Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 November 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:05:00 Win2K-f 71.115.135.68 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DENTON, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.37.124:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:11:00 Win2K-f 122.146.226.224 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
211 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
29 of 33		 4960618323
NEW
c7cd332f22
NEW 		none[4]
c7cd332f22[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
00:20:00 WinXP 89.41.110.129 (HOST-89-41-64-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. 		n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7fd7475c63
[Firefox: 3 hits: 10-29 to 10-31] 		none[none] none:none
 none|none none none
00:22:00 WinXP 130.234.185.195 (JYU.FI):
UNIVERSITY OF JYVASKYLA NETWORK,
JYVäSKYLä, LANSI-SUOMEN LAANI, FI. 		n/a US:mail.fucuzzy.com
US:mail.TIKTIKZ.COM
US:www.topgameland.com
US:209.205.196.2:80
US:209.205.196.3:80 		445 pcap raw alerts
ruleset 		other
1 line 		Yeah : 0.8
profile 		none summary
tarball 		5 of 36 fd419eefad
[Firefox: 7 hits: 10-31 to 11-01] 		none[none] none:none
 none|none none none
T:00:33:00 WinXP 89.137.200.14 (-):
ASTRAL CONSTANTA DOCSIS NETWORK,
CONSTANTA, CONSTANTA, RO. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:196 hits: 01-03 to 11-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:00:37:00 WinXP 123.48.75.175 (R-123-48-0-10.COMMUFA.JP):
CHUBU TELECOMMUNICATIONS CO. INC,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:644 hits: 01-01 to 11-01] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
00:42:00 WinXP 58.231.167.91 (-):
THRUNET-INFRA-DAEJEON05,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:198.78.201.126:80
US:204.160.104.126:80
US:205.128.70.126:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
32 of 33		 0a2b1894da
[Firefox:11 hits: 06-26 to 10-26]
414b95a784
[Firefox:11 hits: 06-26 to 10-26] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:14:00 Win2K-f 208.105.94.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.124:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:32:00 WinXP 66.156.88.21 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
ALPHARETTA, GEORGIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:207.123.42.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:32:00 WinXP 64.38.71.22 (SPEAKEASY.NET):
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 45d3b6bd28
[Firefox: 5 hits: 10-15 to 10-29] 		none[none] none:none
 none|none none none
01:34:00 Win2K-f 202.30.239.12 (-):
HYUNDAI MOTOR SERVICE,
SEOUL, KYONGGI-DO, KR. 		115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
:do-make-progress.com
:do-progress.com
:do-managed-scan.com
US:do-power-scan.com
115.126.2.110:80
115.126.2.121:65520
US:204.160.126.126:80
US:207.123.42.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		irc
http
251 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
32 of 36
none
11 of 36		 1fa62445aa
NEW
963d5f92ac
[Firefox: 2 hits: 10-28 to 11-01]
f5bad3f09c
NEW
fb8f82fcb3
[Firefox:23 hits: 10-24 to 10-28] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:01:41:00 WinXP 85.121.119.68 (-):
SC METRONETWORK SRL,
BUZAU, BUZAU, RO. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:27 hits: 10-01 to 10-28] 		none[none] none:none
 none|none none none
01:54:00 WinXP 64.130.101.238 (ANDYCABLE.COM):
TV CABLE COMPANY OF ANDALUSIA INC,
KENNER, LOUISIANA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80
US:205.128.70.126:80
US:207.123.37.124:80 		135 pcap raw alerts
ruleset 		other
178 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36
33 of 36		 8eeed71f19
NEW
fdc86dd410
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
01:58:00 WinXP 79.163.52.205 (-):
IDEA,
PL. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:18 hits: 10-21 to 11-01] 		none[none] none:none
 none|none none none
T:01:02:00 Win2K-f 118.222.98.47 (-):
. 		115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.125:80
US:204.160.104.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		irc
130 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 32
28 of 32		 8a75955033
[Firefox:42 hits: 06-20 to 11-01]
9276c8b36b
[Firefox:42 hits: 06-20 to 11-01] 		none[4]
9276c8b36b[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:01:18:00 WinXP 79.163.88.39 (-):
IDEA,
PL. 		115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		http
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 c8ed7380d2
NEW 		none[none] none:none
 none|none none none
01:20:00 Win2K-f 24.170.56.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
INGLESIDE, TEXAS, US. 		n/a   135 pcap raw alerts
ruleset 		other
61 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		a08f3b74a4 [1] ASM:Graph
 Armadillo| lines=81 trace
01:28:00 WinXP 217.201.23.162 (-):
TELECOM ITALIA MOBILE,
IT. 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none fb03f4310d
NEW 		none[none] none:none
 none|none none none
T:01:29:00 WinXP 217.201.23.162 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none fb03f4310d
NEW 		none[none] none:none
 none|none none none
01:34:00 Win2K-f 122.52.73.120 (PLDT.NET):
IPG,
PH. 		115.126.2.121:65520 US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl 		135 pcap raw alerts
ruleset 		http
irc
132 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33
33 of 33		 16874933ea
[Firefox:58 hits: 06-18 to 10-31]
76ee340669
[Firefox:58 hits: 06-18 to 10-31] 		16874933ea [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
PolyEnE| 		lines=82
none 		trace
trace
01:37:00 WinXP 82.234.179.125 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 55f9895cb6
NEW 		none[none] none:none
 none|none none none
01:37:00 Win2K-f 116.123.55.194 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.41.126:80
US:199.93.44.124:80 		135 pcap raw alerts
ruleset 		irc
105 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
2 of 35		 6ec2a8994b
[Firefox:30 hits: 06-18 to 10-28]
bcf66a38c8
[Firefox:17 hits: 07-30 to 10-28] 		none[4]
none [none] 		none:none
none:none
 tElock|
none|none 		none
none 		trace
none
01:55:00 Win2K-f 78.97.156.109 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		irc
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:01:00 WinXP 79.138.215.213 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:817 hits: 12-31 to 11-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
02:03:00 Win2K-f 96.247.232.32 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
02:26:00 Win2K-f 72.140.130.98 (ROGERS.COM):
ROGERS CABLE INC. KTGC,
TORONTO, ONTARIO, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
02:43:00 WinXP 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.124:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
57ce4acac2
[Firefox:316 hits: 06-17 to 11-01] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
02:47:00 WinXP 41.214.165.63 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:57 hits: 08-09 to 10-31] 		none[none] none:none
 none|none none none
T:03:07:00 Win2K-f 218.211.217.215 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.126:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
03:16:00 Win2K-f 203.153.243.178 (AMNET.NET.AU):
AMNET IT SERVICES PTY LTD,
PERTH, WESTERN AUSTRALIA, AU. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
03:17:00 WinXP 94.191.166.171 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:196 hits: 01-03 to 11-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
03:19:00 WinXP 203.184.1.193 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
NZ. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:115 hits: 01-14 to 10-30] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:03:23:00 WinXP 200.117.106.44 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 30b1c8ae06
[Firefox: 3 hits: 10-30 to 11-01] 		none[none] none:none
 none|none none none
T:03:44:00 WinXP 77.56.194.17 (SOLPA.NET):
CABLECOM,
ZURICH, ZURICH, CH. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 eaa9422755
[Firefox: 2 hits: 10-31 to 11-01] 		none[none] none:none
 none|none none none
03:44:00 WinXP 77.56.194.17 (SOLPA.NET):
CABLECOM,
ZURICH, ZURICH, CH. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 eaa9422755
[Firefox: 2 hits: 10-31 to 11-01] 		none[none] none:none
 none|none none none
T:03:45:00 WinXP 89.218.204.155 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 4511dde3f5
NEW 		none[none] none:none
 none|none none none
03:50:00 WinXP 41.214.191.115 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:57 hits: 08-09 to 10-31] 		none[none] none:none
 none|none none none
T:03:57:00 WinXP 77.253.90.51 (COM.PL):
NETIA,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6c22914ec1
NEW 		none[none] none:none
 none|none none none
03:58:00 WinXP 77.253.90.51 (COM.PL):
NETIA,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6c22914ec1
NEW 		none[none] none:none
 none|none none none
04:05:00 WinXP 61.17.221.242 (VSNL.NET.IN):
VIDESH SANCHAR NIGAM LTD - INDIA,
COCHIN, KERALA, IN. (DSL) 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b23ffca78e
[Firefox: 3 hits: 10-24 to 10-25] 		none[none] none:none
 none|none none none
T:04:11:00 WinXP 83.69.62.252 (SCNET.CZ):
LOSAN S.R.O,
CZ. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:38 hits: 10-08 to 11-01] 		none[none] none:none
 none|none none none
04:12:00 WinXP 41.214.189.34 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 eca9a5fa95
[Firefox:57 hits: 08-09 to 10-31] 		none[none] none:none
 none|none none none
04:13:00 WinXP 63.23.82.244 (UU.NET):
UUNET TECHNOLOGIES INC,
LOS ANGELES, CALIFORNIA, US. 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru
US:www.worldbank.org
SE:kavkaz.tv
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
:kargai.ru
:kfwfceki.ru
:nhuwxyuw.ru
RU:alfabank.ru
:udluzuq.ru
:fiazpvnne.ru
GB:www.viruslist.com
:ppxuub.ru
:lvwgdhwlj.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:54 hits: 04-18 to 11-01] 		none[3] none:none
 tElock| none trace
T:04:14:00 WinXP 217.202.60.190 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 3daacf4294
NEW 		none[none] none:none
 none|none none none
04:14:00 WinXP 217.202.60.190 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none 3daacf4294
NEW 		none[none] none:none
 none|none none none
T:04:18:00 WinXP 89.33.140.26 (U-NITE.RO):
JUMP NETWORK SERVICES S.R.L,
RO. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:18 hits: 10-21 to 11-01] 		none[none] none:none
 none|none none none
04:28:00 WinXP 77.253.193.117 (COM.PL):
NETIA,
PL. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 6c22914ec1
NEW 		none[none] none:none
 none|none none none
04:32:00 WinXP 114.48.144.61 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 64d359864b
[Firefox: 4 hits: 10-20 to 10-30] 		none[none] none:none
 none|none none none
T:04:39:00 WinXP 217.43.90.252 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:501 hits: 12-31 to 11-01] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:04:59:00 WinXP 58.230.192.35 (-):
THRUNET-INFRA-SEOUL03,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:198.78.201.126:80
US:204.160.104.126:80
US:205.128.70.126:80 		135 pcap raw alerts
ruleset 		other
124 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 33
31 of 33		 1951eee0cd
[Firefox:15 hits: 06-18 to 10-25]
e5e0dbde57
[Firefox:15 hits: 06-18 to 10-25] 		1951eee0cd [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace
05:08:00 WinXP 210.233.204.126 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33
0 of 33		 3ed16ae12d
[Firefox:29 hits: 06-19 to 10-31]
79c01ec060
[Firefox:70 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		3ed16ae12d [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=81
none
lines=92 		trace
trace
trace
05:12:00 WinXP 119.154.34.140 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 871d68101a
NEW 		none[none] none:none
 none|none none none
05:42:00 WinXP 203.184.2.133 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
CHRISTCHURCH, CANTERBURY, NZ. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:501 hits: 12-31 to 11-01] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
05:50:00 Win2K-f 124.241.169.171 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:50:00 Win2K-f 70.184.4.247 (COX.NET):
COX COMMUNICATIONS,
MACON, GEORGIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
164 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 29ae13a587
[Firefox: 5 hits: 10-02 to 10-30] 		none[none] none:none
 none|none none none
05:58:00 WinXP 79.163.176.62 (-):
IDEA,
PL. 		n/a :proxim.ircgalaxy.pl
115.126.2.121:80 		445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 02ce2d42b8
[Firefox: 2 hits: 10-27 to 10-30] 		none[none] none:none
 none|none none none
06:20:00 Win2K-f 125.4.157.191 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 2e45ae247e
[Firefox: 6 hits: 06-25 to 08-24]
53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01] 		none[none]
none [4] 		none:none
none:none
 none|none
tElock| 		none
none 		none
trace
T:06:30:00 WinXP 200.146.66.13 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:196 hits: 01-03 to 11-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
06:45:00 WinXP 94.228.20.131 (-):
. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 29 330eaa2da2
[Firefox:21 hits: 01-28 to 09-30] 		none[3] none:none
 ASPack| none trace
T:06:46:00 WinXP 12.74.143.13 (ATT.NET):
AT&T WORLDNET SERVICES,
BRIDGETON, MISSOURI, US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:190 hits: 01-01 to 11-01] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:06:46:00 WinXP 125.58.90.19 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:205.128.70.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:52:00 WinXP 89.45.106.223 (-):
SC DIGITAL CABLE SYSTEMS SA,
RO. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none d95a140536
NEW 		none[none] none:none
 none|none none none
T:06:57:00 WinXP 66.153.215.10 (SCCOAST.NET):
HTC - CABLE MODEM POOL,
CONWAY, SOUTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
07:05:00 WinXP 186.12.24.224 (-):
. 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 428ae15458
[Firefox: 7 hits: 10-14 to 10-30] 		none[none] none:none
 none|none none none
T:07:05:00 WinXP 186.12.24.224 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 428ae15458
[Firefox: 7 hits: 10-14 to 10-30] 		none[none] none:none
 none|none none none
T:07:16:00 WinXP 118.231.22.55 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:115 hits: 01-14 to 10-30] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
07:16:00 WinXP 118.231.22.55 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:115 hits: 01-14 to 10-30] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
07:33:00 WinXP 84.74.88.74 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 4537e6a79f
NEW 		none[none] none:none
 none|none none none
T:07:36:00 WinXP 117.99.24.151 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:817 hits: 12-31 to 11-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
07:48:00 Win2K-f 208.100.228.186 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
241 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:52:00 WinXP 208.126.145.194 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 771f87c713
NEW 		none[none] none:none
 none|none none none
07:52:00 WinXP 208.126.145.194 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 771f87c713
NEW 		none[none] none:none
 none|none none none
T:07:58:00 WinXP 121.84.172.202 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 1bfebad740
[Firefox: 3 hits: 10-29 to 10-31] 		none[none] none:none
 none|none none none
08:00:00 WinXP 66.220.226.17 (VERMONTEL.NET):
VERMONT TELEPHONE COMPANY INC,
CHESTER, VERMONT, US. 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:54 hits: 04-18 to 11-01] 		none[3] none:none
 tElock| none trace
T:08:11:00 WinXP 12.49.149.213 (ATT.NET):
AT&T WORLDNET SERVICES,
US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none f3868e5649
NEW 		none[none] none:none
 none|none none none
08:27:00 WinXP 62.40.60.119 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d6df3972a0
[Firefox:35 hits: 01-07 to 10-28] 		39eeef52a4 [0] ASM:Graph
 PolyEnE| lines=65 trace
08:37:00 WinXP 81.198.39.123 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 2881209768
[Firefox: 9 hits: 10-22 to 10-31] 		none[none] none:none
 none|none none none
T:08:55:00 WinXP 203.88.176.61 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 		n/a :proxim.ircgalaxy.pl
US:mx1.hotmail.com
US:mailin-03.mx.aol.com
US:ftp.icq.com
US:yutunrz.1dumb.com
US:mailin-02.mx.aol.com
US:http.icq.com.edgesuite.net
115.126.2.121:65520 		135 pcap raw alerts
ruleset 		http
875 lines 		Yeah : 1.3
profile 		none summary
tarball 		none 2aea2b604d
NEW 		none[none] none:none
 none|none none none
T:09:00:00 WinXP 203.73.249.177 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1595515522
[Firefox: 7 hits: 10-09 to 11-01] 		none[none] none:none
 none|none none none
T:09:05:00 WinXP 87.116.207.161 (TNP.PL):
BROADBAND_SERVICES,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 5818023061
[Firefox: 7 hits: 01-03 to 11-01] 		a227e5e49d [0] ASM:Graph
 PolyEnE| lines=68 trace
09:06:00 WinXP 208.105.172.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:09:08:00 WinXP 88.174.26.11 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 d2548a0bf5
[Firefox: 6 hits: 10-03 to 10-27] 		none[none] none:none
 none|none none none
09:09:00 WinXP 88.174.26.11 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 d2548a0bf5
[Firefox: 6 hits: 10-03 to 10-27] 		none[none] none:none
 none|none none none
09:09:00 Win2K-f 71.72.193.221 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BOWLING GREEN, OHIO, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:09:17:00 WinXP 68.148.76.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		72.10.172.218:9283 :russia.blacktiehsbdcs.com
CA:munirah.nagitiriheiwu.net
CA:abc.ihshsd8.com
CA:72.10.169.26:3029 		135 pcap raw alerts
ruleset 		irc
520 lines 		Yeah : 1.8
profile 		none summary
tarball 		36 of 36 99bfd6101e
[Firefox: 3 hits: 09-19 to 10-26] 		none[none] none:none
 none|none none none
T:09:24:00 WinXP 77.203.109.78 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 		n/a UA:citi-bank.ru
:makemegood24.com
:6a5d7.makemegood24.com
:aaakemegood24.com
:perfectchoice1.com
:6a77d.perfectchoice1.com
**:bparfectchoice1.com
DE:cash-ddt.net
DE:6fec5.cash-ddt.net
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 36 0e5f51ee8e
[Firefox:15 hits: 10-11 to 10-27] 		none[none] none:none
 none|none none none
09:24:00 WinXP 77.203.109.78 (GAOLAND.NET):
DYNAMIC POOLS,
FR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 36 0e5f51ee8e
[Firefox:15 hits: 10-11 to 10-27] 		none[none] none:none
 none|none none none
T:09:26:00 WinXP 218.171.162.219 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 747de612f3
NEW 		none[none] none:none
 none|none none none
09:35:00 WinXP 99.161.134.124 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:207.123.46.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
b7082104e4
[Firefox:243 hits: 06-18 to 11-01] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
09:36:00 WinXP 82.225.163.87 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 70548905b8
NEW 		none[none] none:none
 none|none none none
09:59:00 WinXP 4.182.111.224 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
120 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
T:10:07:00 WinXP 4.190.167.21 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:204.160.126.126:80
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		http
183 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none
0 of 33		 32b63abe9f
NEW
8de2e679fa
NEW
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
T:10:12:00 WinXP 75.143.205.58 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 632e315db2
[Firefox:28 hits: 10-03 to 10-30] 		none[none] none:none
 none|none none none
10:15:00 Win2K-f 116.123.244.83 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
115.126.2.121:65520
US:199.93.53.125:80
US:207.123.37.124:80 		135 pcap raw alerts
ruleset 		http
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none
0 of 32		 2624cc4502
NEW
61357c03eb
NEW
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[none]
none [none]
b5919931fe[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
ASProtect| 		none
none
lines=90 		none
none
trace
10:25:00 WinXP 83.132.237.229 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LEIRIA, LEIRIA, PT. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none 8854661bdb
NEW 		none[none] none:none
 none|none none none
T:10:25:00 WinXP 83.132.237.229 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LEIRIA, LEIRIA, PT. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 8854661bdb
NEW 		none[none] none:none
 none|none none none
10:28:00 WinXP 204.193.209.36 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 34 a7003c5a33
[Firefox:14 hits: 10-21 to 10-29] 		none[none] none:none
 none|none none none
10:51:00 WinXP 4.155.251.136 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MARYLAND, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:516 hits: 01-05 to 11-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:10:54:00 WinXP 117.197.112.43 (-):
. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:07:00 WinXP 88.163.126.53 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none a1a2877587
NEW 		none[none] none:none
 none|none none none
T:11:07:00 WinXP 88.163.126.53 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		none a1a2877587
NEW 		none[none] none:none
 none|none none none
T:11:19:00 WinXP 4.155.251.136 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MARYLAND, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:516 hits: 01-05 to 11-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:11:23:00 WinXP 75.63.144.11 (SBCGLOBAL.NET):
PPPOX ADSL - BRAS1.SNANTX,
DALLAS, TEXAS, US. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
11:24:00 Win2K-f 4.169.125.144 (TECHNIP.US):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
11:30:00 Win2K-f 208.127.8.201 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
11:30:00 WinXP 118.218.21.111 (-):
. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:207.123.46.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
114 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33
0 of 33		 533d15b5ce
[Firefox:39 hits: 06-21 to 11-01]
58c343a8d8
[Firefox:43 hits: 06-21 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
58c343a8d8[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
T:11:31:00 Win2K-f 68.146.119.219 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:207.123.46.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 35
33 of 36		 6df8da6fb7
NEW
d5c7b042b7
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
11:33:00 WinXP 200.146.70.91 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:196 hits: 01-03 to 11-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:34:00 WinXP 200.146.70.91 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:196 hits: 01-03 to 11-01] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
11:55:00 WinXP 69.216.136.132 (AMERITECH.NET):
PPPOX POOL - RBACK5 SFLDMI,
DETROIT, MICHIGAN, US. (DIAL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
[Firefox:36 hits: 01-14 to 10-11] 		1c9a472cd7 [0] ASM:Graph
 PolyEnE| lines=71
embedded dns 		trace
11:57:00 WinXP 98.134.191.239 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 5e4f6ad9dc
[Firefox: 5 hits: 10-20 to 10-26] 		none[none] none:none
 none|none none none
11:57:00 WinXP 82.207.51.0 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN DONECK,
UA. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:11:57:00 WinXP 82.207.51.0 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN DONECK,
UA. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:01:00 WinXP 24.167.99.148 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:148 hits: 01-01 to 10-31] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
12:10:00 WinXP 74.34.184.188 (FRONTIERNET.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
ROCHESTER, NEW YORK, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:27 hits: 10-01 to 10-28] 		none[none] none:none
 none|none none none
T:12:19:00 WinXP 155.207.248.187 (AUTH.GR):
ARISTOTLE UNIVERSITY OF THESSALONIKI,
THESSALONIKI, THESSALONIKI, GR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:12:24:00 WinXP 24.76.34.184 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.124:80
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		other
123 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36
31 of 36		 0115338c8b
[Firefox:30 hits: 09-12 to 11-01]
321f4fc27d
[Firefox:30 hits: 09-12 to 11-01] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:12:52:00 WinXP 80.251.206.12 (-):
3 CUSTOMER DYNAMIC ADDRESS POOL,
SE. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 c0e2e2d5ee
[Firefox: 8 hits: 10-12 to 11-01] 		none[none] none:none
 none|none none none
T:13:08:00 Win2K-f 24.29.43.79 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALBANY, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:13:20:00 WinXP 218.220.163.168 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
TOYONAKA, OSAKA, JP. 		n/a   135 pcap raw alerts
ruleset 		other
240 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 32 fbacdd87c0
[Firefox: 5 hits: 06-06 to 10-31] 		none[4] none:none
 none|none none trace
13:40:00 WinXP 70.70.54.71 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 58daa6ab61
NEW 		none[none] none:none
 none|none none none
T:13:40:00 WinXP 70.70.54.71 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
115.126.2.121:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 58daa6ab61
NEW 		none[none] none:none
 none|none none none
14:09:00 WinXP 94.191.159.201 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:817 hits: 12-31 to 11-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
14:15:00 WinXP 74.219.195.63 (-):
. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:80
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 805afbac09
NEW 		none[none] none:none
 none|none none none
T:14:33:00 WinXP 96.14.203.50 (-):
. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
115.126.2.121:65520
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none ecd5a5a149
NEW 		none[none] none:none
 none|none none none
14:40:00 Win2K-f 4.139.108.107 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:14:47:00 Win2K-f 64.139.110.70 (JCURRY):
NCI DATA.COM INC,
OROVILLE, WASHINGTON, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
14:51:00 WinXP 65.190.162.216 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:115 hits: 01-14 to 10-30] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:14:51:00 WinXP 65.190.162.216 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:115 hits: 01-14 to 10-30] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
14:54:00 WinXP 70.235.69.132 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12 MRDNCT,
SEYMOUR, CONNECTICUT, US. (DSL) 		n/a :www.google.com.au
US:www.altavista.com
:jbeegvia.ru
SE:www.kavkazcenter.com
US:www.worldbank.org
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
:kargai.ru
GB:www.viruslist.com
:kfwfceki.ru
:nhuwxyuw.ru
RU:alfabank.ru
:udluzuq.ru
SE:kavkaz.tv
:fiazpvnne.ru
:ppxuub.ru
:lvwgdhwlj.ru
US:prodexteam.net
GB:www.candidateverifier.com
:raxeqajrf.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 bb7681eca8
[Firefox:12 hits: 09-26 to 10-30] 		none[none] none:none
 none|none none none
T:15:03:00 WinXP 67.150.126.25 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:295 hits: 01-01 to 11-01] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:15:17:00 WinXP 200.199.162.207 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:19:00 WinXP 115.69.157.236 (-):
. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none f3f1ed8b36
NEW 		none[none] none:none
 none|none none none
T:15:19:00 WinXP 115.69.157.236 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:80
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none f3f1ed8b36
NEW 		none[none] none:none
 none|none none none
15:20:00 WinXP 89.204.198.86 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
IE. 		n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 7e6e770f9e
[Firefox: 3 hits: 10-15 to 10-21] 		none[none] none:none
 none|none none none
15:30:00 Win2K-f 172.129.102.215 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
109 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32 73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		73f1082158 [1] ASM:Graph
 Armadillo| lines=81 trace
15:33:00 WinXP 87.246.62.152 (-):
CMTS CLIENTS IN SOFIA,
SOFIA, SOFIYA, BG. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 06a5e31b47
[Firefox: 4 hits: 10-28 to 11-01] 		none[none] none:none
 none|none none none
T:15:38:00 WinXP 85.122.46.152 (RNC.RO):
RNC,
RO. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 0fe6a497e1
NEW 		none[none] none:none
 none|none none none
15:44:00 WinXP 66.217.101.130 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:516 hits: 01-05 to 11-01] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
15:45:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.124:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:52:00 WinXP 67.150.126.25 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com 		445 pcap raw alerts
ruleset 		http
http
http
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:295 hits: 01-01 to 11-01] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:16:02:00 WinXP 77.241.143.88 (DATA.3.DK):
3 CUSTOMER DYNAMIC ADDRESS POOL,
DK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b1c85cee4b
[Firefox: 8 hits: 10-27 to 11-01] 		none[none] none:none
 none|none none none
T:16:04:00 Win2K-f 64.150.147.110 (SCCOAST.NET):
HTC COMMUNICATIONS LLC,
US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
16:05:00 WinXP 76.15.37.9 (MINDSPRING.COM):
EARTHLINK INC,
ATLANTA, GEORGIA, US. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:51 hits: 01-02 to 10-31] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
T:16:06:00 WinXP 76.15.37.9 (MINDSPRING.COM):
EARTHLINK INC,
ATLANTA, GEORGIA, US. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 f502585714
[Firefox:51 hits: 01-02 to 10-31] 		ae590430c5 [0] ASM:Graph
 PolyEnE| lines=63 trace
16:28:00 WinXP 186.12.87.14 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 621b0f9fe6
NEW 		none[none] none:none
 none|none none none
16:35:00 WinXP 4.248.228.116 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
156 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:16:40:00 Win2K-f 211.119.72.250 (BORA.NET):
BORANET-NET,
KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520 		135 pcap raw alerts
ruleset 		http
223 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 34
34 of 36		 3060fff5c0
[Firefox: 3 hits: 08-22 to 10-20]
a7d11d75cd
[Firefox: 3 hits: 08-22 to 10-20] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:16:44:00 WinXP 4.242.186.22 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
VANCOUVER, WASHINGTON, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		http
89 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:16:53:00 WinXP 71.64.27.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GROVE CITY, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:198.78.201.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:17:13:00 WinXP 124.66.254.35 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
17:13:00 WinXP 124.66.254.35 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1422 hits: 12-31 to 11-01] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:17:25:00 WinXP 204.193.214.27 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:38 hits: 10-08 to 11-01] 		none[none] none:none
 none|none none none
17:42:00 WinXP 64.38.71.22 (SPEAKEASY.NET):
US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 45d3b6bd28
[Firefox: 5 hits: 10-15 to 10-29] 		none[none] none:none
 none|none none none
17:50:00 Win2K-f 124.195.159.205 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
18:03:00 WinXP 64.38.73.114 (SPEAKEASY.NET):
US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 45d3b6bd28
[Firefox: 5 hits: 10-15 to 10-29] 		none[none] none:none
 none|none none none
T:18:03:00 WinXP 64.38.73.114 (SPEAKEASY.NET):
US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 45d3b6bd28
[Firefox: 5 hits: 10-15 to 10-29] 		none[none] none:none
 none|none none none
18:15:00 WinXP 98.141.161.158 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:18:25:00 WinXP 70.138.7.104 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12.MRDNCT,
SEYMOUR, CONNECTICUT, US. (DSL) 		n/a US:www.yahoo.com
:www.google.com.au
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 bb7681eca8
[Firefox:12 hits: 09-26 to 10-30] 		none[none] none:none
 none|none none none
T:18:31:00 WinXP 4.249.241.45 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GERMANTOWN, MARYLAND, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:27 hits: 10-01 to 10-28] 		none[none] none:none
 none|none none none
18:32:00 WinXP 117.99.56.83 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:817 hits: 12-31 to 11-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:18:32:00 WinXP 117.99.56.83 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
:lulea.se.eu.undernet.org
US:lia.zanet.net
:los-angeles.ca.us.undernet.org
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:817 hits: 12-31 to 11-01] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:18:41:00 WinXP 76.200.149.3 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:190 hits: 01-08 to 11-01] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
18:44:00 WinXP 93.156.27.192 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		115.126.2.121:65520 :proxim.ircgalaxy.pl
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
US:dl2.bundlext.com
US:b157.bundlext.com
US:www.speed-runner.com
115.126.2.121:65520
US:64.233.187.99:80 		445 pcap raw alerts
ruleset 		http
irc
http
http
http
196 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 36
23 of 36
25 of 36
20 of 35
21 of 33
35 of 36		 1616ef5e30
NEW
188a76e028
[Firefox:11 hits: 10-30 to 11-01]
2738d752a2
[Firefox:10 hits: 10-30 to 11-01]
359786c558
NEW
7b1de9d82d
[Firefox: 6 hits: 06-28 to 10-30]
7fd7475c63
[Firefox: 3 hits: 10-29 to 10-31] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none 		none
none
none
none
none
none
18:54:00 Win2K-f 209.127.91.31 (-):
TELSCAPE COMMUNICATIONS INC,
MONROVIA, CALIFORNIA, US. 		115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
US:192.221.108.126:80
US:192.221.96.126:80 		135 pcap raw alerts
ruleset 		irc
http
140 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 36
34 of 36
32 of 36		 188a76e028
[Firefox:11 hits: 10-30 to 11-01]
a8c074e136
[Firefox: 6 hits: 08-21 to 10-30]
fc22cbd605
[Firefox: 6 hits: 08-21 to 10-30] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:19:09:00 WinXP 70.61.104.5 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:34:00 WinXP 4.225.136.29 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAWRENCEBURG, INDIANA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80 		135 pcap raw alerts
ruleset 		http
93 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:19:37:00 WinXP 119.154.70.67 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
[Firefox:63 hits: 01-02 to 10-27] 		258fafe892 [0] ASM:Graph
 PolyEnE| lines=68 trace
19:40:00 Win2K-f 70.69.68.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MAPLE RIDGE, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
US:204.160.104.126:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		irc
http
626 lines 		Yeah : 1.3
profile 		none summary
tarball 		23 of 36
25 of 36
none
none		 188a76e028
[Firefox:11 hits: 10-30 to 11-01]
2738d752a2
[Firefox:10 hits: 10-30 to 11-01]
37a8a3619b
NEW
ddbf0243eb
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:19:40:00 WinXP 70.69.35.137 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MAPLE RIDGE, BRITISH COLUMBIA, CA. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:ntkrnlpa.cn 		445 pcap raw alerts
ruleset 		http
irc
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 10c3e12a46
NEW 		none[none] none:none
 none|none none none
19:43:00 WinXP 89.195.68.116 (-):
ORANGE,
UK. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 fd113df0bb
NEW 		none[none] none:none
 none|none none none
19:58:00 WinXP 123.212.181.118 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		115.126.2.121:65520 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
US:dl2.bundlext.com
US:b156.bundlext.com
IL:mtn6.com-com.ws
US:b157.bundlext.com
US:www.speed-runner.com
115.126.2.121:65520
US:199.93.53.126:80
US:204.160.126.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		irc
http
109 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36
31 of 33
23 of 36
25 of 36
31 of 33
16 of 36		 1616ef5e30
NEW
168aab35a3
[Firefox:179 hits: 06-17 to 10-30]
188a76e028
[Firefox:11 hits: 10-30 to 11-01]
2738d752a2
[Firefox:10 hits: 10-30 to 11-01]
667f0c59f3
[Firefox:30 hits: 07-04 to 10-29]
c5fe54ac0b
NEW 		none[none]
none [4]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 none|none
tElock|
none|none
none|none
none|none
none|none 		none
none
none
none
none
none 		none
trace
none
none
none
none
20:01:00 Win2K-f 190.174.134.117 (-):
. 		n/a :proxim.ircgalaxy.pl
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com 		445 pcap raw alerts
ruleset 		irc
http
78 lines 		Argh : 0.3
profile 		none summary
tarball 		23 of 36
25 of 36		 188a76e028
[Firefox:11 hits: 10-30 to 11-01]
2738d752a2
[Firefox:10 hits: 10-30 to 11-01] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:06:00 Win2K-f 76.195.9.219 (SBCGLOBAL.NET):
PPPOX POOL - RBACK33.SNFC,
SAN FRANCISCO, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:204.160.104.126:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:20:08:00 Win2K-f 202.30.239.12 (-):
HYUNDAI MOTOR SERVICE,
SEOUL, KYONGGI-DO, KR. 		115.126.2.121:65520 US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		irc
http
246 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 36
34 of 36
25 of 36
32 of 36		 188a76e028
[Firefox:11 hits: 10-30 to 11-01]
1fa62445aa
NEW
2738d752a2
[Firefox:10 hits: 10-30 to 11-01]
963d5f92ac
[Firefox: 2 hits: 10-28 to 11-01] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:20:14:00 WinXP 202.150.123.59 (-):
KOL-DIAL,
AUCKLAND, AUCKLAND, NZ. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none 10ffd3dfd1
NEW 		none[none] none:none
 none|none none none
T:20:15:00 WinXP 204.193.223.147 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
SE:coins.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:38 hits: 10-08 to 11-01] 		none[none] none:none
 none|none none none
20:18:00 Win2K-f 204.193.223.147 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 		n/a :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
:do-make-progress.com
:do-progress.com
:do-managed-scan.com
US:do-power-scan.com
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com
115.126.2.121:80 		445 pcap raw alerts
ruleset 		irc
http
129 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 36
25 of 36
none
11 of 36		 188a76e028
[Firefox:11 hits: 10-30 to 11-01]
2738d752a2
[Firefox:10 hits: 10-30 to 11-01]
f5bad3f09c
NEW
fb8f82fcb3
[Firefox:23 hits: 10-24 to 10-28] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:20:25:00 WinXP 64.24.142.179 (USLEC.NET):
USLEC CORP,
IRVING, TEXAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:190 hits: 01-01 to 11-01] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
T:20:32:00 Win2K-f 219.80.132.16 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		115.126.2.121:65520 :proxim.ircgalaxy.pl
:ntkrnlpa.cn
IL:wrsnav.wwlax.com
IL:bugreport.waverevenue.com
US:google.com
IL:xul93.pubdomainstr.com 		445 pcap raw alerts
ruleset 		irc
http
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 36 188a76e028
[Firefox:11 hits: 10-30 to 11-01] 		none[none] none:none
 none|none none none
20:38:00 WinXP 61.193.102.135 (MESH.AD.JP):
NEC CORPORATION,
ATSUGI, KANAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:644 hits: 01-01 to 11-01] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
20:56:00 WinXP 114.48.158.80 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 64d359864b
[Firefox: 4 hits: 10-20 to 10-30] 		none[none] none:none
 none|none none none
21:08:00 Win2K-f 66.153.215.10 (SCCOAST.NET):
HTC - CABLE MODEM POOL,
CONWAY, SOUTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
73f1082158
[Firefox:1810 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
21:26:00 WinXP 12.73.209.195 (ATT.NET):
AT&T WORLDNET SERVICES,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
:wpad
RU:195.200.213.54:80 		445 pcap raw alerts
ruleset 		http
http
http
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 200b38065f
NEW 		none[none] none:none
 none|none none none
21:28:00 Win2K-f 71.148.35.37 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:21:52:00 Win2K-f 71.111.250.2 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.96.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
22:13:00 WinXP 87.246.62.152 (-):
CMTS CLIENTS IN SOFIA,
SOFIA, SOFIYA, BG. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 06a5e31b47
[Firefox: 4 hits: 10-28 to 11-01] 		none[none] none:none
 none|none none none
T:22:14:00 WinXP 61.193.102.135 (MESH.AD.JP):
NEC CORPORATION,
ATSUGI, KANAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:644 hits: 01-01 to 11-01] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
22:24:00 WinXP 68.146.121.215 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.70.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
22 of 36		 1eacab1cc9
[Firefox: 4 hits: 09-28 to 10-22]
d43f7bdb88
[Firefox: 4 hits: 09-28 to 10-22] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
22:44:00 Win2K-f 222.235.225.87 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:198.78.201.126:80
US:205.128.70.126:80 		135 pcap raw alerts
ruleset 		http
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
30 of 32
0 of 32		 4c3df24b32
[Firefox:235 hits: 06-17 to 11-01]
8390780c27
[Firefox:41 hits: 06-18 to 11-01]
b5919931fe
[Firefox:1029 hits: 06-20 to 11-01] 		4c3df24b32 [1]
none [4]
b5919931fe[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
ASProtect| 		lines=81
none
lines=90 		trace
trace
trace
T:22:44:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
57ce4acac2
[Firefox:316 hits: 06-17 to 11-01]
e07c29c4ae
[Firefox:767 hits: 06-19 to 11-01] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
23:05:00 WinXP 125.231.2.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 ca47a36342
[Firefox:31 hits: 02-16 to 11-01] 		c3a58f69c6 [0] ASM:Graph
 PolyEnE| lines=89
embedded dns 		trace
T:23:11:00 WinXP 24.80.178.213 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.70.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32
2 of 32		 607b60ad51
[Firefox:45 hits: 06-20 to 10-31]
e5c7bce70e
[Firefox:43 hits: 06-20 to 10-31] 		none[4]
e5c7bce70e[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:16:00 WinXP 122.30.169.231 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a :proxim.ircgalaxy.pl
115.126.2.121:65520 		445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none fa63532fbe
NEW 		none[none] none:none
 none|none none none
23:30:00 WinXP 4.249.240.63 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GERMANTOWN, MARYLAND, US. (DIAL) 		194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:27 hits: 10-01 to 10-28] 		none[none] none:none
 none|none none none
23:34:00 Win2K-f 65.25.67.94 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CANTON, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:206.33.45.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:34:00 Win2K-f 24.86.141.167 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:206.33.45.125:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3641 hits: 06-17 to 11-01]
a08f3b74a4
[Firefox:1297 hits: 06-18 to 11-01] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:37:00 WinXP 87.57.189.136 (IP.TELE.DK):
TELEDANMARK,
DK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1f00284aa7
[Firefox: 3 hits: 10-13 to 10-20] 		none[none] none:none
 none|none none none
T:23:37:00 WinXP 87.57.189.136 (IP.TELE.DK):
TELEDANMARK,
DK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1f00284aa7
[Firefox: 3 hits: 10-13 to 10-20] 		none[none] none:none
 none|none none none