Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 October 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:13:00 Win2K-f 4.178.69.70 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MONROE, WASHINGTON, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 		135 pcap raw alerts
ruleset 		other
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:36:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.73.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
89 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
57ce4acac2
[Firefox:222 hits: 06-17 to 10-01] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:00:36:00 Win2K-f 203.115.155.195 (BTI.NET.PH):
BAYANTEL DSL INFRASTRUCTURE,
QUEZON CITY, MANILA, PH. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:00:38:00 Win2K-f 98.175.171.32 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:198.78.201.126:80
US:205.128.73.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
32 of 36		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
bea8cb1865
[Firefox:20 hits: 08-11 to 09-29] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:00:40:00 WinXP 79.132.209.156 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:00.devoid.us
UA:citi-bank.ru
US:208.73.210.32:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1e24e409d6
NEW 		none[none] none:none
 none|none none none
T:00:55:00 WinXP 92.124.16.138 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 ca47a36342
[Firefox:10 hits: 02-16 to 09-30] 		c3a58f69c6 [0] ASM:Graph
 PolyEnE| lines=89
embedded dns 		trace
01:01:00 WinXP 98.140.59.60 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:01:00 Win2K-f 78.106.170.136 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		0 of 32 b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		b5919931fe [1] ASM:Graph
 ASProtect| lines=90 trace
T:01:02:00 WinXP 68.119.200.156 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:11:00 WinXP 119.94.49.79 (-):
. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
SE:qis.md.us.dal.net
SE:ced.dal.net
AT:graz.at.eu.undernet.org
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
NL:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
SE:coins.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 22999be88c
[Firefox:28 hits: 04-05 to 10-01] 		eda2056971 [0] ASM:Graph
 PolyEnE| lines=154
embedded dns 		trace
01:12:00 WinXP 38.106.106.203 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 33		 3cd7958258
[Firefox:27 hits: 06-17 to 09-23]
41efedf70f
[Firefox:26 hits: 06-19 to 09-23]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
41efedf70f[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
T:01:16:00 WinXP 212.106.29.191 (POLBOX.PL):
POLBOX,
PL. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 d9a4f2f314
NEW 		none[none] none:none
 none|none none none
01:18:00 WinXP 206.172.193.35 (BELL.CA):
SYMPATICO,
LINSDAY, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
171 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:30:00 Win2K-f 24.65.253.120 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
31 of 32
23 of 33		 b5919931fe
[Firefox:713 hits: 06-20 to 10-01]
bca9e0fb5f
[Firefox:33 hits: 06-18 to 10-01]
e53a9ea82e
[Firefox:33 hits: 06-18 to 10-01] 		b5919931fe [1]
none [4]
e53a9ea82e[1] 		ASM:Graph
none:none
ASM:Graph
 ASProtect|
PolyEnE|
Armadillo| 		lines=90
none
lines=81 		trace
trace
trace
01:47:00 WinXP 82.200.244.221 (-):
ALMATYTELECOM,
ALMATY, ALMATY, KZ. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:659 hits: 12-31 to 10-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:01:47:00 WinXP 92.96.85.71 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:01:57:00 WinXP 217.185.25.150 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
US:208.73.210.32:80
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 0ada72d805
[Firefox:21 hits: 01-16 to 09-24] 		239ec78f15 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
01:59:00 WinXP 220.215.221.12 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
02:12:00 WinXP 98.175.171.32 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:208.111.148.15:80
US:208.111.148.23:80 		135 pcap raw alerts
ruleset 		other
95 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
32 of 36		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
bea8cb1865
[Firefox:20 hits: 08-11 to 09-29] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
02:18:00 WinXP 70.166.93.100 (COX.NET):
COX COMMUNICATIONS,
EL CAJON, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:02:49:00 WinXP 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
03:07:00 WinXP 118.219.236.50 (-):
. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		http
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
31 of 33		 0f7b6b4c31
[Firefox: 5 hits: 08-09 to 09-13]
168aab35a3
[Firefox:150 hits: 06-17 to 10-01] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
03:20:00 WinXP 87.57.182.43 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:25 hits: 08-02 to 09-13] 		none[none] none:none
 none|none none none
03:36:00 WinXP 78.142.62.139 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:31 hits: 09-13 to 09-30] 		none[none] none:none
 none|none none none
T:03:42:00 WinXP 12.214.124.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
VERNON HILLS, ILLINOIS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
17 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
03:52:00 WinXP 86.56.73.105 (-):
INFOCITY,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:148 hits: 01-08 to 09-30] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:04:03:00 WinXP 66.88.98.162 (XO.NET):
XO COMMUNICATIONS,
HOLLYWOOD, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.201.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:14:00 Win2K-f 71.108.234.69 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
COVINA, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:15:00 WinXP 91.163.245.103 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE DSL BROADBAND POOLS,
DIJON, BOURGOGNE, FR. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 32a0d7d0e0
[Firefox:22 hits: 01-11 to 09-17] 		d791762796 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
T:04:15:00 WinXP 91.163.245.103 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE DSL BROADBAND POOLS,
DIJON, BOURGOGNE, FR. (DIAL) 		n/a RU:moscow-advokat.ru
EU:gaz-prom.ru 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 32a0d7d0e0
[Firefox:22 hits: 01-11 to 09-17] 		d791762796 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
T:04:27:00 WinXP 61.227.71.98 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f353d4eed9
[Firefox:27 hits: 09-17 to 09-30] 		none[none] none:none
 none|none none none
04:45:00 WinXP 60.237.205.124 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:576 hits: 01-01 to 10-01] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:05:01:00 WinXP 121.58.203.44 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:31 hits: 09-13 to 09-30] 		none[none] none:none
 none|none none none
05:10:00 WinXP 86.129.235.131 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:443 hits: 12-31 to 10-01] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
05:30:00 WinXP 87.247.75.245 (INTURBO.LT):
OPTICAL RESIDENT CLIENT POOL,
LT. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 226df4e471
NEW 		none[none] none:none
 none|none none none
T:05:35:00 WinXP 60.236.79.246 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
05:36:00 WinXP 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:06:03:00 Win2K-f 70.182.251.209 (MAXONCORP.COM):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 		135 pcap raw alerts
ruleset 		other
188 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
33 of 36		 aa9a5814b5
[Firefox: 3 hits: 08-18 to 09-16]
d65dae6c35
[Firefox: 3 hits: 08-18 to 09-16] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:06:04:00 Win2K-f 68.123.224.67 (PACBELL.NET):
PPPOX POOL - RBACK4 IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.99.126:80
US:199.93.41.124:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:11:00 Win2K-f 70.184.4.247 (COX.NET):
COX COMMUNICATIONS,
MACON, GEORGIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
164 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 29ae13a587
NEW 		none[none] none:none
 none|none none none
06:14:00 WinXP 189.24.113.204 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:06:38:00 WinXP 216.10.170.170 (WISPNET.NET):
WISPNET LLC,
WILSON, NORTH CAROLINA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
:wpad
US:208.73.210.32:80 		445 pcap raw alerts
ruleset 		http
http
http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:261 hits: 01-01 to 10-01] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
06:47:00 WinXP 98.134.123.85 (-):
. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
117 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33
31 of 33
0 of 33		 6d86a1ff5a
[Firefox:39 hits: 06-25 to 09-29]
7f6e032fc0
[Firefox:39 hits: 06-25 to 09-29]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
06:49:00 WinXP 86.27.69.53 (VIRGIN.NET):
NTL INFRASTRUCTURE - VISP IP POOLS,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:06:50:00 Win2K-f 189.48.126.189 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a :qtas.net 445 pcap raw alerts
ruleset 		http
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:59:00 WinXP 118.236.100.138 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 93385541f3
[Firefox:30 hits: 06-22 to 09-30] 		none[4] none:none
 none|none none trace
T:07:10:00 WinXP 41.214.167.38 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:130 hits: 01-03 to 10-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:18:00 WinXP 77.21.178.194 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 bfec7d0b0b
[Firefox:13 hits: 08-06 to 09-27] 		none[none] none:none
 none|none none none
T:07:28:00 WinXP 213.22.230.66 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 a85b7b6e78
NEW 		none[none] none:none
 none|none none none
07:29:00 WinXP 122.134.156.91 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:576 hits: 01-01 to 10-01] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
07:55:00 WinXP 82.246.186.22 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 e8b896b446
NEW 		none[none] none:none
 none|none none none
T:07:55:00 WinXP 220.145.38.116 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
08:02:00 WinXP 74.70.242.228 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
08:10:00 Win2K-f 70.65.17.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
08:19:00 Win2K-f 75.33.72.253 (SBCGLOBAL.NET):
PPPOX POOL - RBACK7 BCVLOH,
CLEVELAND, OHIO, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
08:27:00 WinXP 69.208.5.35 (AMERITECH.NET):
RBACK3.AKRNOH,
CANTON, OHIO, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:08:31:00 WinXP 58.236.245.145 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
none
0 of 33		 4c3df24b32
[Firefox:206 hits: 06-17 to 10-01]
6a4845ca11
[Firefox:12 hits: 06-27 to 09-21]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		4c3df24b32 [1]
none [none]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
none|none
FSG| 		lines=81
none
lines=92 		trace
none
trace
08:32:00 WinXP 194.242.216.89 (PPP216-10.AKNET.IT):
DYNAMIC POOL FOR DIALUP ACCESS,
IT. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:659 hits: 12-31 to 10-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
09:10:00 WinXP 72.215.54.126 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
09:14:00 WinXP 86.129.235.131 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
09:26:00 WinXP 88.170.56.87 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 1a3f65aa8d
NEW 		none[none] none:none
 none|none none none
T:09:28:00 WinXP 88.170.56.87 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1a3f65aa8d
NEW 		none[none] none:none
 none|none none none
T:09:28:00 WinXP 4.131.143.252 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
09:30:00 WinXP 92.32.106.23 (IKBCC.COM):
EU-ZZ,
UK. 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru
US:crime-research.ru
US:www.worldbank.org
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
SE:kavkaz.tv
:pnlkria.ru
:kargai.ru
RU:alfabank.ru
:kfwfceki.ru
:nhuwxyuw.ru
:udluzuq.ru
:fiazpvnne.ru
:ppxuub.ru
GB:www.candidateverifier.com
US:prodexteam.net
:lvwgdhwlj.ru
:raxeqajrf.ru
:dhagunb.ru
:zpwmktjv.ru
NL:www.viruslist.com
:aadqca.ru
RU:www.cbr.ru
:ygnrqi.ru
:ycgnbe.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:38 hits: 04-18 to 09-28] 		none[3] none:none
 tElock| none trace
09:43:00 WinXP 61.205.93.144 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		28 of 29 3a813df3ed
[Firefox: 9 hits: 02-04 to 09-28] 		7759abbf55 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:09:57:00 WinXP 74.70.242.228 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. 		n/a   445 pcap raw alerts
ruleset 		shell
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:05:00 WinXP 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:207.123.46.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
10:23:00 WinXP 220.57.120.8 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
10:54:00 WinXP 78.142.62.139 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:31 hits: 09-13 to 09-30] 		none[none] none:none
 none|none none none
T:11:03:00 WinXP 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:198.78.220.124:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
11:16:00 Win2K-f 98.175.27.122 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:35:00 WinXP 96.10.72.122 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:208.111.173.52:80
US:208.111.173.53:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 34		 0bfa79dc19
[Firefox:17 hits: 07-22 to 10-01]
8dfb3b619f
[Firefox:18 hits: 07-22 to 10-01] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:54:00 WinXP 41.214.180.142 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:01:00 WinXP 66.65.199.253 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLIFTON PARK, NEW YORK, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
DE:ebookfinaltrash.ru
US:208.73.210.32:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:261 hits: 01-01 to 10-01] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:12:17:00 Win2K-f 79.132.209.189 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		33.119.81.22:135 EU:yandex.ru
:mx.yandex.ru
RU:smtp.yandex.ru 		135 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 31 4e4f880828
NEW 		f51803bfc5 [0] ASM:Graph
 FSG| lines=49 trace
12:43:00 WinXP 4.236.126.221 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOKLYN, NEW YORK, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 36		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
7e48a22ada
NEW 		none[4]
73f1082158[1]
none [none] 		none:none
ASM:Graph
none:none
 tElock|
Armadillo|
none|none 		none
lines=81
none 		trace
trace
none
13:01:00 WinXP 157.161.55.207 (INTERGGA.CH):
IMPROWARE AG,
BASEL, BASEL-STADT, CH. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:31 hits: 09-13 to 09-30] 		none[none] none:none
 none|none none none
13:15:00 WinXP 208.83.218.89 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:24 hits: 08-09 to 09-30] 		none[none] none:none
 none|none none none
T:13:47:00 WinXP 86.99.92.99 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:425 hits: 01-05 to 10-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:13:50:00 Win2K-f 165.247.0.140 (MINDSPRING.COM):
EARTHLINK INC,
BOSTON, MASSACHUSETTS, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 		135 pcap raw alerts
ruleset 		http
102 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:54:00 WinXP 92.60.228.75 (IKBCC.COM):
EU-ZZ,
UK. 		n/a :lmd-team.net 445 pcap raw alerts
ruleset 		ftp
http
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 33f39fef3e
NEW 		none[none] none:none
 none|none none none
T:14:03:00 WinXP 83.68.83.159 (TNP.PL):
BROADBAND_SERVICES,
PL. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 79fdac8c50
[Firefox: 3 hits: 09-16 to 10-01] 		none[none] none:none
 none|none none none
14:29:00 WinXP 24.70.26.59 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:14:45:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:659 hits: 12-31 to 10-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
14:45:00 WinXP 221.242.80.212 (UCOM.NE.JP):
UCOM CORP,
JP. (100Mbps) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:659 hits: 12-31 to 10-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:14:48:00 WinXP 96.10.207.137 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
14:48:00 WinXP 96.10.207.137 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
14:54:00 WinXP 87.110.57.208 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 1a88bd5450
NEW 		none[none] none:none
 none|none none none
T:15:05:00 Win2K-f 121.73.6.241 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		http
349 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 7f89b38665
[Firefox:19 hits: 08-02 to 10-01]
a51a50404e
[Firefox:19 hits: 08-02 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
15:08:00 WinXP 80.218.27.226 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b872c76081
[Firefox:31 hits: 09-13 to 09-30] 		none[none] none:none
 none|none none none
15:14:00 WinXP 204.193.214.188 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:14:00 WinXP 204.193.214.188 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:20:00 Win2K-f 70.67.134.13 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NANAIMO, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36
0 of 32		 12e484a198
[Firefox: 2 hits: 10-01 to 10-01]
2e43dc0077
[Firefox: 2 hits: 10-01 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
15:26:00 Win2K-f 207.5.188.162 (GWI.NET):
GREAT WORKS INTERNET,
SHAPLEIGH, MAINE, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:15:30:00 WinXP 190.139.226.247 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 cc263a661d
[Firefox: 9 hits: 09-24 to 10-01] 		none[none] none:none
 none|none none none
15:44:00 Win2K-f 70.182.91.221 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
94 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
32 of 36		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
bea8cb1865
[Firefox:20 hits: 08-11 to 09-29] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
T:15:52:00 WinXP 200.165.240.152 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 87bf2f533f
NEW 		none[none] none:none
 none|none none none
16:03:00 WinXP 76.176.175.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN DIEGO, CALIFORNIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:14:00 WinXP 67.11.53.123 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:24 hits: 08-09 to 09-30] 		none[none] none:none
 none|none none none
T:16:26:00 WinXP 70.70.51.27 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CHILLIWACK, BRITISH COLUMBIA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 13003605cc
[Firefox: 4 hits: 09-15 to 09-27] 		none[none] none:none
 none|none none none
16:32:00 WinXP 24.44.234.137 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
NORWALK, CONNECTICUT, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:16:34:00 WinXP 165.154.24.245 (ISPNETBILLING.COM):
HOOKUP COMMUNICATIONS,
COURTICE, ONTARIO, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:16:40:00 Win2K-f 24.76.226.5 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.99.126:80
US:205.128.73.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 40870345c3
[Firefox: 5 hits: 09-22 to 10-01]
6c539a9f23
[Firefox: 5 hits: 09-22 to 10-01] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:17:00:00 Win2K-f 71.99.85.56 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ST. PETERSBURG, FLORIDA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
17:08:00 WinXP 4.233.194.64 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 36 9f83d5113f
NEW 		none[none] none:none
 none|none none none
T:17:13:00 WinXP 208.126.75.91 (NETINS.NET):
NETINS INC,
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 cc263a661d
[Firefox: 9 hits: 09-24 to 10-01] 		none[none] none:none
 none|none none none
T:17:14:00 WinXP 93.163.56.30 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 c736218316
NEW 		none[none] none:none
 none|none none none
17:35:00 Win2K-f 172.165.7.104 (AOL.COM):
AMERICA ONLINE,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 		135 pcap raw alerts
ruleset 		http
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
0 of 32
29 of 33		 3373948767
[Firefox:28 hits: 07-03 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01]
c73f738c30
[Firefox:28 hits: 07-03 to 10-01] 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
17:45:00 WinXP 72.174.106.165 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:443 hits: 12-31 to 10-01] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
17:55:00 WinXP 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:207.123.47.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:04:00 WinXP 85.181.75.51 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:443 hits: 12-31 to 10-01] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:18:18:00 WinXP 76.78.47.48 (APOGEENET.NET):
APOGEE TELECOM INC,
AUSTIN, TEXAS, US. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 cdf8cd94a9
[Firefox:17 hits: 09-14 to 09-27] 		none[none] none:none
 none|none none none
T:18:23:00 WinXP 216.195.148.197 (GWI.NET):
GREAT WORKS INTERNET,
WISCASSET, MAINE, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:29:00 Win2K-f 65.185.123.119 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:30:00 Win2K-f 38.106.106.203 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 32
0 of 32		 3cd7958258
[Firefox:27 hits: 06-17 to 09-23]
41efedf70f
[Firefox:26 hits: 06-19 to 09-23]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
41efedf70f[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=82
lines=90 		trace
trace
trace
18:38:00 WinXP 75.63.146.230 (SBCGLOBAL.NET):
PPPOX ADSL - BRAS1.SNANTX,
DALLAS, TEXAS, US. (DSL) 		n/a UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
18:46:00 WinXP 117.97.98.218 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		24 of 36 18270a0f74
NEW 		none[none] none:none
 none|none none none
T:19:08:00 Win2K-f 24.28.92.110 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AUSTIN, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
b7082104e4
[Firefox:161 hits: 06-18 to 10-01] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
19:13:00 WinXP 67.33.235.88 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ATLANTA, GEORGIA, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:19:22:00 WinXP 24.234.205.195 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
19:51:00 WinXP 208.126.134.99 (-):
. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 cc263a661d
[Firefox: 9 hits: 09-24 to 10-01] 		none[none] none:none
 none|none none none
T:19:51:00 WinXP 24.85.10.213 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:03:00 Win2K-f 118.219.236.50 (-):
. 		n/a US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
31 of 33		 0f7b6b4c31
[Firefox: 5 hits: 08-09 to 09-13]
168aab35a3
[Firefox:150 hits: 06-17 to 10-01] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
20:13:00 WinXP 92.97.89.192 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 6b1c6d0395
[Firefox: 5 hits: 09-18 to 10-01] 		none[none] none:none
 none|none none none
T:20:13:00 WinXP 92.97.89.192 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
:lulea.se.eu.undernet.org
SE:ced.dal.net
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:qis.md.us.dal.net
SE:broadway.ny.us.dal.net
:caen.fr.eu.undernet.org
SE:ozbytes.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 6b1c6d0395
[Firefox: 5 hits: 09-18 to 10-01] 		none[none] none:none
 none|none none none
20:18:00 WinXP 77.21.179.131 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 47f8cf336a
NEW 		none[none] none:none
 none|none none none
20:37:00 WinXP 211.124.220.170 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
OSAKA, OSAKA, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.46:80
US:208.111.173.47:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:41:00 WinXP 69.24.120.111 (FFNI.COM):
FAIRNET LLC,
MONTICELLO, INDIANA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
20:43:00 WinXP 151.118.208.80 (QWEST.NET):
QWEST BROADBAND,
LITTLETON, COLORADO, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:45:00 Win2K-f 97.76.98.12 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:51:00 WinXP 130.13.115.48 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f04fb66461
[Firefox: 4 hits: 09-12 to 09-26] 		none[none] none:none
 none|none none none
20:53:00 WinXP 67.150.208.210 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SEATTLE, WASHINGTON, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 92c8e458d8
[Firefox: 5 hits: 02-24 to 08-14] 		4ba645ac3a [0] ASM:Graph
 none|none lines=62 trace
21:04:00 WinXP 24.94.138.206 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
51 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
29 of 29
0 of 36		 4efe664269
NEW
a12cab51ef
[Firefox:554 hits: 01-01 to 10-01]
d4d463169e
NEW 		none[none]
40f7f463c4[0]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASPack|
none|none 		none
lines=281
embedded dns
none 		none
trace
none
21:22:00 Win2K-f 70.166.159.68 (COX.NET):
COX COMMUNICATIONS,
QUEEN CREEK, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.52:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:50:00 Win2K-f 24.164.122.49 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SHELBY, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
b7082104e4
[Firefox:161 hits: 06-18 to 10-01] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
22:02:00 Win2K-f 206.169.217.124 (NETPTC.NET):
PONDEROSA CABLEVISION,
HANFORD, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:05:00 Win2K-f 76.89.18.176 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
b5919931fe
[Firefox:713 hits: 06-20 to 10-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:22:08:00 Win2K-f 206.169.217.124 (NETPTC.NET):
PONDEROSA CABLEVISION,
HANFORD, CALIFORNIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
161 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		a08f3b74a4 [1] ASM:Graph
 Armadillo| lines=81 trace
22:14:00 WinXP 98.172.138.101 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
22:20:00 Win2K-f 4.179.134.218 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WALNUT CREEK, CALIFORNIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
22:23:00 WinXP 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:23:08:00 WinXP 87.110.28.52 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 c05385e600
[Firefox:19 hits: 01-20 to 09-30] 		6a383b021d [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:15:00 WinXP 67.0.37.25 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
OMAHA, NEBRASKA, US. (DIAL) 		n/a SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
:shaheeds.org
US:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
FI:imgs2.kavkazcenter.com
:www.google.com
FI:static.kavkazchat.com
GB:www.chechenpress.co.uk
US:www.google-analytics.com
:www.youtube.com
US:video.google.com
US:72.29.65.216:80 		445 pcap raw alerts
ruleset 		http
209 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 ab5e47bf8d
[Firefox:42 hits: 01-02 to 10-01] 		none[3] none:none
 ASPack| none trace
23:18:00 WinXP 65.173.138.42 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1216 hits: 12-31 to 10-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:19:00 WinXP 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:199.93.44.124:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:23:00 WinXP 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
a08f3b74a4
[Firefox:944 hits: 06-18 to 10-01]
e07c29c4ae
[Firefox:538 hits: 06-19 to 10-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:23:34:00 Win2K-f 64.141.65.231 (MERCURYSPEED.COM):
BIG PIPE INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:2701 hits: 06-17 to 10-01]
73f1082158
[Firefox:1348 hits: 06-18 to 10-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace