Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

30 September 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:50:00 WinXP 219.250.172.79 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 32
28 of 32
0 of 33		 8a75955033
[Firefox:37 hits: 06-20 to 09-29]
9276c8b36b
[Firefox:37 hits: 06-20 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
9276c8b36b[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:02:00 Win2K-f 68.146.214.56 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.41:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36
33 of 36		 5f173c9c43
NEW
ed28244121
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:31:00 Win2K-f 99.224.126.113 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:40:00 WinXP 81.84.238.110 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 06799205df
NEW 		none[none] none:none
 none|none none none
T:02:19:00 WinXP 83.234.67.30 (TRANSTELECOM.NET):
TRANS-TELECOM,
RU. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
02:32:00 Win2K-f 124.195.202.88 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.41:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:34:00 Win2K-f 63.16.174.207 (UU.NET):
UUNET TECHNOLOGIES INC,
BOSTON, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.41:80 		135 pcap raw alerts
ruleset 		other
183 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:56:00 Win2K-f 70.72.8.129 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
558 lines 		Yeah : 1.3
profile 		none summary
tarball 		9 of 12 ede5f598cf
NEW 		none[none] none:none
 none|none none none
03:08:00 WinXP 83.91.24.163 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
ROSKILDE, ROSKILDE, DK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
03:21:00 WinXP 116.83.21.197 (OCN.NE.JP):
FUJITSU LIMITED,
JP. 		n/a FR:utenti.lycos.it
:vx9.users.freebsd.at 		445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 ab695d30ef
NEW 		none[none] none:none
 none|none none none
T:03:23:00 Win2K-f 66.209.131.154 (BRIGHT.NET):
TSC,
AKRON, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:204.160.126.124:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
31 of 35		 039e3fa376
[Firefox: 6 hits: 07-24 to 09-29]
76f2c59ef8
[Firefox: 6 hits: 07-24 to 09-29] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
03:25:00 Win2K-f 203.73.84.122 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
57ce4acac2
[Firefox:217 hits: 06-17 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
03:36:00 Win2K-f 201.213.93.252 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 35 aaf4077b09
NEW 		none[none] none:none
 none|none none none
03:42:00 Win2K-f 72.230.139.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:01:00 WinXP 85.152.84.235 (CM-85-152-82-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) 		115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
irc
7 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 4b2541d5f7
[Firefox:11 hits: 08-19 to 09-27] 		none[none] none:none
 none|none none none
T:04:06:00 WinXP 220.219.251.47 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:416 hits: 01-05 to 09-29] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
04:19:00 WinXP 190.220.124.121 (-):
. 		194.109.20.90:6667   445 pcap raw alerts
ruleset 		irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:04:57:00 WinXP 114.48.25.144 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:416 hits: 01-05 to 09-29] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:04:00 Win2K-f 212.183.68.124 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:258 hits: 05-22 to 09-29] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
05:15:00 Win2K-f 4.230.114.170 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
05:25:00 WinXP 98.173.193.183 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
05:26:00 WinXP 220.219.251.47 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:416 hits: 01-05 to 09-29] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:05:34:00 WinXP 63.28.108.215 (UU.NET):
UUNET TECHNOLOGIES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		other
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
05:49:00 WinXP 123.215.253.137 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:windowsupdate.microsoft.com
CN:antivirxp.net
CN:stat.antivirxp.net
US:192.221.110.126:80
EU:77.244.220.134:80 		135 pcap raw alerts
ruleset 		irc
http
118 lines 		Yeah : 1.8
profile 		none summary
tarball 		5 of 36
30 of 32
15 of 36
31 of 33		 6a7fb64400
[Firefox: 2 hits: 09-28 to 09-29]
8390780c27
[Firefox:38 hits: 06-18 to 09-29]
91dc355a93
[Firefox:20 hits: 09-25 to 09-29]
af88ae89f8
[Firefox: 6 hits: 06-18 to 08-18] 		none[none]
none [4]
none [none]
af88ae89f8[1] 		none:none
none:none
none:none
ASM:Graph
 none|none
tElock|
none|none
Armadillo| 		none
none
none
lines=82 		none
trace
none
trace
05:51:00 Win2K-f 99.224.126.113 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:199.93.41.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:52:00 Win2K-f 123.215.253.137 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:192.221.110.126:80
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32
31 of 33
0 of 32		 8390780c27
[Firefox:38 hits: 06-18 to 09-29]
af88ae89f8
[Firefox: 6 hits: 06-18 to 08-18]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
af88ae89f8[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
06:05:00 Win2K-f 170.51.39.62 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 36 24135d98a2
NEW 		none[none] none:none
 none|none none none
T:06:06:00 WinXP 4.252.99.140 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANA, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:259 hits: 01-01 to 09-29] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:06:10:00 WinXP 12.77.212.35 (ATT.NET):
AT&T WORLDNET SERVICES,
MORRISTOWN, NEW JERSEY, US. (DIAL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:28:00 WinXP 83.26.224.201 (TPNET.PL):
NEOSTRADA PLUS,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
DE:ebookfinaltrash.ru
:wpad
RU:www.bbin.ru
RU:www.binbank.ru
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
23 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 29 330eaa2da2
[Firefox:20 hits: 01-28 to 09-29] 		none[3] none:none
 ASPack| none trace
T:06:31:00 Win2K-f 203.73.84.122 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:205.128.66.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
57ce4acac2
[Firefox:217 hits: 06-17 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
06:39:00 WinXP 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:06:45:00 WinXP 122.109.49.47 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
128 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 717cda1f48
NEW
e43035f06b
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:07:04:00 WinXP 203.67.1.201 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 ea096a2bdf
[Firefox:17 hits: 07-12 to 09-25] 		none[none] none:none
 none|none none none
T:07:18:00 WinXP 118.174.182.200 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 2e9f4c97cc
NEW 		none[none] none:none
 none|none none none
07:21:00 WinXP 173.16.103.39 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:31:00 WinXP 118.237.135.141 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox:29 hits: 06-22 to 09-27] 		none[4] none:none
 none|none none trace
07:36:00 Win2K-f 24.66.225.88 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
07:42:00 Win2K-f 61.34.136.38 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
07:51:00 WinXP 24.109.203.175 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 4b2541d5f7
[Firefox:11 hits: 08-19 to 09-27] 		none[none] none:none
 none|none none none
07:53:00 WinXP 170.51.89.52 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:258 hits: 05-22 to 09-29] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:07:54:00 WinXP 123.54.14.49 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
HENAN, GUIZHOU, CN. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:126 hits: 01-03 to 09-29] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:07:59:00 Win2K-f 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:01:00 WinXP 87.110.106.217 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 c05385e600
[Firefox:18 hits: 01-20 to 09-27] 		6a383b021d [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:01:00 WinXP 186.9.71.223 (-):
. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 68bb55178d
NEW 		none[none] none:none
 none|none none none
08:10:00 WinXP 89.34.203.54 (BERCENI.NET):
SC-OMNINET-TELECOM-SRL,
RO. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:12:00 WinXP 89.34.203.54 (BERCENI.NET):
SC-OMNINET-TELECOM-SRL,
RO. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:18:00 WinXP 122.120.242.97 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
08:20:00 Win2K-f 63.246.52.104 (GEUSNET.NET):
GEUS,
GREENVILLE, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
08:24:00 WinXP 220.129.69.31 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
08:32:00 WinXP 70.168.131.92 (COX.NET):
COX COMMUNICATIONS,
FALLS CHURCH, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
08:45:00 Win2K-f 208.127.97.158 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
0 of 32
29 of 33		 0d3fafbf29
[Firefox: 4 hits: 06-21 to 09-19]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29]
d401773a07
[Firefox: 4 hits: 06-21 to 09-19] 		0d3fafbf29 [1]
b5919931fe[1]
none [4] 		ASM:Graph
ASM:Graph
none:none
 Armadillo|
ASProtect|
tElock| 		lines=82
lines=90
none 		trace
trace
trace
T:08:47:00 WinXP 122.53.13.107 (PLDT.NET):
IPG,
PH. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 3b069bdf62
NEW 		none[none] none:none
 none|none none none
T:08:50:00 WinXP 68.147.151.75 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:29 hits: 09-13 to 09-28] 		none[none] none:none
 none|none none none
T:08:51:00 Win2K-f 219.115.217.169 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
TOYONAKA, OSAKA, JP. 		194.109.11.65:6556 194.109.11.65:1023 NL:0x80.online-software.org 135 pcap raw alerts
ruleset 		other
191 lines 		Yeah : 1.8
profile 		none summary
tarball 		36 of 36 0c01728b7e
[Firefox: 3 hits: 08-30 to 09-28] 		none[none] none:none
 none|none none none
08:54:00 WinXP 70.168.7.39 (COX.NET):
COX COMMUNICATIONS,
BRISTOL, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:57:00 WinXP 210.79.128.174 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:571 hits: 01-01 to 09-29] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
09:04:00 Win2K-f 64.228.99.148 (BELL.CA):
SYMPATICO,
TORONTO, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
84 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:09:16:00 WinXP 92.98.9.254 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:22 hits: 08-09 to 09-29] 		none[none] none:none
 none|none none none
T:09:22:00 Win2K-f 70.182.94.50 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 87e1117f2a
[Firefox: 9 hits: 07-18 to 09-24]
b4fe4581c3
[Firefox: 9 hits: 07-18 to 09-24] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:09:26:00 Win2K-f 186.12.21.231 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:258 hits: 05-22 to 09-29] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:09:31:00 WinXP 12.77.213.89 (ATT.NET):
AT&T WORLDNET SERVICES,
MORRISTOWN, NEW JERSEY, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:09:39:00 WinXP 82.236.116.91 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 71d5528293
[Firefox: 4 hits: 09-13 to 09-17] 		none[none] none:none
 none|none none none
T:09:40:00 WinXP 91.145.202.148 (-):
LIMITED LIABILITY COMPANY ASTELIT,
AMSTERDAM, NOORD-HOLLAND, NL. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:22 hits: 09-17 to 09-28] 		none[none] none:none
 none|none none none
T:09:40:00 WinXP 89.207.65.21 (-):
JOINT STOCK COMPANY SVYAZIST,
RU. 		194.54.90.246:80 :proxima.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 bfa308b13a
[Firefox:11 hits: 02-29 to 05-05] 		7586a2002b [0] ASM:Graph
 PolyEnE| lines=0 trace
T:09:42:00 WinXP 87.110.142.42 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
:adult-empire.com
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 13c460fd31
NEW 		none[none] none:none
 none|none none none
09:42:00 WinXP 81.13.130.58 (-):
IP DHCP SION,
SION, VALAIS, CH. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 ca47a36342
[Firefox: 9 hits: 02-16 to 09-29] 		c3a58f69c6 [0] ASM:Graph
 PolyEnE| lines=89
embedded dns 		trace
T:10:02:00 WinXP 201.49.197.164 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 3baa8fcc3d
NEW 		none[none] none:none
 none|none none none
T:10:18:00 WinXP 87.12.150.97 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 		213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:258 hits: 05-22 to 09-29] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:10:32:00 WinXP 82.130.162.137 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
SAN SEBASTIAN, PAIS VASCO, ES. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
10:32:00 WinXP 4.179.134.197 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WALNUT CREEK, CALIFORNIA, US. (DIAL) 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
143 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
32 of 36		 31dbe08df8
NEW
78a1dce44a
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:10:50:00 Win2K-f 4.236.126.24 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOKLYN, NEW YORK, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.99.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:10:58:00 Win2K-f 99.158.41.225 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
8 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29]
b7082104e4
[Firefox:156 hits: 06-18 to 09-29] 		none[4]
b5919931fe[1]
none [4] 		none:none
ASM:Graph
none:none
 tElock|
ASProtect|
tElock| 		none
lines=90
none 		trace
trace
trace
11:04:00 WinXP 117.99.32.142 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
11:06:00 Win2K-f 124.61.39.56 (-):
POWERCOM,
KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
34 of 36		 58408136a4
[Firefox:19 hits: 06-28 to 09-23]
7655e4d162
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:08:00 Win2K-f 24.32.106.4 (CEBRIDGE.NET):
CEBRIDGE CONNECTIONS,
CABOT, ARKANSAS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:26:00 Win2K-f 170.51.57.130 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:29:00 WinXP 118.222.45.40 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
:proxima.ircgalaxy.pl
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
33 of 33		 776985f561
[Firefox:15 hits: 06-24 to 09-24]
97fef473b9
NEW 		776985f561 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=82
none 		trace
none
11:36:00 Win2K-f 68.144.24.135 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
22 of 36		 1eacab1cc9
NEW
d43f7bdb88
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:37:00 WinXP 82.154.187.134 (DSL.TELEPAC.PT):
TELEPAC - COMUNICACOES INTERACTIVAS SA,
PT. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
11:48:00 WinXP 71.68.86.69 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MONROE, NORTH CAROLINA, US. 		n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:548 hits: 01-01 to 09-29] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
11:53:00 WinXP 68.145.116.78 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
673 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 9eff47183a
NEW 		none[none] none:none
 none|none none none
12:12:00 WinXP 117.99.62.157 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:22 hits: 09-17 to 09-28] 		none[none] none:none
 none|none none none
T:12:12:00 WinXP 207.5.188.162 (GWI.NET):
GREAT WORKS INTERNET,
SHAPLEIGH, MAINE, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		2 of 36 22de60782a
NEW 		none[none] none:none
 none|none none none
T:12:13:00 WinXP 117.99.62.157 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:22 hits: 09-17 to 09-28] 		none[none] none:none
 none|none none none
12:19:00 WinXP 70.240.85.213 (SWBELL.NET):
PPPOX POOL - RBACK19 HSTNTX,
HOUSTON, TEXAS, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
http
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:548 hits: 01-01 to 09-29] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:12:28:00 WinXP 117.99.62.221 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:12:32:00 WinXP 76.176.159.70 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN DIEGO, CALIFORNIA, US. 		n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
SE:qis.md.us.dal.net
:lulea.se.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
12:47:00 WinXP 78.34.24.222 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
KOELN, NORDRHEIN-WESTFALEN, DE. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:22 hits: 09-17 to 09-28] 		none[none] none:none
 none|none none none
T:12:56:00 WinXP 189.48.221.200 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 c8b162e3a6
NEW 		none[none] none:none
 none|none none none
12:58:00 Win2K-f 140.239.41.75 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 32		 73ce2b74da
[Firefox:17 hits: 06-18 to 09-28]
79c01ec060
[Firefox:47 hits: 06-18 to 09-28]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		73ce2b74da [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:13:07:00 WinXP 75.177.169.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:439 hits: 12-31 to 09-29] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
13:12:00 WinXP 41.214.161.187 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:13:12:00 WinXP 41.214.161.187 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
13:13:00 WinXP 190.191.87.46 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:29 hits: 09-13 to 09-28] 		none[none] none:none
 none|none none none
T:13:37:00 Win2K-f 99.181.181.239 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:46:00 WinXP 66.53.83.245 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. 		n/a RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
US:lia.zanet.net
:diemen.nl.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:coins.dal.net
:flanders.be.eu.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:13:56:00 WinXP 68.145.40.9 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 95d9507747
NEW 		none[none] none:none
 none|none none none
14:06:00 WinXP 170.51.96.207 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:258 hits: 05-22 to 09-29] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
14:07:00 Win2K-f 72.251.74.90 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:14:16:00 WinXP 72.184.216.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.46:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:14:27:00 WinXP 213.122.8.87 (BTOPENWORLD.COM):
BT-WEBPORT,
LONDON, ENGLAND, UK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
14:31:00 Win2K-f 211.186.195.33 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:209.84.20.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
34 of 36		 4c3df24b32
[Firefox:204 hits: 06-17 to 09-29]
e2e45762bf
NEW 		4c3df24b32 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
14:49:00 Win2K-f 121.73.6.241 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		http
349 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 7f89b38665
[Firefox:17 hits: 08-02 to 09-26]
a51a50404e
[Firefox:17 hits: 08-02 to 09-26]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
15:36:00 WinXP 41.214.165.7 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:38:00 WinXP 69.154.55.101 (SWBELL.NET):
PPPOX POOL - RBACK2 WACOTX 081004-1919,
TEMPLE, TEXAS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 36 9c1f1407f9
NEW 		none[none] none:none
 none|none none none
T:15:45:00 WinXP 12.215.100.211 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
BURLINGTON, KANSAS, US. 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
15:48:00 Win2K-f 24.76.72.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.104.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 40870345c3
[Firefox: 3 hits: 09-22 to 09-25]
6c539a9f23
[Firefox: 3 hits: 09-22 to 09-25] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
16:04:00 WinXP 125.58.90.19 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
16:04:00 WinXP 204.210.154.70 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:04:00 WinXP 204.210.154.70 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:11:00 Win2K-f 122.146.226.238 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.41:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
16:18:00 Win2K-f 4.253.114.135 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PLYMOUTH, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:19:00 Win2K-f 208.127.8.230 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.123:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:21:00 WinXP 24.78.165.140 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7ab7b989fe
NEW 		none[none] none:none
 none|none none none
16:24:00 WinXP 140.239.41.188 (XO.NET):
XO COMMUNICATIONS,
CAMBRIDGE, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:207.123.37.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 73ce2b74da
[Firefox:17 hits: 06-18 to 09-28]
79c01ec060
[Firefox:47 hits: 06-18 to 09-28] 		73ce2b74da [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
16:33:00 WinXP 85.241.224.248 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:126 hits: 01-03 to 09-29] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:41:00 Win2K-f 63.246.122.205 (SPEAKEASY.NET):
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.115:80 		135 pcap raw alerts
ruleset 		other
175 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:49:00 WinXP 213.22.59.48 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
AMADORA, LISBOA, PT. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox:25 hits: 04-05 to 09-29] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
T:16:57:00 WinXP 85.181.109.26 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:439 hits: 12-31 to 09-29] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
17:08:00 Win2K-f 4.225.18.22 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.41:80
US:208.111.173.42:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:19:00 Win2K-f 72.184.216.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:17:31:00 WinXP 76.200.149.137 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:145 hits: 01-08 to 09-29] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
17:41:00 Win2K-f 63.174.142.133 (SIDLINGER.COM):
SIDLINGER COMPUTER CORPORATION,
HOUSTON, TEXAS, US. 		n/a   135 pcap raw alerts
ruleset 		other
157 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 36 a3b8b12699
NEW 		none[none] none:none
 none|none none none
T:17:46:00 Win2K-f 170.51.91.74 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 36 7b84f08f30
NEW 		none[none] none:none
 none|none none none
18:05:00 WinXP 76.200.149.137 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:145 hits: 01-08 to 09-29] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
18:08:00 WinXP 70.142.21.147 (SBCGLOBAL.NET):
PPPOX POOL - BRAS1.RENOCS,
RENO, NEVADA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:139 hits: 01-01 to 09-29] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
18:32:00 Win2K-f 222.234.234.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:207.123.46.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 b74e792974
[Firefox:10 hits: 06-18 to 09-22]
f0e73c39a8
[Firefox:11 hits: 06-18 to 09-22] 		b74e792974 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
T:18:40:00 WinXP 64.139.104.242 (RCABLETV.COM):
NCI DATA.COM INC,
REPUBLIC, WASHINGTON, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:18:57:00 WinXP 122.132.205.136 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:571 hits: 01-01 to 09-29] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:18:57:00 Win2K-f 220.128.125.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
29 of 32		 57ce4acac2
[Firefox:217 hits: 06-17 to 09-29]
83f26f5044
[Firefox:22 hits: 06-20 to 09-29] 		57ce4acac2 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
T:19:22:00 WinXP 63.160.234.135 (SPRINTLINK.NET):
SPRINT,
PULLMAN, WASHINGTON, US. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:22 hits: 09-17 to 09-28] 		none[none] none:none
 none|none none none
T:19:23:00 WinXP 12.77.212.130 (ATT.NET):
AT&T WORLDNET SERVICES,
MORRISTOWN, NEW JERSEY, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
19:23:00 Win2K-f 4.225.141.20 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAWRENCEBURG, INDIANA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
34 lines 		Yeah : 1.3
profile 		none summary
tarball 		2 of 36 38ba49d65c
NEW 		none[none] none:none
 none|none none none
19:24:00 WinXP 12.77.212.130 (ATT.NET):
AT&T WORLDNET SERVICES,
MORRISTOWN, NEW JERSEY, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
19:25:00 Win2K-f 4.84.76.241 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MOBILE, ALABAMA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:31:00 WinXP 69.89.102.70 (ACD.NET):
ACD.NET,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80
US:208.111.173.41:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:44:00 Win2K-f 4.138.47.59 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NASHVILLE, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:206.33.45.125:80
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		other
106 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
b7082104e4
[Firefox:156 hits: 06-18 to 09-29] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
19:50:00 WinXP 92.96.114.81 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:145 hits: 01-08 to 09-29] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:20:12:00 Win2K-f 210.126.212.149 (KRLINE.NET):
KRNIC,
KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.41:80
US:208.111.173.42:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:45:00 Win2K-f 63.23.45.20 (UU.NET):
UUNET TECHNOLOGIES INC,
SAN FRANCISCO, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
164 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
20:45:00 WinXP 114.58.46.82 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 01ccd8c1fd
NEW 		none[none] none:none
 none|none none none
T:20:46:00 Win2K-f 4.131.217.70 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN JOSE, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
61 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
b7082104e4
[Firefox:156 hits: 06-18 to 09-29] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
20:46:00 Win2K-f 74.67.48.111 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29]
b5919931fe
[Firefox:688 hits: 06-20 to 09-29] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:57:00 WinXP 172.130.131.188 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 3373948767
[Firefox:26 hits: 07-03 to 09-25]
c73f738c30
[Firefox:26 hits: 07-03 to 09-25] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:11:00 WinXP 75.185.199.140 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
21:41:00 WinXP 122.146.81.71 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:50:00 WinXP 97.76.195.173 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:22 hits: 08-09 to 09-29] 		none[none] none:none
 none|none none none
T:21:52:00 Win2K-f 172.163.33.185 (AOL.COM):
AMERICA ONLINE,
US. 		n/a   135 pcap raw alerts
ruleset 		other
140 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
21:53:00 WinXP 122.146.240.172 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
21:57:00 WinXP 24.87.150.85 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NEW WESTMINSTER, BRITISH COLUMBIA, CA. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 726638fb22
[Firefox: 2 hits: 09-19 to 09-25] 		none[none] none:none
 none|none none none
22:17:00 WinXP 116.127.229.49 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.41.124:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 776985f561
[Firefox:15 hits: 06-24 to 09-24]
8ec6129efe
[Firefox:15 hits: 06-24 to 09-24] 		776985f561 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
22:19:00 Win2K-f 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.41.124:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:28:00 Win2K-f 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
57ce4acac2
[Firefox:217 hits: 06-17 to 09-29] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:41:00 WinXP 98.135.221.244 (-):
. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 c019bc8764
NEW 		none[none] none:none
 none|none none none
T:22:45:00 Win2K-f 24.67.228.47 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VERNON, BRITISH COLUMBIA, CA. (DSL) 		72.10.172.218:7382 :proxim.ircgalaxy.pl
CA:italian.swiifatecihno.com 		135 pcap raw alerts
ruleset 		irc
823 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 d3be2c7a88
NEW 		none[none] none:none
 none|none none none
T:22:46:00 Win2K-f 211.200.251.115 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 		135 pcap raw alerts
ruleset 		http
136 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
30 of 33		 69be040d0b
[Firefox: 5 hits: 06-21 to 08-20]
81bbbeac34
[Firefox: 5 hits: 06-21 to 08-20] 		none[4]
81bbbeac34[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:22:49:00 WinXP 74.220.78.203 (CRUZIO.COM):
CRUZIO,
SANTA CRUZ, CALIFORNIA, US. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 f0b49cdcfc
[Firefox:16 hits: 07-04 to 09-20] 		none[none] none:none
 none|none none none
T:22:50:00 WinXP 4.161.21.201 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.73.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
150 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:55:00 WinXP 75.36.121.141 (SBCGLOBAL.NET):
IRIS MFG INC,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		1 of 33
33 of 33		 4ca3056804
[Firefox: 4 hits: 06-18 to 07-06]
53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29] 		4ca3056804 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
23:11:00 WinXP 92.113.83.138 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:647 hits: 12-31 to 09-29] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
23:34:00 WinXP 76.78.49.200 (APOGEENET.NET):
APOGEE TELECOM INC,
AUSTIN, TEXAS, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 2d6c8c447f
[Firefox: 7 hits: 09-16 to 09-27] 		none[none] none:none
 none|none none none
23:43:00 Win2K-f 210.126.168.137 (KRLINE.NET):
KRNIC,
KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
73f1082158
[Firefox:1301 hits: 06-18 to 09-29] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:23:44:00 Win2K-f 211.239.4.83 (EPNETWORKS.CO.KR):
ENTERPRISENET-INFRA,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33
29 of 33		 686d4ca67b
[Firefox: 7 hits: 07-08 to 09-15]
b7e379b157
[Firefox: 7 hits: 07-08 to 09-15] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:23:46:00 WinXP 204.193.213.177 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1193 hits: 12-31 to 09-29] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:53:00 WinXP 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2628 hits: 06-17 to 09-29]
a08f3b74a4
[Firefox:926 hits: 06-18 to 09-29]
e07c29c4ae
[Firefox:529 hits: 06-19 to 09-29] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:23:57:00 Win2K-f 66.209.131.154 (BRIGHT.NET):
TSC,
AKRON, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.123:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
0 of 36
31 of 35		 039e3fa376
[Firefox: 6 hits: 07-24 to 09-29]
57563d3af4
NEW
76f2c59ef8
[Firefox: 6 hits: 07-24 to 09-29] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none