Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

29 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
10:02:00 WinXP 92.81.43.4 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:02:00 WinXP 190.19.188.85 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:02:00 Win2K-f 78.96.30.235 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:02:00 Win2K-f 119.94.60.90 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:03:00 Win2K-f 213.238.121.246 (INETIA.PL):
NETIA SA ADSL NETWORK,
PL. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:03:00 Win2K-f 91.65.223.158 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:03:00 WinXP 201.252.90.67 (NET.AR):
APOLO -GOLD-TELECOM-PER,
SAN ISIDRO, BUENOS AIRES, AR. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
46 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:03:00 WinXP 91.65.223.158 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:04:00 WinXP 61.227.133.237 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:13:00 Win2K-f 89.169.159.42 (-):
MOSINFOLINE,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:18:00 WinXP 78.139.167.32 (-):
CAUCASUS NETWORK LTD,
GE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:20:00 Win2K-f 190.128.124.71 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:22:00 Win2K-f 87.247.120.226 (-):
MIKROVISATA,
KAUNAS, KAUNO APSKRITIS, LT. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
48 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:22:00 WinXP 87.65.90.199 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
BRUGGE, WEST-VLAANDEREN, BE. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
54 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:25:00 Win2K-f 87.116.246.115 (TNP.PL):
TELENET MIELEC SPOLKA Z OGRANICZONA ODPOWIEDZIALNOSCIA,
PL. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
50 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:25:00 WinXP 190.173.150.140 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:28:00 WinXP 62.252.232.45 (NTLI.NET):
NTL INTERNET,
WOLVERHAMPTON, ENGLAND, UK. (DIAL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 7e8782e8f4
[Firefox: 3 hits: 04-19 to 04-23] 		486e5604b0 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:10:28:00 Win2K-f 190.173.150.140 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:31:00 WinXP 78.96.185.173 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:32:00 Win2K-f 89.137.122.199 (-):
ASTRAL CLUJ-NAPOCA DOCSIS NETWORK,
CLUJ-NAPOCA, CLUJ, RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:33:00 WinXP 92.125.37.167 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
50 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:35:00 Win2K-f 89.169.166.118 (-):
MOSINFOLINE,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:37:00 WinXP 85.186.121.240 (-):
ASTRAL BACAU CPE,
BACAU, BACAU, RO. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
48 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:47:00 WinXP 92.227.133.55 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
54 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:47:00 Win2K-f 218.166.100.68 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:47:00 Win2K-f 92.227.84.73 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:51:00 Win2K-f 92.227.133.55 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:52:00 Win2K-f 91.66.205.76 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
56 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:10:53:00 WinXP 92.227.84.73 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
10:54:00 Win2K-f 94.50.1.126 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:54:00 Win2K-f 85.250.68.148 (NETVISION.NET.IL):
BROADBAND-PT,
TEL AVIV, TEL AVIV, IL. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:01:00 WinXP 78.54.100.198 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 50f889782d
[Firefox: 2 hits: 08-26 to 08-26] 		none[none] none:none
 none|none none none
T:11:02:00 Win2K-f 89.252.17.188 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
KIEV, MISTO KYYIV, UA. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
66 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:03:00 WinXP 89.204.104.255 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:07:00 WinXP 78.139.167.32 (-):
CAUCASUS NETWORK LTD,
GE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:11:00 WinXP 89.204.104.255 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
RU. 		n/a   445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:16:00 WinXP 217.114.228.233 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:20:00 Win2K-f 70.60.100.218 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHAPIN, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:11:25:00 Win2K-f 89.137.78.16 (-):
ASTRAL SIGHET DOCSIS NETWORK,
BAIA MARE, MARAMURES, RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:30:00 WinXP 85.186.127.138 (-):
ASTRAL SUCEAVA AIPA,
RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:34:00 Win2K-f 91.66.205.76 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:47:00 Win2K-f 89.136.9.129 (-):
ASTRAL BUZAU,
GALATI, GALATI, RO. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:48:00 WinXP 85.206.172.224 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
11:49:00 Win2K-f 89.169.159.42 (-):
MOSINFOLINE,
RU. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:51:00 WinXP 92.82.63.81 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
102 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:11:55:00 Win2K-f 85.206.172.224 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. 		69.42.216.108:9890 :f.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:12:17:00 WinXP 133.205.29.107 (MESH.AD.JP):
JAPAN NETWORK INFORMATION CENTER,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:518 hits: 01-01 to 08-27] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:12:19:00 WinXP 93.146.40.96 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
GB:new.egg.com
US:master-x.com 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:227 hits: 01-01 to 08-27] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:12:22:00 Win2K-f 94.50.1.126 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:25:00 Win2K-f 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:12:25:00 WinXP 125.225.140.68 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		69.42.216.108:9890 :f.unicat.org
FR:www.members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
http
1082 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36
26 of 32
13 of 31		 1d1b7d77a6
NEW
29e0d3d46b
NEW
e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		none[none]
none [none]
fda109a6fd[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=583
embedded dns 		none
none
trace
12:28:00 WinXP 68.187.203.42 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:19 hits: 08-02 to 08-27] 		none[none] none:none
 none|none none none
T:12:31:00 WinXP 68.187.203.42 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:19 hits: 08-02 to 08-27] 		none[none] none:none
 none|none none none
12:53:00 Win2K-f 71.98.210.131 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
NEW PORT RICHEY, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:13:05:00 Win2K-f 172.130.93.84 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:13:18:00 WinXP 190.220.87.79 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com
:los-angeles.ca.us.undernet.org
SE:qis.md.us.dal.net
:brussels.be.eu.undernet.org
NL:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
NL:diemen.nl.eu.undernet.org 		445 pcap raw alerts
ruleset 		http
irc
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 47af15bf90
NEW 		none[none] none:none
 none|none none none
13:35:00 WinXP 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
13:40:00 Win2K-f 75.56.141.208 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
ST. LOUIS, MISSOURI, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:46:00 WinXP 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
13:48:00 Win2K-f 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 32		 3cd7958258
[Firefox:20 hits: 06-17 to 08-21]
41efedf70f
[Firefox:19 hits: 06-19 to 08-21]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
41efedf70f[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
13:49:00 WinXP 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:13:59:00 WinXP 89.195.1.218 (-):
ORANGE,
UK. 		n/a HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
irc
59 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 4391562eab
NEW 		none[none] none:none
 none|none none none
T:14:04:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:05:00 Win2K-f 208.104.200.109 (COMPORIUM.NET):
ROCK HILL TELEPHONE COMPANY,
ROCK HILL, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:14:07:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 e30fb27bda
[Firefox: 5 hits: 07-07 to 08-24] 		none[none] none:none
 none|none none none
14:16:00 WinXP 67.55.190.219 (NETINS.NET):
CLEAR LAKE INDEPENDANT TEL CO,
CLEAR LAKE, IOWA, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:33 hits: 01-02 to 08-26] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:16:00 WinXP 67.55.190.219 (NETINS.NET):
CLEAR LAKE INDEPENDANT TEL CO,
CLEAR LAKE, IOWA, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:33 hits: 01-02 to 08-26] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:14:24:00 Win2K-f 96.11.223.162 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
1082 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 36
32 of 36
35 of 36
0 of 32
12 of 34		 5c6c664c09
NEW
95a1e56583
[Firefox: 6 hits: 08-02 to 08-23]
b39357c344
[Firefox: 6 hits: 08-02 to 08-23]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27]
ca92c44e2b
NEW 		none[none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
ASProtect|
none|none 		none
none
none
lines=90
none 		none
none
none
trace
none
T:14:42:00 Win2K-f 190.16.90.69 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
14:48:00 WinXP 77.21.188.129 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 bfec7d0b0b
[Firefox:11 hits: 08-06 to 08-27] 		none[none] none:none
 none|none none none
T:14:50:00 WinXP 217.202.59.61 (-):
TELECOM ITALIA MOBILE,
IT. 		194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 		445 pcap raw alerts
ruleset 		http
irc
8 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:19 hits: 08-02 to 08-27] 		none[none] none:none
 none|none none none
15:01:00 WinXP 96.247.59.250 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:15:04:00 WinXP 87.121.97.50 (NETERRA.NET):
NETERRAIP,
BG. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 4ae8ee3afb
NEW 		none[none] none:none
 none|none none none
15:10:00 Win2K-f 99.151.127.166 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:15:12:00 WinXP 96.247.59.250 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:15:15:00 Win2K-f 76.77.228.13 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
589 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 36
12 of 36
29 of 32		 5c6c664c09
NEW
d573e103b5
NEW
ea9787a186
[Firefox: 4 hits: 06-20 to 08-26] 		none[none]
none [none]
none [4] 		none:none
none:none
none:none
 none|none
none|none
PolyEnE| 		none
none
none 		none
none
trace
T:15:30:00 Win2K-f 98.25.104.97 (-):
. 		210.245.211.11:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		445 pcap raw alerts
ruleset 		irc
http
654 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 36 5c6c664c09
NEW 		none[none] none:none
 none|none none none
15:43:00 WinXP 80.63.230.188 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 bce12aa21f
[Firefox:29 hits: 05-12 to 08-20] 		none[4] none:none
 PolyEnE| none trace
T:15:43:00 WinXP 80.63.230.188 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 33 bce12aa21f
[Firefox:29 hits: 05-12 to 08-20] 		none[4] none:none
 PolyEnE| none trace
T:15:49:00 WinXP 211.2.22.32 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:66.199.251.114:8888 		135 pcap raw alerts
ruleset 		irc
http
2810 lines 		Yeah : 1.8
profile 		none summary
tarball 		12 of 36
34 of 35
30 of 36
29 of 36
0 of 33		 3a379d9fac
NEW
462c169957
NEW
5c6c664c09
NEW
82558dde21
NEW
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[none]
none [none]
none [none]
none [none]
e07c29c4ae[1] 		none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
FSG| 		none
none
none
none
lines=92 		none
none
none
none
trace
T:16:09:00 WinXP 118.237.43.181 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 27b945de66
[Firefox:17 hits: 06-20 to 08-20] 		none[4] none:none
 none|none none trace
T:16:19:00 WinXP 77.73.191.194 (-):
SKYLINKS SATELLITE COMMUNICATIONS LIMITED,
JE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:16:34:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
16:43:00 WinXP 72.188.106.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1035 hits: 12-31 to 08-27] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:44:00 WinXP 72.188.106.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1035 hits: 12-31 to 08-27] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:46:00 Win2K-f 60.248.17.88 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:16:47:00 Win2K-f 60.248.17.88 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:50:00 Win2K-f 65.23.161.45 (DRTEL.NET):
DICKEY RURAL NETWORKS,
ELLENDALE, NORTH DAKOTA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
135 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27]
b7082104e4
[Firefox:117 hits: 06-18 to 08-27] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
18:06:00 Win2K-f 65.68.44.124 (SWBELL.NET):
AT&T INTERNET SERVICES,
KANSAS CITY, MISSOURI, US. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
1108 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
30 of 36
0 of 32
28 of 32
12 of 36		 3f0a5b2ebe
[Firefox:17 hits: 06-18 to 08-27]
5c6c664c09
NEW
b5919931fe
[Firefox:490 hits: 06-20 to 08-27]
c6bfb5f0f2
[Firefox:17 hits: 06-18 to 08-27]
e9fd5457db
NEW 		none[4]
none [none]
b5919931fe[1]
c6bfb5f0f2[1]
none [none] 		none:none
none:none
ASM:Graph
ASM:Graph
none:none
 PolyEnE|
none|none
ASProtect|
Armadillo|
none|none 		none
none
lines=90
lines=81
none 		trace
none
trace
trace
none
T:18:09:00 WinXP 61.155.20.168 (-):
SUZHOU-DATONG-TECHNOLOGY-CORP,
SUZHOU, JIANGSU, CN. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
[Firefox:158 hits: 06-17 to 08-27] 		57ce4acac2 [1] ASM:Graph
 Armadillo| lines=81 trace
18:26:00 Win2K-f 71.110.89.15 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
MURRIETA, CALIFORNIA, US. (DSL) 		210.245.211.11:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:microsoft.com 		139 pcap raw alerts
ruleset 		irc
http
670 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32
30 of 36		 3875b6257d
NEW
5c6c664c09
NEW 		none[4]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		trace
none
T:18:44:00 WinXP 74.75.233.177 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PORTLAND, MAINE, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:95 hits: 01-03 to 08-26] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:45:00 WinXP 76.171.145.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:517 hits: 12-31 to 08-27] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:18:45:00 WinXP 76.171.145.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a RU:moscow-advokat.ru
HR:london.uk.eu.undernet.org
:flanders.be.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:517 hits: 12-31 to 08-27] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
18:54:00 Win2K-f 76.77.231.48 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:18:57:00 WinXP 12.210.18.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
PECATONICA, ILLINOIS, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 36
29 of 29		 00adf9a537
NEW
0a51d26098
NEW
a12cab51ef
[Firefox:495 hits: 01-01 to 08-27] 		none[none]
none [none]
40f7f463c4[0] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASPack| 		none
none
lines=281
embedded dns 		none
none
trace
19:06:00 WinXP 98.26.215.148 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1035 hits: 12-31 to 08-27] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:08:00 WinXP 66.163.137.14 (GONDTC.COM):
GONDTC.COM,
DEVILS LAKE, NORTH DAKOTA, US. 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:brussels.be.eu.undernet.org
:gaspode.zanet.org.za
SE:ced.dal.net
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
[Firefox:10 hits: 07-04 to 08-22] 		none[none] none:none
 none|none none none
19:20:00 WinXP 58.90.241.225 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:518 hits: 01-01 to 08-27] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:19:29:00 WinXP 71.111.220.251 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
19:41:00 WinXP 218.249.149.203 (IAPCM.AC.CN):
BEIJING TELETRON TELECOM ENGINEERING CO. LTD,
BEIJING, BEIJING, CN. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 79c01ec060
[Firefox:27 hits: 06-18 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:19:42:00 Win2K-f 61.222.6.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
19:43:00 Win2K-f 76.213.145.221 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:04:00 WinXP 67.10.218.137 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUGAR LAND, TEXAS, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:517 hits: 12-31 to 08-27] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
20:09:00 WinXP 116.126.197.176 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
2386 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
30 of 36
12 of 36
2 of 36
0 of 33		 168aab35a3
[Firefox:122 hits: 06-17 to 08-27]
5c6c664c09
NEW
a26d9d476b
NEW
d9766a3162
NEW
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
none [none]
none [none]
none [none]
e07c29c4ae[1] 		none:none
none:none
none:none
none:none
ASM:Graph
 tElock|
none|none
none|none
none|none
FSG| 		none
none
none
none
lines=92 		trace
none
none
none
trace
T:20:13:00 Win2K-f 75.4.239.43 (SBCGLOBAL.NET):
RBACK34A.IRVNCA,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27]
b7082104e4
[Firefox:117 hits: 06-18 to 08-27] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
20:18:00 Win2K-f 24.70.26.59 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:25:00 WinXP 203.82.126.133 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 33		 3ed16ae12d
[Firefox:16 hits: 06-19 to 08-27]
79c01ec060
[Firefox:27 hits: 06-18 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		3ed16ae12d [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
20:31:00 Win2K-f 172.129.237.7 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
117 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 3373948767
[Firefox:19 hits: 07-03 to 08-20]
c73f738c30
[Firefox:19 hits: 07-03 to 08-20] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:36:00 WinXP 24.67.91.155 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 bcc96fab23
NEW 		none[none] none:none
 none|none none none
20:43:00 WinXP 203.91.169.231 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
179 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
0 of 33
33 of 36		 389cf0c860
NEW
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27]
ed7d5d9ce7
NEW 		none[none]
e07c29c4ae[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
FSG|
none|none 		none
lines=92
none 		none
trace
none
20:59:00 Win2K-f 96.13.205.53 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:66.199.251.114:8888 		135 pcap raw alerts
ruleset 		irc
http
1188 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 36
12 of 36
32 of 36
35 of 36
0 of 32		 5c6c664c09
NEW
703c513417
NEW
95a1e56583
[Firefox: 6 hits: 08-02 to 08-23]
b39357c344
[Firefox: 6 hits: 08-02 to 08-23]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[none]
none [none]
none [none]
none [none]
b5919931fe[1] 		none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
none|none
none|none
ASProtect| 		none
none
none
none
lines=90 		none
none
none
none
trace
T:21:36:00 Win2K-f 76.73.239.17 (-):
. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		irc
http
818 lines 		Yeah : 1.8
profile 		none summary
tarball 		12 of 36
31 of 35
30 of 36		 0f2939b94c
NEW
2af1dfd9d9
NEW
5c6c664c09
NEW 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
21:40:00 Win2K-f 72.43.236.85 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SYRACUSE, NEW YORK, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		135 pcap raw alerts
ruleset 		http
irc
1001 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 36 5c6c664c09
NEW 		none[none] none:none
 none|none none none
21:53:00 WinXP 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 33		 3cd7958258
[Firefox:20 hits: 06-17 to 08-21]
41efedf70f
[Firefox:19 hits: 06-19 to 08-21]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
41efedf70f[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
21:57:00 Win2K-f 70.168.9.44 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:22:02:00 Win2K-f 12.104.226.52 (-):
SANDWICH ISLES COMMUNICATIONS I,
HONOLULU, HAWAII, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn 		139 pcap raw alerts
ruleset 		irc
http
337 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36
12 of 36
33 of 36		 5c6c664c09
NEW
80b23f395b
NEW
9cc7d74bac
NEW 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
22:03:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:04:00 Win2K-f 12.104.226.52 (-):
SANDWICH ISLES COMMUNICATIONS I,
HONOLULU, HAWAII, US. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
HK:210.245.211.11:65520
DE:85.114.141.207:80 		139 pcap raw alerts
ruleset 		irc
http
332 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
30 of 36
33 of 36		 4326e0f8f0
NEW
5c6c664c09
NEW
9cc7d74bac
NEW 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:22:07:00 Win2K-f 89.252.13.75 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
UA. 		69.42.216.108:9890 :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:22:12:00 WinXP 69.89.102.70 (ACD.NET):
ACD.NET,
US. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
22:12:00 WinXP 118.167.233.46 (-):
. 		69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk 		445 pcap raw alerts
ruleset 		ftp
irc
52 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:22:12:00 Win2K-f 190.128.124.71 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CO. 		n/a :f.unicat.org
69.42.216.108:9890 		445 pcap raw alerts
ruleset 		ftp
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
22:25:00 Win2K-f 70.73.243.23 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		67.43.236.98:5190 CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
CA:ns.ircstyle.net
CA:ns.enterhere.biz
NL:acidisa.com
US:130.107.170.86:25451 		135 pcap raw alerts
ruleset 		irc
http
309 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 36
14 of 36
21 of 36
22 of 36
23 of 36		 2180dd939c
NEW
9b09258622
[Firefox:11 hits: 08-05 to 08-22]
9ed9d4319e
NEW
9f6d05a60b
NEW
f922fdc9fd
NEW 		none[none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none 		none
none
none
none
none
T:22:26:00 Win2K-f 89.178.239.45 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
23 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
22:30:00 Win2K-f 89.252.13.75 (FREENET.COM.UA):
FOR FREENET CUSTOMERS AND INFRASTRUCTURE,
UA. 		210.245.211.11:65520 :fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:66.199.251.114:8888 		445 pcap raw alerts
ruleset 		irc
http
142 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36 5c6c664c09
NEW 		none[none] none:none
 none|none none none
T:22:32:00 WinXP 118.167.233.46 (-):
. 		69.42.216.108:9890 :f.unicat.org
FR:members.lycos.co.uk
FR:213.193.4.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
72 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:571 hits: 03-31 to 08-27] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
22:35:00 Win2K-f 71.117.202.41 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ALOHA, OREGON, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:38:00 WinXP 61.231.4.141 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 eec7cce07c
[Firefox: 2 hits: 08-15 to 08-15] 		none[none] none:none
 none|none none none
T:22:39:00 WinXP 61.231.4.141 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 eec7cce07c
[Firefox: 2 hits: 08-15 to 08-15] 		none[none] none:none
 none|none none none
22:42:00 WinXP 219.71.235.221 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		http
192 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
30 of 35		 017226a316
[Firefox: 5 hits: 07-27 to 08-25]
9b03689ec5
[Firefox: 5 hits: 07-27 to 08-25] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
22:56:00 Win2K-f 70.184.14.218 (COX.NET):
COX COMMUNICATIONS,
JOHNSTON, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
73f1082158
[Firefox:964 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:59:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
57ce4acac2
[Firefox:158 hits: 06-17 to 08-27]
e07c29c4ae
[Firefox:383 hits: 06-19 to 08-27] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
23:04:00 Win2K-f 70.182.79.231 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
32 of 36		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27]
bea8cb1865
[Firefox: 8 hits: 08-11 to 08-25] 		none[4]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
none|none 		none
lines=90
none 		trace
trace
none
23:08:00 Win2K-f 211.47.232.89 (NEXG.NET):
VAAN-NOBLIAN,
SEOUL, KYONGGI-DO, KR. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33
0 of 32		 4c3df24b32
[Firefox:177 hits: 06-17 to 08-27]
53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:23:10:00 Win2K-f 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:23:11:00 Win2K-f 210.243.150.56 (SEED.NET.TW):
DIGITAL UNITED INC,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1922 hits: 06-17 to 08-27]
a08f3b74a4
[Firefox:647 hits: 06-18 to 08-27]
b5919931fe
[Firefox:490 hits: 06-20 to 08-27] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
23:28:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:517 hits: 12-31 to 08-27] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:23:38:00 WinXP 203.172.35.77 (CSLOXINFO.NET):
REASSIGN TO CSLOXINFO FOR DIAL-UP UPC,
TH. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
irc
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 a41d9d371e
[Firefox: 6 hits: 04-21 to 07-24] 		c2640d398b [0] ASM:Graph
 PolyEnE| lines=129 trace
T:23:42:00 WinXP 70.67.253.242 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
DUNCAN, BRITISH COLUMBIA, CA. (DSL) 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 60355a8247
[Firefox: 2 hits: 08-16 to 08-26] 		none[none] none:none
 none|none none none