTO, ONTARIO, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:49:00 Win2K-f 75.79.36.167 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
33 lines 		Yeah : 1.3
profile 		none summary
tarball 		2 of 36 9ba1f1416a
NEW 		none[none] none:none
 none|none none none
T:01:10:00 WinXP 66.63.81.104 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25]
e07c29c4ae
[Firefox:371 hits: 06-19 to 08-25] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:13:00 WinXP 117.99.49.194 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:01:13:00 WinXP 117.99.49.194 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
01:23:00 WinXP 58.226.13.186 (HANANET.NET):
HANARO TELECOM INC,
KR. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:198.78.201.126:80
US:207.123.47.126:80
US:209.84.20.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
139 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 35
31 of 35		 3791fd8fbc
NEW
739d080108
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:47:00 WinXP 114.120.23.28 (-):
. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 60355a8247
NEW 		none[none] none:none
 none|none none none
01:59:00 Win2K-f 60.249.198.98 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
57ce4acac2
[Firefox:150 hits: 06-17 to 08-25]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
02:04:00 WinXP 118.236.240.1 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox:20 hits: 06-22 to 08-04] 		none[4] none:none
 none|none none trace
02:09:00 Win2K-f 122.146.82.217 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
02:11:00 WinXP 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
57ce4acac2
[Firefox:150 hits: 06-17 to 08-25]
e07c29c4ae
[Firefox:371 hits: 06-19 to 08-25] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:02:20:00 WinXP 221.142.43.242 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:198.78.201.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
122 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
31 of 33		 9d571adc3c
[Firefox: 6 hits: 07-04 to 08-23]
a704164588
[Firefox: 8 hits: 07-04 to 08-23] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:02:38:00 WinXP 61.94.166.23 (-):
TLKM_D4_DIALUP_SLO-G,
BANDUNG, JAWA BARAT (DJAWA BARAT), ID. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 a99f17e623
[Firefox:26 hits: 03-28 to 07-26] 		87dfec58db [0] ASM:Graph
 PolyEnE| lines=69 trace
02:39:00 WinXP 61.94.166.23 (-):
TLKM_D4_DIALUP_SLO-G,
BANDUNG, JAWA BARAT (DJAWA BARAT), ID. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 a99f17e623
[Firefox:26 hits: 03-28 to 07-26] 		87dfec58db [0] ASM:Graph
 PolyEnE| lines=69 trace
02:55:00 WinXP 67.150.4.61 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:370 hits: 12-31 to 08-25] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:03:06:00 WinXP 60.248.17.88 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:03:08:00 WinXP 86.99.105.13 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:17 hits: 08-02 to 08-25] 		none[none] none:none
 none|none none none
03:24:00 WinXP 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25]
e07c29c4ae
[Firefox:371 hits: 06-19 to 08-25] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
03:37:00 Win2K-f 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:44:00 WinXP 119.95.54.197 (-):
. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:205.128.73.126:80
US:207.123.42.126:80
HK:210.245.211.11:65520
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		http
irc
151 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
33 of 33
0 of 33		 16874933ea
[Firefox:38 hits: 06-18 to 08-25]
76ee340669
[Firefox:39 hits: 06-18 to 08-25]
e07c29c4ae
[Firefox:371 hits: 06-19 to 08-25] 		16874933ea [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
PolyEnE|
FSG| 		lines=82
none
lines=92 		trace
trace
trace
T:03:59:00 WinXP 86.96.112.6 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 e4157a2cc3
[Firefox: 3 hits: 08-23 to 08-25] 		none[none] none:none
 none|none none none
04:04:00 WinXP 211.122.78.253 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
JP. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1029 hits: 12-31 to 08-25] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:04:08:00 WinXP 62.204.241.194 (TTNET.CZ):
JAN VANICKY NETWORK,
CZ. 		n/a US:www.altavista.com
:www.google.com.au
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:25 hits: 04-18 to 08-20] 		none[3] none:none
 tElock| none trace
04:24:00 WinXP 210.199.100.34 (ENJOY.NE.JP):
DEODEO INTERNET SERVICE(DEODEO CORPORATION),
HIROSHIMA, HIROSHIMA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:335 hits: 01-05 to 08-25] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
04:47:00 Win2K-f 122.53.60.114 (PLDT.NET):
IPG,
PH. 		n/a   135 pcap raw alerts
ruleset 		other
154 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 16874933ea
[Firefox:38 hits: 06-18 to 08-25] 		16874933ea [1] ASM:Graph
 Armadillo| lines=82 trace
04:51:00 WinXP 98.141.161.7 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:05:02:00 WinXP 92.96.164.191 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
05:34:00 Win2K-f 218.239.82.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 32		 4c3df24b32
[Firefox:171 hits: 06-17 to 08-24]
53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:05:35:00 WinXP 220.132.203.208 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:05:35:00 WinXP 85.113.151.119 (-):
INTERCON JSC NETWORK,
RU. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:35:00 Win2K-f 89.137.122.199 (-):
ASTRAL CLUJ-NAPOCA DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
05:37:00 WinXP 91.67.42.6 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none c86fc630d2
[Firefox: 4 hits: 05-18 to 08-25] 		none[4] none:none
 ASProtect| none trace
T:05:38:00 Win2K-f 212.233.212.26 (-):
NTL,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
05:38:00 WinXP 89.252.195.182 (ROZABG.COM):
TERASYST KARLOVO,
BG. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:39:00 Win2K-f 78.97.88.182 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
44 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
05:41:00 Win2K-f 78.54.102.127 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 36 50f889782d
NEW 		none[none] none:none
 none|none none none
T:05:42:00 Win2K-f 91.66.191.217 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
05:48:00 Win2K-f 78.54.216.49 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
05:51:00 Win2K-f 91.66.191.217 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
44 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:05:51:00 WinXP 78.54.102.127 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 50f889782d
NEW 		none[none] none:none
 none|none none none
T:05:54:00 Win2K-f 91.67.176.80 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		none c86fc630d2
[Firefox: 4 hits: 05-18 to 08-25] 		none[4] none:none
 ASProtect| none trace
05:59:00 WinXP 118.161.64.184 (-):
. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:06:00:00 Win2K-f 92.226.92.118 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:01:00 Win2K-f 91.65.228.89 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:05:00 WinXP 85.206.172.92 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:05:00 Win2K-f 212.233.212.26 (-):
NTL,
FR. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:06:00 Win2K-f 87.67.72.250 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:08:00 WinXP 78.96.94.254 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:06:10:00 Win2K-f 89.252.16.144 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
UA. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:13:00 WinXP 220.132.203.208 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:13:00 Win2K-f 119.17.101.11 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:16:00 WinXP 78.96.94.254 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:19:00 WinXP 89.252.16.144 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
UA. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
51 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:23:00 WinXP 92.226.92.118 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
06:24:00 Win2K-f 114.45.210.160 (-):
. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
46 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:06:30:00 Win2K-f 86.106.35.207 (UPCNET.RO):
SC UPC ROMANIA SA,
TIMISOARA, TIMIS, RO. (DSL) 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
51 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:06:32:00 Win2K-f 118.161.64.184 (-):
. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
06:35:00 WinXP 66.217.44.98 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. 		n/a RU:moscow-advokat.ru
SE:broadway.ny.us.dal.net
:washington.dc.us.undernet.org
SE:ozbytes.dal.net
NL:diemen.nl.eu.undernet.org
NL:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:qis.md.us.dal.net
:gaspode.zanet.org.za
SE:coins.dal.net
:caen.fr.eu.undernet.org
:flanders.be.eu.undernet.org
US:lia.zanet.net
SE:vancouver.dal.net
AT:graz.at.eu.undernet.org
:lulea.se.eu.undernet.org
SE:ced.dal.net
SE:viking.dal.net
:los-angeles.ca.us.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:06:37:00 WinXP 78.96.83.138 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:47:00 Win2K-f 114.45.210.160 (-):
. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
849 lines 		Yeah : 1.3
profile 		none summary
tarball 		18 of 35
13 of 31		 cd75030ece
[Firefox:17 hits: 07-29 to 08-25]
e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		none[none]
fda109a6fd[0] 		none:none
ASM:Graph
 none|none
ASProtect| 		none
lines=583
embedded dns 		none
trace
06:53:00 Win2K-f 88.170.190.74 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
:adware.rxmods.net 		445 pcap raw alerts
ruleset 		ftp
irc
http
671 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
18 of 35
13 of 31		 af49c2b9a4
NEW
cd75030ece
[Firefox:17 hits: 07-29 to 08-25]
e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		none[none]
none [none]
fda109a6fd[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=583
embedded dns 		none
none
trace
T:07:01:00 WinXP 88.134.147.191 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:02:00 WinXP 78.97.88.182 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:05:00 Win2K-f 86.106.35.207 (UPCNET.RO):
SC UPC ROMANIA SA,
TIMISOARA, TIMIS, RO. (DSL) 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:08:00 Win2K-f 88.134.147.191 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
07:19:00 WinXP 203.91.161.164 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:205.128.73.126:80
US:209.84.20.126:80 		135 pcap raw alerts
ruleset 		other
178 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
33 of 36		 389cf0c860
NEW
ed7d5d9ce7
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:24:00 WinXP 84.2.88.165 (T-ONLINE.HU):
PROVIDER LOCAL REGISTRY,
HU. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 8178c88f5e
[Firefox:17 hits: 07-08 to 08-10] 		none[none] none:none
 none|none none none
T:07:26:00 WinXP 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.37.126:80
HK:210.245.211.11:65520
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 686d4ca67b
[Firefox: 4 hits: 07-08 to 08-17]
b7e379b157
[Firefox: 4 hits: 07-08 to 08-17] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:34:00 Win2K-f 72.136.35.109 (ROGERS.COM):
ROGERS CABLE INC. YM,
TORONTO, ONTARIO, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:50:00 WinXP 71.146.8.67 (SBCGLOBAL.NET):
RBACK7.PLTNCA,
SAN FRANCISCO, CALIFORNIA, US. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
EU:ebookfinaltrash.ru
:wpad
US:204.13.161.51:80
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 36
0 of 36
29 of 29
0 of 36		 07596695e7
NEW
49356df5bc
NEW
4cd00581cf
NEW
a12cab51ef
[Firefox:488 hits: 01-01 to 08-25]
f6adada986
NEW 		none[none]
none [none]
none [none]
40f7f463c4[0]
none [none] 		none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
ASPack|
none|none 		none
none
none
lines=281
embedded dns
none 		none
none
none
trace
none
07:55:00 WinXP 207.5.235.70 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25]
e07c29c4ae
[Firefox:371 hits: 06-19 to 08-25] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:07:58:00 Win2K-f 122.147.96.24 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.37.125:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:26:00 WinXP 66.53.220.193 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:72 hits: 01-14 to 08-24] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
08:40:00 WinXP 78.82.249.2 (TELENOR.SE):
TELENOR BUSINESS SOLUTION AB,
SE. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 f800dc9065
NEW 		none[none] none:none
 none|none none none
08:44:00 WinXP 89.155.232.87 (-):
TVCABO PORTUGAL S.A,
PT. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:spi.domainsponsor.com
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
38 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 30 af79e0c602
[Firefox: 5 hits: 01-08 to 07-02] 		none[4] none:none
 ASPack| none trace
T:09:02:00 WinXP 119.72.24.35 (-):
. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox:13 hits: 08-08 to 08-25] 		none[none] none:none
 none|none none none
T:09:03:00 WinXP 89.218.204.28 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 e4157a2cc3
[Firefox: 3 hits: 08-23 to 08-25] 		none[none] none:none
 none|none none none
09:04:00 Win2K-f 77.109.36.141 (-):
CJSC TELESYSTEMS OF UKRAINE,
UA. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:04:00 Win2K-f 92.46.0.214 (IKBCC.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:05:00 WinXP 94.42.14.173 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:05:00 Win2K-f 91.66.48.108 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:05:00 WinXP 118.167.17.58 (-):
. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:05:00 Win2K-f 77.253.45.242 (COM.PL):
NETIA,
PL. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:05:00 WinXP 91.64.33.148 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a HK:proxim.ircgalaxy.pl
:f.unicat.org
HK:210.245.211.11:65520
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 79d36a1053
NEW 		none[none] none:none
 none|none none none
09:09:00 Win2K-f 78.8.140.162 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
09:11:00 WinXP 78.57.107.156 (ZEBRA.LT):
LIETUVOS,
KAUNAS, KAUNO APSKRITIS, LT. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:12:00 WinXP 89.137.241.251 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:12:00 WinXP 77.20.9.75 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:14:00 WinXP 92.83.145.142 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:16:00 Win2K-f 91.64.33.148 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 79d36a1053
NEW 		none[none] none:none
 none|none none none
T:09:17:00 Win2K-f 60.50.79.65 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:22:00 WinXP 77.20.57.73 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:22:00 WinXP 91.66.79.223 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:29:00 Win2K-f 217.114.226.215 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:32:00 WinXP 80.130.109.117 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
OLDENBURG, NIEDERSACHSEN, DE. (DIAL) 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:42:00 WinXP 77.57.126.16 (SOLPA.NET):
CABLECOM,
CH. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 3a711c57d7
NEW 		none[none] none:none
 none|none none none
T:09:44:00 Win2K-f 92.84.14.171 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:44:00 WinXP 85.187.5.33 (EVRO.NET):
LAN-NET.BG OOD,
BG. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:44:00 Win2K-f 212.46.253.200 (ROL.RU):
ROL DIALUP POOL,
MOSCOW, MOSKVA, RU. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
09:45:00 Win2K-f 92.47.132.102 (IKBCC.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
09:47:00 WinXP 94.50.10.68 (-):
. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:48:00 Win2K-f 91.67.251.156 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:49:00 Win2K-f 123.195.194.222 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:52:00 Win2K-f 212.46.227.136 (-):
JSC UNITED PAGING SYSTEM OF RUSSIA / TYUMEN NETWORK,
RU. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:52:00 WinXP 78.97.209.168 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:57:00 WinXP 80.130.109.117 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
OLDENBURG, NIEDERSACHSEN, DE. (DIAL) 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:09:57:00 WinXP 122.123.131.65 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:04:00 WinXP 78.131.79.129 (-):
EMKTV BUDAPEST VLAN 09 DOCSIS,
BUDAPEST, BUDAPEST, HU. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:06:00 WinXP 91.64.244.80 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:07:00 Win2K-f 123.195.194.222 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:08:00 Win2K-f 89.137.241.251 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:09:00 Win2K-f 92.84.14.171 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:11:00 WinXP 78.131.122.137 (-):
EMKTV DOROG DOCSIS,
HU. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:13:00 Win2K-f 220.136.20.183 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:17:00 WinXP 90.150.232.159 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:19:00 WinXP 220.136.13.115 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:33:00 Win2K-f 89.254.220.161 (-):
JSC VOLGATELECOM,
RU. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:34:00 Win2K-f 89.123.135.157 (PLATINUMGROUP.RO):
ARTELECOM,
BUCHAREST, BUCURESTI, RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:44:00 Win2K-f 220.136.13.115 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:44:00 Win2K-f 77.20.9.75 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:51:00 Win2K-f 77.20.57.73 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:02:00 WinXP 92.46.150.176 (IKBCC.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
536 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
12 of 36		 31f6386815
NEW
6caf1059b7
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:11:05:00 Win2K-f 208.84.201.228 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
11:23:00 Win2K-f 89.254.220.161 (-):
JSC VOLGATELECOM,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:36:00 WinXP 193.248.221.233 (ABO.WANADOO.FR):
WANADOO FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 321052074e
[Firefox:12 hits: 02-23 to 06-27] 		1a587de3ca [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
11:42:00 Win2K-f 41.214.186.198 (-):
. 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru
US:crime-research.ru
US:www.worldbank.org
US:192.86.99.140:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:25 hits: 04-18 to 08-20] 		none[3] none:none
 tElock| none trace
T:11:49:00 WinXP 41.214.186.198 (-):
. 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:25 hits: 04-18 to 08-20] 		none[3] none:none
 tElock| none trace
12:06:00 Win2K-f 208.182.117.78 (K12TN.NET):
STATE OF TENNESSEE DEPARTMENT OFEDUCATION,
NASHVILLE, TENNESSEE, US. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
12:13:00 Win2K-f 75.16.249.196 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:12:31:00 WinXP 117.99.22.71 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
12:50:00 WinXP 190.224.220.119 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:12:54:00 WinXP 208.182.117.78 (K12TN.NET):
STATE OF TENNESSEE DEPARTMENT OFEDUCATION,
NASHVILLE, TENNESSEE, US. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:13:07:00 WinXP 155.239.217.217 (TELKOM-IPNET.CO.ZA):
AFRINIC,
DURBAN, KWAZULU-NATAL, ZA. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:168 hits: 01-01 to 08-22] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
13:19:00 WinXP 24.93.137.118 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PORTLAND, MAINE, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 be5d4b567e
[Firefox: 2 hits: 01-13 to 07-29] 		none[none] none:none
 none|none none none
T:13:21:00 WinXP 77.57.91.8 (SOLPA.NET):
CABLECOM,
ZURICH, ZURICH, CH. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 25d78144c5
[Firefox:13 hits: 08-01 to 08-24] 		none[none] none:none
 none|none none none
13:34:00 WinXP 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
52 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
[Firefox:150 hits: 06-17 to 08-25] 		57ce4acac2 [1] ASM:Graph
 Armadillo| lines=81 trace
T:13:40:00 Win2K-f 76.77.228.13 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
297 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32 ea9787a186
[Firefox: 3 hits: 06-20 to 07-09] 		none[4] none:none
 PolyEnE| none trace
T:14:23:00 WinXP 72.188.109.193 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1029 hits: 12-31 to 08-25] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:49:00 Win2K-f 92.80.14.27 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:14:49:00 WinXP 96.33.66.214 (-):
. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b3154d1b2a
NEW 		none[none] none:none
 none|none none none
T:14:53:00 WinXP 90.151.129.89 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
14:54:00 WinXP 90.151.129.89 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:14:55:00 Win2K-f 89.137.187.50 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
15:06:00 WinXP 89.137.187.50 (-):
ASTRAL TIMISOARA DOCSIS NETWORK,
TIMISOARA, TIMIS, RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:15:12:00 WinXP 4.158.198.83 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
http
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29
0 of 36		 a12cab51ef
[Firefox:488 hits: 01-01 to 08-25]
c508727292
NEW 		40f7f463c4 [0]
none [none] 		ASM:Graph
none:none
 ASPack|
none|none 		lines=281
embedded dns
none 		trace
none
T:15:35:00 WinXP 216.195.149.253 (GWI.NET):
GREAT WORKS INTERNET,
WISCASSET, MAINE, US. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 dadbc6fc39
NEW 		none[none] none:none
 none|none none none
15:42:00 Win2K-f 61.34.136.12 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:192.221.108.126:80
US:205.128.66.124:80
US:4.23.60.125:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
153 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
34 of 36		 9d1c8d89a4
[Firefox: 5 hits: 08-10 to 08-24]
b57dbae4a3
[Firefox: 5 hits: 08-10 to 08-24] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:16:01:00 WinXP 98.26.218.233 (-):
. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
29 of 29		 71abdae28b
NEW
a12cab51ef
[Firefox:488 hits: 01-01 to 08-25] 		none[none]
40f7f463c4[0] 		none:none
ASM:Graph
 none|none
ASPack| 		none
lines=281
embedded dns 		none
trace
T:16:12:00 WinXP 67.150.57.83 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:106 hits: 01-08 to 08-25] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
16:19:00 Win2K-f 98.135.204.40 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 34
0 of 32		 0bfa79dc19
[Firefox: 8 hits: 07-22 to 08-23]
8dfb3b619f
[Firefox: 9 hits: 07-22 to 08-23]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
16:24:00 WinXP 67.10.81.170 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. (100Mbps) 		194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset 		other
190 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 32 15d4d85dc0
[Firefox:10 hits: 06-10 to 08-23] 		none[4] none:none
 StarForce| none trace
16:24:00 WinXP 98.25.108.68 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:370 hits: 12-31 to 08-25] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
16:24:00 WinXP 92.40.165.153 (IKBCC.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
irc
57 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 5ed8a3de6e
[Firefox: 3 hits: 05-18 to 07-06] 		none[4] none:none
 ASPack| none trace
16:44:00 WinXP 99.140.246.163 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.37.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:53:00 Win2K-f 24.136.40.170 (COX.NET):
COX COMMUNICATIONS INC,
GAINESVILLE, FLORIDA, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:17:19:00 Win2K-f 74.67.48.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80
US:207.123.46.125:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:54:00 WinXP 41.236.14.234 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:335 hits: 01-05 to 08-25] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
18:23:00 WinXP 24.33.233.0 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
http
59 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 33
29 of 29
0 of 36		 002eb58800
NEW
a12cab51ef
[Firefox:488 hits: 01-01 to 08-25]
e683883fe3
NEW 		none[none]
40f7f463c4[0]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASPack|
none|none 		none
lines=281
embedded dns
none 		none
trace
none
T:18:31:00 WinXP 41.236.14.234 (TEDATA.NET):
PROVIDER LOCAL REGISTRY,
EG. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:335 hits: 01-05 to 08-25] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:18:38:00 WinXP 79.138.253.230 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1029 hits: 12-31 to 08-25] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:43:00 WinXP 122.2.207.75 (PLDT.NET):
IPG,
PH. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 b1c974ce20
NEW 		none[none] none:none
 none|none none none
18:44:00 WinXP 114.120.36.172 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1029 hits: 12-31 to 08-25] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:44:00 WinXP 117.99.14.111 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 35 001b6f7107
[Firefox: 5 hits: 07-29 to 08-21] 		none[none] none:none
 none|none none none
18:52:00 Win2K-f 70.252.216.125 (BIRCH.NET):
TRIQUEST TECHNOLOGIES INC,
FT. WORTH, TEXAS, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
19:01:00 WinXP 68.151.126.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
19:15:00 Win2K-f 118.169.228.112 (-):
. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:15:00 WinXP 68.147.48.58 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:206.33.45.125:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:19:15:00 Win2K-f 118.165.175.94 (-):
. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:15:00 WinXP 92.81.249.253 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:17:00 Win2K-f 123.195.213.110 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:22:00 Win2K-f 91.178.71.19 (ISP.BELGACOM.BE):
BELGACOM,
BE. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:22:00 Win2K-f 90.189.1.9 (SNT.RU):
OJSC SIBIRTELECOM,
RU. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:24:00 Win2K-f 195.38.53.214 (URTC.RU):
URALSVIAZINFORM IP/MPLS ZPK SVERDLOVSK'S REGION,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. (DIAL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:25:00 WinXP 201.221.5.77 (DEDICADO.COM.UY):
TECNOWIND S.A,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:27:00 Win2K-f 118.165.175.94 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:19:29:00 Win2K-f 200.93.249.58 (-):
GPF CORPORACION - POWERFAST,
EC. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:33:00 Win2K-f 118.166.251.181 (-):
. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:34:00 Win2K-f 119.72.91.24 (-):
. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:37:00 WinXP 122.123.139.230 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:38:00 Win2K-f 123.195.213.110 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:39:00 WinXP 122.121.120.195 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
19:47:00 Win2K-f 85.206.172.201 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:19:51:00 WinXP 125.230.88.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:51:00 Win2K-f 122.121.120.195 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:19:58:00 Win2K-f 90.189.1.9 (SNT.RU):
OJSC SIBIRTELECOM,
RU. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:58:00 Win2K-f 118.166.45.209 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:59:00 WinXP 190.132.187.126 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:00:00 WinXP 125.225.18.210 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
http
290 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
13 of 31		 be7575fc11
NEW
e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		none[none]
fda109a6fd[0] 		none:none
ASM:Graph
 none|none
ASProtect| 		none
lines=583
embedded dns 		none
trace
20:02:00 Win2K-f 200.93.249.58 (-):
GPF CORPORACION - POWERFAST,
EC. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
20:08:00 Win2K-f 122.123.139.230 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:20:12:00 WinXP 85.206.172.201 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:21:00 WinXP 125.230.88.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
20:30:00 Win2K-f 92.81.249.253 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
47 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:20:35:00 WinXP 125.225.18.210 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:20:39:00 Win2K-f 24.43.99.173 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:204.160.126.126:80
US:207.123.37.123:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:46:00 Win2K-f 58.236.245.145 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
HK:210.245.211.11:65520
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
none
0 of 32		 4c3df24b32
[Firefox:171 hits: 06-17 to 08-24]
6a4845ca11
[Firefox: 9 hits: 06-27 to 08-19]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		4c3df24b32 [1]
none [none]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
none|none
ASProtect| 		lines=81
none
lines=90 		trace
none
trace
20:50:00 WinXP 200.234.43.70 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:94 hits: 01-03 to 08-25] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
20:52:00 Win2K-f 116.127.237.60 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.148.137:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
http
133 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 0c3d1ec2df
[Firefox: 2 hits: 08-11 to 08-20]
8de905030e
[Firefox: 2 hits: 08-11 to 08-20]
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
21:00:00 WinXP 66.182.204.218 (1SCOM.NET):
MILLENNIUM TELCOM LLC,
KELLER, TEXAS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:370 hits: 12-31 to 08-25] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
21:06:00 Win2K-f 122.2.34.118 (PLDT.NET):
JNEC7300I03_CONSUMER,
CEBU, CEBU CITY, PH. 		210.245.211.11:65520  
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:09:00 Win2K-f 4.143.56.54 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		210.245.211.11:65520 77.91.227.179:80 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
DE:hereall.net
EU:antivirus2008pro-download2.com
EU:reservjob.cn
:mulfika.cn
IL:ksn.a1001186.wrs.flutix.com
EU:viacodecright2.com
IL:wr.kastora.com
IL:dl.bundlext.com
US:208.111.153.231:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
irc
2074 lines 		Yeah : 1.8
profile 		none summary
tarball 		17 of 36
none
5 of 36
26 of 36
32 of 33
7 of 36
5 of 36
0 of 32		 2630a0890b
NEW
470e7533c6
[Firefox: 2 hits: 06-27 to 07-04]
6db077d95d
NEW
7f2646c230
[Firefox: 2 hits: 08-25 to 08-25]
9b5f91cb49
[Firefox: 2 hits: 06-27 to 07-04]
a3131eadce
NEW
a7225eb3c3
NEW
b5919931fe
[Firefox:475 hits: 06-20 to 08-25] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
none|none
none|none
none|none
ASProtect| 		none
none
none
none
none
none
none
lines=90 		none
none
none
none
none
none
none
trace
21:19:00 Win2K-f 190.173.134.114 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:21:19:00 WinXP 92.113.212.166 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk
FR:213.193.4.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
21:19:00 WinXP 118.166.50.238 (-):
. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
21:23:00 WinXP 92.125.180.38 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:21:26:00 WinXP 218.164.181.138 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAINAN, KAO-HSIUNG, TW. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:21:29:00 Win2K-f 78.97.197.104 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
21:32:00 Win2K-f 4.231.168.60 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:wr.kastora.com
US:microsoft.com
US:download.microsoft.com
IL:194.90.224.86:80
US:199.93.53.125:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:35:00 Win2K-f 92.46.6.139 (IKBCC.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
21:36:00 Win2K-f 78.97.197.104 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:21:39:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		other
128 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
32 of 35		 4113025530
[Firefox: 6 hits: 07-30 to 08-21]
e3ca792d99
[Firefox: 6 hits: 07-30 to 08-21] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
21:45:00 WinXP 190.173.214.153 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:441 hits: 03-31 to 08-25] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:21:45:00 WinXP 190.173.214.153 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:47:00 Win2K-f 4.225.137.141 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAWRENCEBURG, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
73f1082158
[Firefox:934 hits: 06-18 to 08-25] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:13:00 Win2K-f 99.250.205.203 (STERLINGSTUDENTS.NET):
ROGERS CABLE COMMUNICATIONS INC,
CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:36:00 Win2K-f 98.112.178.184 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:46:00 WinXP 82.231.173.220 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1029 hits: 12-31 to 08-25] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:22:55:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:206.33.45.125:80
US:207.123.37.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1867 hits: 06-17 to 08-25]
a08f3b74a4
[Firefox:630 hits: 06-18 to 08-25] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:10:00 Win2K-f 24.66.51.159 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.110.126:80
US:192.221.99.124:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
23 of 33		 bca9e0fb5f
[Firefox:24 hits: 06-18 to 08-23]
e53a9ea82e
[Firefox:24 hits: 06-18 to 08-23] 		none[4]
e53a9ea82e[1] 		none:none
ASM:Graph
 PolyEnE|
Armadillo| 		none
lines=81 		trace
trace
T:23:12:00 WinXP 68.184.108.106 (CHARTER.COM):
CHARTER COMMUNICATIONS,
DOUGLAS, GEORGIA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:506 hits: 12-31 to 08-25] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
23:20:00 Win2K-f 211.186.86.214 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
US:192.221.99.126:80
US:207.123.37.123:80
US:8.12.222.126:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
104 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
0 of 33		 168aab35a3
[Firefox:119 hits: 06-17 to 08-25]
4c3df24b32
[Firefox:171 hits: 06-17 to 08-24] 		none[4]
4c3df24b32[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:23:22:00 WinXP 24.79.215.40 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		http
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
2 of 32		 607b60ad51
[Firefox:28 hits: 06-20 to 08-24]
e5c7bce70e
[Firefox:27 hits: 06-20 to 08-24] 		none[4]
e5c7bce70e[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:23:29:00 WinXP 204.210.104.56 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HONOLULU, HAWAII, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:32 hits: 01-02 to 08-24] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
23:39:00 Win2K-f 63.135.212.100 (UCI.NET):
UNITED COMMUNICATIONS INC,
US. 		210.245.211.11:65520  
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
23:47:00 Win2K-f 122.53.253.21 (PLDT.NET):
IPG,
PH. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:208.111.173.53:80
US:69.28.178.10:80
DE:85.114.141.207:80 		135 pcap raw alerts
ruleset 		irc
152 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:38 hits: 06-18 to 08-25]
76ee340669
[Firefox:39 hits: 06-18 to 08-25] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace