Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

09 November 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:09:00 WinXP 76.242.8.164 (-):
PPPOX POOL - BRAS1.SNANTX,
DALLAS, TEXAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:00:12:00 WinXP 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
00:13:00 WinXP 117.99.48.110 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 b7ba8daae1
[Firefox:11 hits: 10-15 to 11-04] 		none[none] none:none
 none|none none none
00:15:00 WinXP 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
00:15:00 WinXP 89.218.15.31 (-):
ALMATYTELECOM,
KZ. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1210006e7d
NEW 		none[none] none:none
 none|none none none
T:00:15:00 WinXP 89.218.15.31 (-):
ALMATYTELECOM,
KZ. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1210006e7d
NEW 		none[none] none:none
 none|none none none
T:00:35:00 WinXP 89.195.196.204 (-):
ORANGE,
UK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 f987501929
NEW 		none[none] none:none
 none|none none none
T:00:44:00 WinXP 122.54.252.127 (PLDT.NET):
IPG,
PH. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 ddb3bd55db
[Firefox: 2 hits: 10-29 to 11-01] 		none[none] none:none
 none|none none none
00:44:00 WinXP 122.54.252.127 (PLDT.NET):
IPG,
PH. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
irc
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 ddb3bd55db
[Firefox: 2 hits: 10-29 to 11-01] 		none[none] none:none
 none|none none none
T:00:47:00 WinXP 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.123:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:21:00 WinXP 66.65.73.236 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
01:23:00 WinXP 62.178.10.41 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 e5dab5f4ec
[Firefox:21 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
01:25:00 Win2K-f 218.190.164.55 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 36 d73bdf4a0e
[Firefox:19 hits: 10-27 to 11-07] 		none[none] none:none
 none|none none none
01:25:00 Win2K-f 122.46.43.221 (-):
POWERCOMM,
KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:26:00 WinXP 78.131.117.241 (-):
EMKTV HATVAN DOCSIS,
HU. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 35 d142a982d2
[Firefox:40 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:01:27:00 Win2K-f 116.42.64.88 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
01:27:00 WinXP 124.195.153.195 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:01:29:00 Win2K-f 220.230.146.11 (-):
CJCABLENETJUNGBUSAN4,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 49ccdb35f1
[Firefox: 2 hits: 11-07 to 11-07] 		none[none] none:none
 none|none none none
01:37:00 WinXP 211.189.204.6 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 35 89d021262b
[Firefox:30 hits: 07-29 to 11-07] 		none[none] none:none
 none|none none none
01:39:00 Win2K-f 210.94.98.148 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 36 b3ce57c019
[Firefox:17 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:01:39:00 WinXP 118.86.74.219 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
123 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
0 of 33
34 of 36		 0b951c2832
[Firefox:10 hits: 08-19 to 11-06]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08]
e4ed4df0f0
[Firefox:10 hits: 08-19 to 11-06] 		none[none]
e07c29c4ae[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
FSG|
none|none 		none
lines=92
none 		none
trace
none
01:40:00 Win2K-f 90.63.136.100 (STATIC-IP.OLEANE.FR):
TELECOM,
PARIS, ILE-DE-FRANCE, FR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 35 d142a982d2
[Firefox:40 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:01:42:00 WinXP 119.148.139.194 (-):
. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 3eeb212cb1
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
T:01:44:00 Win2K-f 61.255.171.131 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 35 50649fc087
[Firefox:30 hits: 07-29 to 11-07] 		none[none] none:none
 none|none none none
T:01:44:00 Win2K-f 96.48.149.231 (-):
. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 34 e362f1c062
[Firefox:41 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:01:59:00 Win2K-f 58.236.234.103 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 d1b1ab1740
NEW 		none[none] none:none
 none|none none none
02:01:00 WinXP 89.136.122.242 (-):
ASTRAL,
RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 cd712316e7
[Firefox: 7 hits: 10-26 to 11-07] 		none[none] none:none
 none|none none none
T:02:02:00 WinXP 82.236.54.139 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 818cf9c3cf
NEW 		none[none] none:none
 none|none none none
02:04:00 WinXP 116.233.25.131 (163DATA.COM.CN):
CHINANET SHANGHAI PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 fe92f5afc8
NEW 		none[none] none:none
 none|none none none
T:02:04:00 Win2K-f 118.218.89.100 (-):
. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 36 0be0473a78
NEW 		none[none] none:none
 none|none none none
02:05:00 Win2K-f 221.124.132.29 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 625144cee4
[Firefox:30 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
T:02:07:00 WinXP 218.51.101.47 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 ea39b7911d
[Firefox:28 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:02:14:00 WinXP 210.94.98.148 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		23 of 36 b3ce57c019
[Firefox:17 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
02:17:00 WinXP 123.26.205.132 (-):
VIETNAM POST AND TELECOM CORPORATION,
VN. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 36 895fc368ac
[Firefox: 5 hits: 10-20 to 11-05] 		none[none] none:none
 none|none none none
02:18:00 Win2K-f 218.51.4.7 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 c24cc6acf2
[Firefox: 2 hits: 10-22 to 11-06] 		none[none] none:none
 none|none none none
02:18:00 WinXP 78.96.190.73 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 c3be2ee601
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
T:02:21:00 WinXP 88.107.92.196 (AS9105.COM):
TISCALI UK LTD,
MONTROSE, SCOTLAND, UK. (DSL) 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36 44ea4d3c7c
[Firefox:23 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
02:25:00 Win2K-f 218.173.21.246 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 36 7c2b50c774
[Firefox:48 hits: 08-01 to 11-07] 		none[none] none:none
 none|none none none
T:02:25:00 Win2K-f 218.49.231.230 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668 79.132.211.24:65520 :proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 		139 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 3488f7aa0d
[Firefox: 2 hits: 10-28 to 11-07] 		none[none] none:none
 none|none none none
02:28:00 Win2K-f 78.96.248.76 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 f1a2a263ef
[Firefox: 4 hits: 10-20 to 11-07] 		none[none] none:none
 none|none none none
02:31:00 WinXP 218.171.110.192 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		23 of 36 b3ce57c019
[Firefox:17 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
02:37:00 Win2K-f 125.230.153.159 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 36 d73bdf4a0e
[Firefox:19 hits: 10-27 to 11-07] 		none[none] none:none
 none|none none none
T:02:38:00 Win2K-f 82.235.88.248 (PROXAD.NET):
PROXAD / FREE SAS,
BESANCON, FRANCHE-COMTE, FR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 c9e637a758
NEW 		none[none] none:none
 none|none none none
T:02:41:00 WinXP 133.205.29.187 (MESH.AD.JP):
JAPAN NETWORK INFORMATION CENTER,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:673 hits: 01-01 to 11-08] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:02:42:00 WinXP 210.192.209.189 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 ea39b7911d
[Firefox:28 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:02:51:00 Win2K-f 88.177.181.135 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		63.173.172.98:6668 79.132.211.24:65520 :proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 		139 pcap raw alerts
ruleset 		irc
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
03:04:00 Win2K-f 85.67.51.53 (-):
FIBERNET,
HU. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 ca172c3868
[Firefox:11 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
T:03:05:00 WinXP 116.44.104.85 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 36 015d6caf28
NEW 		none[none] none:none
 none|none none none
T:03:06:00 WinXP 85.66.123.249 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 36 9f2789e818
[Firefox: 3 hits: 11-06 to 11-07] 		none[none] none:none
 none|none none none
03:09:00 Win2K-f 211.236.219.207 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 cc8840e4b7
[Firefox: 8 hits: 10-20 to 11-07] 		none[none] none:none
 none|none none none
T:03:12:00 Win2K-f 218.171.110.192 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6668 79.132.211.24:65520 :proxim.ircgalaxy.pl
US:63.173.172.98:6668
EU:79.132.211.24:65520 		139 pcap raw alerts
ruleset 		irc
7 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
03:14:00 WinXP 4.248.91.242 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SPARTA, NEW JERSEY, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.126.124:80 		135 pcap raw alerts
ruleset 		http
101 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
03:15:00 WinXP 125.224.71.158 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 34 aa268ff3a9
[Firefox:32 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
03:18:00 WinXP 211.176.160.22 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		79.132.211.24:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:204.160.126.124:80
US:205.128.70.126:80
EU:79.132.211.24:65520 		135 pcap raw alerts
ruleset 		irc
126 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
30 of 33		 2e04b06527
[Firefox:18 hits: 06-18 to 11-07]
5c054291de
[Firefox:11 hits: 06-18 to 11-04] 		none[4]
5c054291de[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
T:03:21:00 Win2K-f 211.243.238.147 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 4eed8ad286
NEW 		none[none] none:none
 none|none none none
03:27:00 Win2K-f 123.204.144.228 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 34 c50e298b27
[Firefox:15 hits: 10-26 to 11-07] 		none[none] none:none
 none|none none none
03:27:00 Win2K-f 71.103.208.67 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
SAN BERNARDINO, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:205.128.73.126:80
US:207.123.46.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:03:30:00 WinXP 84.74.12.94 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 42c101571e
[Firefox: 3 hits: 10-30 to 11-03] 		none[none] none:none
 none|none none none
T:03:31:00 WinXP 83.141.201.127 (EVC.NET):
DHCP POOL EVC,
BASEL, BASEL-STADT, CH. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 91f1b28614
NEW 		none[none] none:none
 none|none none none
T:03:36:00 WinXP 213.22.134.23 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
BRAGA, BRAGA, PT. 		79.132.211.24:65520 :proxim.ircgalaxy.pl
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
EU:kitroneza.cn
EU:79.132.211.24:65520 		445 pcap raw alerts
ruleset 		http
irc
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
20 of 36
11 of 36		 7fd7475c63
[Firefox:13 hits: 10-29 to 11-08]
d539776473
NEW
fb8f82fcb3
[Firefox:25 hits: 10-24 to 11-02] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:03:42:00 WinXP 58.70.104.59 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		79.132.211.24:65520 :proxim.ircgalaxy.pl
US:mx1.hotmail.com
BE:ftp.scarlet.be
US:maila.microsoft.com
US:mailin-02.mx.aol.com
US:yutunrz.1dumb.com
US:mailin-04.mx.aol.com
US:ftp.icq.com
US:ftp.newaol.com
US:143.215.15.145:80
BE:193.74.22.160:80
US:64.12.137.89:25
US:64.12.138.57:25
US:65.54.244.8:25
EU:79.132.211.24:65520 		139 pcap raw alerts
ruleset 		ftp
http
irc
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		1 of 36
33 of 36		 1b1e71260a
NEW
702f60fb53
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
03:45:00 Win2K-f 85.67.157.35 (-):
FIBERNET,
HU. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 625144cee4
[Firefox:30 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
03:46:00 Win2K-f 88.165.39.66 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 35 89d021262b
[Firefox:30 hits: 07-29 to 11-07] 		none[none] none:none
 none|none none none
03:53:00 WinXP 89.137.58.116 (UPCNET.RO):
ASTRAL-UPC ROMAN,
RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 35 ddb8dcfe6a
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
03:55:00 WinXP 94.191.141.215 (-):
. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:211 hits: 01-03 to 11-08] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
04:03:00 WinXP 85.186.3.42 (-):
ASTRAL BUZAU CPE,
BUZAU, BUZAU, RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 35 ddb8dcfe6a
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
04:05:00 Win2K-f 60.249.118.241 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
57ce4acac2
[Firefox:331 hits: 06-17 to 11-08] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:10:00 WinXP 119.149.44.64 (-):
. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36 d473e07dae
[Firefox: 2 hits: 10-26 to 10-26] 		none[none] none:none
 none|none none none
04:14:00 WinXP 118.6.180.117 (-):
. 		n/a US:mx1.hotmail.com
US:mailin-01.mx.aol.com
US:ftp.icq.com
US:yutunrz.1dumb.com
US:mailin-02.mx.aol.com
:http.icq.com.edgesuite.net
**:glilepv.1dumb.com
**:mlxvdl.3-a.net
:xfbdspu.dynserv.com
:qbycxpxz.afraid.org
**:gypzmaudtlv.hn.org
US:znvibonyf.yi.org
US:mailin-04.mx.aol.com
BE:ftp.scarlet.be
:wpad
US:mcduii.3-a.net
:jdjsloy.dynserv.com
**:wyqggvow.afraid.org
**:nttstziinpa.hn.org
US:fcnhysydw.yi.org
US:143.215.15.145:80 		445 pcap raw alerts
ruleset 		shell
ftp
http
http
117 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 6b45d20248
NEW 		none[none] none:none
 none|none none none
04:22:00 WinXP 114.200.125.49 (-):
. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		none af222ae6db
[Firefox:30 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:04:22:00 WinXP 218.51.4.7 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 c24cc6acf2
[Firefox: 2 hits: 10-22 to 11-06] 		none[none] none:none
 none|none none none
04:24:00 Win2K-f 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
52 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
[Firefox:331 hits: 06-17 to 11-08] 		57ce4acac2 [1] ASM:Graph
 Armadillo| lines=81 trace
04:31:00 WinXP 87.246.62.152 (-):
CMTS CLIENTS IN SOFIA,
SOFIA, SOFIYA, BG. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 06a5e31b47
[Firefox: 6 hits: 10-28 to 11-02] 		none[none] none:none
 none|none none none
04:33:00 WinXP 219.66.34.33 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
JP. (DIAL) 		n/a US:mx1.hotmail.com
US:mailin-02.mx.aol.com
US:ftp.newaol.com
US:mailin-01.mx.aol.com
US:yutunrz.1dumb.com
BE:ftp.scarlet.be
US:neytteybbo.3-a.net
:fzzdik.dynserv.com
:pkvgzaecagx.afraid.org
**:yraqztt.hn.org
US:kpxvrvdefs.yi.org
US:ftp.icq.com
US:mailin-03.mx.aol.com
:http.icq.com.edgesuite.net
**:glilepv.1dumb.com
**:mlxvdl.3-a.net
:xfbdspu.dynserv.com
:qbycxpxz.afraid.org
**:gypzmaudtlv.hn.org
US:znvibonyf.yi.org
US:wbghid.1dumb.com
US:eniaaknrxb.3-a.net
:swywlq.dynserv.com
:sbjuixfbjvk.afraid.org
**:eqnjjsw.hn.org
US:143.215.15.145:80
US:64.12.139.249:25
US:64.12.204.18:80 		445 pcap raw alerts
ruleset 		http
http
http
108 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
04:39:00 WinXP 118.12.232.192 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:673 hits: 01-01 to 11-08] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
04:42:00 WinXP 81.173.135.243 (NETCOLOGNE.DE):
DYNAMIC CABLE MODEM IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 d526bf5a3f
[Firefox: 4 hits: 10-12 to 11-03] 		none[none] none:none
 none|none none none
T:04:45:00 Win2K-f 203.91.191.138 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.96.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:45:00 Win2K-f 218.191.197.75 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 c3be2ee601
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
04:50:00 Win2K-f 218.190.86.220 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none af222ae6db
[Firefox:30 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:04:58:00 WinXP 41.210.223.169 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 10c3e12a46
[Firefox:14 hits: 11-01 to 11-08] 		none[none] none:none
 none|none none none
T:05:00:00 WinXP 118.98.162.147 (-):
. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 18f43a10de
NEW 		none[none] none:none
 none|none none none
05:08:00 WinXP 211.108.108.88 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 07595c57c6
[Firefox: 2 hits: 11-06 to 11-07] 		none[none] none:none
 none|none none none
05:10:00 Win2K-f 119.148.140.52 (-):
. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 3eeb212cb1
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
T:05:14:00 Win2K-f 218.190.86.220 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none af222ae6db
[Firefox:30 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:05:16:00 WinXP 88.172.105.199 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 36 d73bdf4a0e
[Firefox:19 hits: 10-27 to 11-07] 		none[none] none:none
 none|none none none
05:16:00 WinXP 86.99.204.219 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b81df3157e
[Firefox: 4 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
05:22:00 WinXP 190.174.143.47 (-):
. 		n/a US:yutunrz.1dumb.com
US:ftp.newaol.com
US:mcduii.3-a.net
US:mx1.hotmail.com
US:mailin-04.mx.aol.com
US:mailin-03.mx.aol.com
BE:ftp.scarlet.be
:jdjsloy.dynserv.com
**:wyqggvow.afraid.org
**:nttstziinpa.hn.org
US:fcnhysydw.yi.org
US:ftp.icq.com
US:dlivmg.1dumb.com
US:neytteybbo.3-a.net
:fzzdik.dynserv.com
:pkvgzaecagx.afraid.org
**:yraqztt.hn.org
US:kpxvrvdefs.yi.org
US:143.215.15.145:80
US:205.188.105.50:80
US:64.12.138.153:25 		445 pcap raw alerts
ruleset 		http
http
http
153 lines 		Yeah : 0.8
profile 		none summary
tarball 		1 of 36 56df3f31dd
NEW 		none[none] none:none
 none|none none none
T:05:24:00 Win2K-f 83.103.164.210 (-):
ASTRAL-ALBA-DOCSIS,
RO. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 34 e362f1c062
[Firefox:41 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
05:25:00 Win2K-f 210.192.209.189 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 36 ea39b7911d
[Firefox:28 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:05:32:00 Win2K-f 58.127.246.113 (HANANET.NET):
HANARO TELECOM INC,
KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 35 7377a34aeb
[Firefox:22 hits: 07-27 to 11-07] 		none[none] none:none
 none|none none none
T:05:33:00 WinXP 79.163.239.158 (-):
IDEA,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:26 hits: 10-21 to 11-08] 		none[none] none:none
 none|none none none
T:05:39:00 WinXP 186.12.79.217 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 d4eed7b000
[Firefox: 6 hits: 11-03 to 11-07] 		none[none] none:none
 none|none none none
05:44:00 WinXP 203.70.240.233 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a RU:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 5ce420b160
NEW 		none[none] none:none
 none|none none none
05:49:00 WinXP 83.114.148.142 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 a7422033a1
[Firefox: 4 hits: 11-06 to 11-07] 		none[none] none:none
 none|none none none
05:50:00 Win2K-f 24.195.234.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:205.128.70.126:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
06:02:00 WinXP 89.122.56.136 (PLATINUMGROUP.RO):
ARTELECOM,
RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 35 ac25ac39b4
[Firefox:15 hits: 10-21 to 11-07] 		none[none] none:none
 none|none none none
06:03:00 Win2K-f 61.216.249.197 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 34 e362f1c062
[Firefox:41 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:06:05:00 WinXP 77.37.195.203 (NCNET.RU):
NCN-INFRA,
RU. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 f3f1ed8b36
[Firefox:15 hits: 11-02 to 11-08] 		none[none] none:none
 none|none none none
T:06:11:00 WinXP 69.85.106.129 (ELLIJAY.COM):
ELLIJAY COMMUNITY TELEVISION,
BLUE RIDGE, GEORGIA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
06:13:00 WinXP 83.143.146.100 (ATRAKCION.COM):
ORLANDONET OOD,
BG. 		63.173.172.98:6667 :jdjsloy.dynserv.com
**:wyqggvow.afraid.org
**:nttstziinpa.hn.org
US:fcnhysydw.yi.org
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
http
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 34 aa268ff3a9
[Firefox:32 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
T:06:16:00 WinXP 83.88.236.178 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
VEDBAEK, COPENHAGEN, DK. (DSL) 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f5ab9763ea
[Firefox:19 hits: 10-03 to 11-08] 		none[none] none:none
 none|none none none
06:25:00 WinXP 82.130.162.122 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
SAN SEBASTIAN, PAIS VASCO, ES. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7fbce82b57
NEW 		none[none] none:none
 none|none none none
T:06:26:00 WinXP 117.99.54.23 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:61 hits: 10-08 to 11-08] 		none[none] none:none
 none|none none none
T:06:32:00 WinXP 115.83.197.149 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
EU:79.132.211.24:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 5286fbe290
NEW 		none[none] none:none
 none|none none none
T:06:33:00 Win2K-f 123.19.154.130 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 7b5895e921
NEW 		none[none] none:none
 none|none none none
T:06:36:00 Win2K-f 78.97.215.18 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 36 76b7a2a0ad
[Firefox: 6 hits: 11-05 to 11-07] 		none[none] none:none
 none|none none none
T:06:37:00 WinXP 114.201.118.253 (-):
. 		79.132.211.24:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80
US:205.128.70.126:80 		135 pcap raw alerts
ruleset 		irc
145 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
30 of 33		 69be040d0b
[Firefox: 8 hits: 06-21 to 11-08]
81bbbeac34
[Firefox: 8 hits: 06-21 to 11-08] 		none[4]
81bbbeac34[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
06:46:00 WinXP 58.235.3.9 (-):
THRUNET-INFRA-BUSAN15,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 35 50649fc087
[Firefox:30 hits: 07-29 to 11-07] 		none[none] none:none
 none|none none none
06:49:00 WinXP 211.207.90.182 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 99797e2b75
[Firefox:18 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
T:07:04:00 WinXP 85.176.113.199 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:122 hits: 01-14 to 11-04] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
07:05:00 WinXP 58.233.231.123 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 36 812025bc54
[Firefox: 9 hits: 10-29 to 11-07] 		none[none] none:none
 none|none none none
07:15:00 WinXP 79.163.162.4 (-):
IDEA,
PL. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:26 hits: 10-21 to 11-08] 		none[none] none:none
 none|none none none
T:07:15:00 WinXP 79.163.162.4 (-):
IDEA,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:26 hits: 10-21 to 11-08] 		none[none] none:none
 none|none none none
T:07:21:00 Win2K-f 89.137.183.238 (-):
ASTRAL PLOIESTI DOCSIS NETWORK,
PLOIESTI, PRAHOVA, RO. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 36 d17330db37
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
07:22:00 WinXP 118.232.105.229 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:848 hits: 12-31 to 11-08] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
07:29:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:07:38:00 WinXP 61.20.163.228 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1c43aab97a
NEW 		none[none] none:none
 none|none none none
T:07:49:00 WinXP 83.29.96.80 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. (DSL) 		n/a :proxima.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 c392067a90
[Firefox:10 hits: 10-06 to 11-04] 		none[none] none:none
 none|none none none
07:50:00 WinXP 218.219.235.103 (ASAHI-NET.OR.JP):
ASAHI-NET-CIDR-BLK,
JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
07:55:00 Win2K-f 219.251.133.223 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 0fb74a16d5
[Firefox: 3 hits: 11-05 to 11-07] 		none[none] none:none
 none|none none none
T:08:01:00 Win2K-f 78.155.199.132 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 e5dab5f4ec
[Firefox:21 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
08:04:00 WinXP 85.186.1.113 (ASTRAL.RO):
ASTRAL CLUJ-NAPOCA DOCSIS,
CLUJ-NAPOCA, CLUJ, RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 a7422033a1
[Firefox: 4 hits: 11-06 to 11-07] 		none[none] none:none
 none|none none none
08:12:00 WinXP 4.244.216.139 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
US:208.73.210.121:80
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 32 ffb12a6699
NEW 		none[4] none:none
 ASPack| none trace
08:18:00 Win2K-f 61.253.207.34 (KRLINE.NET):
KRNIC,
KR. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 b27fcff98f
NEW 		none[none] none:none
 none|none none none
08:19:00 WinXP 87.61.170.183 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. 		n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
US:master-x.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:310 hits: 01-01 to 11-08] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
08:24:00 Win2K-f 90.155.167.227 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   139 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 36 fff0859c2b
NEW 		none[none] none:none
 none|none none none
T:08:32:00 WinXP 63.22.201.151 (UU.NET):
UUNET TECHNOLOGIES INC,
DALLAS, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		http
166 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
b7082104e4
[Firefox:259 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
none [4]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 tElock|
tElock|
FSG| 		none
none
lines=92 		trace
trace
trace
08:38:00 WinXP 78.155.199.132 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 e5dab5f4ec
[Firefox:21 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
08:40:00 WinXP 83.97.172.216 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 bf9f26628c
[Firefox:11 hits: 10-11 to 11-08] 		none[none] none:none
 none|none none none
T:08:40:00 WinXP 83.97.172.216 (CM-83-97-128-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 bf9f26628c
[Firefox:11 hits: 10-11 to 11-08] 		none[none] none:none
 none|none none none
T:08:44:00 WinXP 220.230.146.44 (-):
CJCABLENETJUNGBUSAN4,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6668 :proxim.ircgalaxy.pl
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 de3634287a
NEW 		none[none] none:none
 none|none none none
08:45:00 WinXP 89.136.32.178 (UPCNET.RO):
ASTRAL UPC TIMISOARA,
TIMISOARA, TIMIS, RO. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 35 ddb8dcfe6a
[Firefox:10 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
T:09:10:00 WinXP 117.99.10.71 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b81df3157e
[Firefox: 4 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
T:09:11:00 WinXP 117.99.24.59 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b1c85cee4b
[Firefox:18 hits: 10-27 to 11-08] 		none[none] none:none
 none|none none none
09:35:00 Win2K-f 125.230.153.159 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 36 d73bdf4a0e
[Firefox:19 hits: 10-27 to 11-07] 		none[none] none:none
 none|none none none
09:42:00 Win2K-f 211.178.109.118 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 35 89d021262b
[Firefox:30 hits: 07-29 to 11-07] 		none[none] none:none
 none|none none none
T:10:03:00 WinXP 4.253.130.21 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 5c7a2bd95a
NEW 		none[none] none:none
 none|none none none
T:10:04:00 WinXP 170.51.198.42 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a RU:moscow-advokat.ru
SE:broadway.ny.us.dal.net
:lulea.se.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:61 hits: 10-08 to 11-08] 		none[none] none:none
 none|none none none
10:13:00 WinXP 193.248.252.69 (STATIC-IP.OLEANE.FR):
TELECOM,
PARIS, ILE-DE-FRANCE, FR. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:310 hits: 01-01 to 11-08] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
T:10:19:00 WinXP 85.138.20.137 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 0d7e34e329
NEW 		none[none] none:none
 none|none none none
10:27:00 WinXP 133.205.29.187 (MESH.AD.JP):
JAPAN NETWORK INFORMATION CENTER,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:673 hits: 01-01 to 11-08] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
10:57:00 WinXP 80.164.27.247 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
NøRRE ALSLEV, STORSTROM, DK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:58:00 WinXP 93.149.108.87 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 96d089e522
[Firefox:61 hits: 10-08 to 11-08] 		none[none] none:none
 none|none none none
11:11:00 Win2K-f 24.87.167.224 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:205.128.73.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:21:00 WinXP 196.208.94.92 (TELKOM-IPNET.CO.ZA):
AFRINIC,
CAPE TOWN, WESTERN CAPE, ZA. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
57ce4acac2
[Firefox:331 hits: 06-17 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
57ce4acac2[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
11:24:00 WinXP 78.154.69.18 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 b16f9a7765
NEW 		none[none] none:none
 none|none none none
T:11:33:00 WinXP 83.213.126.219 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
BILBAO, PAIS VASCO, ES. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 b27d73bfcb
[Firefox:39 hits: 10-10 to 11-08] 		none[none] none:none
 none|none none none
T:11:34:00 Win2K-f 85.67.51.53 (-):
FIBERNET,
HU. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 36 ca172c3868
[Firefox:11 hits: 10-22 to 11-07] 		none[none] none:none
 none|none none none
11:36:00 WinXP 76.94.69.185 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:526 hits: 12-31 to 11-08] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
11:47:00 WinXP 98.174.80.235 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:205.128.70.126:80
US:207.123.37.124:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:11:48:00 WinXP 89.32.216.161 (-):
SC MONDO-BYTE SRL,
IASI, IASI, RO. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 93a84a5dba
[Firefox: 7 hits: 10-26 to 11-08] 		none[none] none:none
 none|none none none
11:55:00 Win2K-f 78.154.135.154 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 35 3f4f3c33fe
[Firefox: 4 hits: 10-28 to 11-06] 		none[none] none:none
 none|none none none
T:12:00:00 Win2K-f 4.168.186.28 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
YUCAIPA, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
12:04:00 Win2K-f 88.172.105.199 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 36 d73bdf4a0e
[Firefox:19 hits: 10-27 to 11-07] 		none[none] none:none
 none|none none none
12:08:00 WinXP 83.132.169.112 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:526 hits: 12-31 to 11-08] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
12:12:00 WinXP 81.173.135.100 (NETCOLOGNE.DE):
DYNAMIC CABLE MODEM IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 f3f1ed8b36
[Firefox:15 hits: 11-02 to 11-08] 		none[none] none:none
 none|none none none
T:12:15:00 WinXP 217.203.201.9 (-):
TELECOM ITALIA MOBILE,
IT. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f17f896658
[Firefox: 5 hits: 10-26 to 11-08] 		none[none] none:none
 none|none none none
T:12:17:00 WinXP 89.195.135.114 (-):
ORANGE,
UK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 f784258f02
NEW 		none[none] none:none
 none|none none none
T:12:24:00 WinXP 70.71.250.130 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:12:33:00 WinXP 82.225.194.97 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		34 of 35 75347e3aaf
[Firefox:14 hits: 10-11 to 10-29] 		none[none] none:none
 none|none none none
12:42:00 WinXP 66.103.120.85 (CTSIOK.NET):
CHICKASAW TELECOMMUNICATIONS SERVICES INC,
STILLWATER, OKLAHOMA, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 289d74b4ce
[Firefox: 8 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
12:47:00 WinXP 87.58.213.234 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b1c85cee4b
[Firefox:18 hits: 10-27 to 11-08] 		none[none] none:none
 none|none none none
T:12:52:00 WinXP 195.218.16.186 (CATV.INTERNET.LU):
LUXEMBOURG ONLINE S.A,
LUXEMBOURG, LUXEMBOURG, LU. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 3b8b96d0db
NEW 		none[none] none:none
 none|none none none
12:52:00 WinXP 195.218.16.186 (CATV.INTERNET.LU):
LUXEMBOURG ONLINE S.A,
LUXEMBOURG, LUXEMBOURG, LU. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 3b8b96d0db
NEW 		none[none] none:none
 none|none none none
12:55:00 WinXP 217.201.174.229 (-):
TELECOM ITALIA MOBILE,
IT. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 ae9eb80be2
NEW 		none[none] none:none
 none|none none none
T:12:57:00 WinXP 88.166.218.62 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 36 a1c572df66
NEW 		none[none] none:none
 none|none none none
T:13:01:00 WinXP 212.152.112.85 (-):
TIM HELLAS TELECOMMUNICATIONS S.A,
GR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 aca599a27d
NEW 		none[none] none:none
 none|none none none
13:02:00 Win2K-f 98.140.249.72 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
13:04:00 Win2K-f 71.105.141.65 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
HESPERIA, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
13:06:00 WinXP 85.138.215.216 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
ALMADA, SETUBAL, PT. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 15093b4cc0
NEW 		none[none] none:none
 none|none none none
T:13:08:00 WinXP 79.163.186.135 (-):
IDEA,
PL. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 6b3beaea1a
[Firefox:26 hits: 10-21 to 11-08] 		none[none] none:none
 none|none none none
T:13:13:00 WinXP 189.97.193.100 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 a6e58c7ec1
NEW 		none[none] none:none
 none|none none none
T:13:26:00 Win2K-f 130.13.219.250 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   135 pcap raw alerts
ruleset 		other
998 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 36
34 of 36		 3ea21e8330
NEW
b298808e11
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:13:33:00 WinXP 88.161.53.127 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a UA:citi-bank.ru
:makemegood24.com
:63aaa.makemegood24.com
:aaakemegood24.com
:perfectchoice1.com
:63c50.perfectchoice1.com
**:bparfectchoice1.com
DE:cash-ddt.net
DE:69349.cash-ddt.net
:ccaah-ddt.net
:ddr-cash.net
:7394d.ddr-cash.net
**:dddracash.net
:trn-cash.net
:7461f.trn-cash.net
**:etrn-aash.net
:money-frn.net
:752f0.money-frn.net
**:fmoneyafrn.net
:clr-cash.net
:75fd1.clr-cash.net
**:galr-cash.net
:xxxl-cash.net
:76d1f.xxxl-cash.net
**:hxaxl-cash.net
:www.kjwre77638dfqwieuoi.info
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 36 0e5f51ee8e
[Firefox:22 hits: 10-11 to 11-08] 		none[none] none:none
 none|none none none
T:13:45:00 WinXP 90.63.136.100 (STATIC-IP.OLEANE.FR):
TELECOM,
PARIS, ILE-DE-FRANCE, FR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 35 d142a982d2
[Firefox:40 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
13:50:00 WinXP 75.138.113.63 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:34 hits: 10-01 to 11-08] 		none[none] none:none
 none|none none none
T:13:51:00 WinXP 75.138.113.63 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 7e8bfa9b49
[Firefox:34 hits: 10-01 to 11-08] 		none[none] none:none
 none|none none none
13:51:00 WinXP 64.53.89.23 (COMPORIUM.NET):
ROCK HILL TELEPHONE COMPANY,
ROCK HILL, SOUTH CAROLINA, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:52:00 WinXP 90.137.144.133 (SWIP.NET):
SWIPNET,
SE. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
:washington.dc.us.undernet.org
NL:diemen.nl.eu.undernet.org
:flanders.be.eu.undernet.org
NL:london.uk.eu.undernet.org
SE:vancouver.dal.net
SE:ced.dal.net
:caen.fr.eu.undernet.org
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 5eda0ddcb7
[Firefox: 4 hits: 11-07 to 11-08] 		none[none] none:none
 none|none none none
13:56:00 WinXP 82.239.168.99 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 f3f1ed8b36
[Firefox:15 hits: 11-02 to 11-08] 		none[none] none:none
 none|none none none
T:13:56:00 WinXP 82.239.168.99 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 f3f1ed8b36
[Firefox:15 hits: 11-02 to 11-08] 		none[none] none:none
 none|none none none
13:58:00 WinXP 24.88.107.49 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
14:05:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.73.126:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
14:11:00 WinXP 41.214.172.178 (-):
. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 b52d214d08
[Firefox:49 hits: 10-05 to 11-08] 		none[none] none:none
 none|none none none
14:19:00 WinXP 64.130.98.88 (ANDYCABLE.COM):
TV CABLE COMPANY OF ANDALUSIA INC,
KENNER, LOUISIANA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
14:20:00 WinXP 63.28.139.224 (UU.NET):
UUNET TECHNOLOGIES INC,
CHARLOTTESVILLE, VIRGINIA, US. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
14:22:00 WinXP 78.156.219.212 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:848 hits: 12-31 to 11-08] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:14:22:00 WinXP 62.215.41.221 (-):
FAST TELCO INFRA STRUCTURE WEB ACCESS USERS,
KUWAIT, AL KUWAYT, KW. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 2e09ccc0c3
NEW 		none[none] none:none
 none|none none none
T:14:29:00 WinXP 83.191.129.29 (SWIP.NET):
SWIPNET,
SE. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 5ccd948a20
[Firefox: 3 hits: 10-30 to 11-06] 		none[none] none:none
 none|none none none
14:40:00 WinXP 189.67.60.183 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
14:48:00 WinXP 82.226.87.31 (PROXAD.NET):
PROXAD / FREE SAS,
VINCENNES, ILE-DE-FRANCE, FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 f32b37da28
NEW 		none[none] none:none
 none|none none none
T:15:02:00 WinXP 79.18.232.226 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 632e315db2
[Firefox:38 hits: 10-03 to 11-08] 		none[none] none:none
 none|none none none
15:04:00 WinXP 24.30.171.29 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.124:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:08:00 WinXP 206.188.64.69 (CIA.COM):
CYBERSURF INC,
TORONTO, ONTARIO, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:21:00 Win2K-f 211.247.189.46 (-):
DREAMX-CATV-JUNGBUSANCABLE6,
KR. 		63.173.172.98:6668 :proxim.ircgalaxy.pl
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 75b372822f
[Firefox: 4 hits: 10-28 to 11-07] 		none[none] none:none
 none|none none none
15:36:00 Win2K-f 65.23.190.61 (DRTEL.NET):
DICKEY RURAL NETWORKS,
ELLENDALE, NORTH DAKOTA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.222.126:80 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
b7082104e4
[Firefox:259 hits: 06-18 to 11-08] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
T:15:39:00 Win2K-f 78.97.215.18 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 36 76b7a2a0ad
[Firefox: 6 hits: 11-05 to 11-07] 		none[none] none:none
 none|none none none
T:15:43:00 WinXP 211.109.96.220 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
KUNSAN, CHOLLA-BUKTO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
98 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
29 of 32
0 of 33		 168aab35a3
[Firefox:186 hits: 06-17 to 11-08]
61426996c3
[Firefox:18 hits: 06-20 to 11-03]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
61426996c3[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=82
lines=92 		trace
trace
trace
T:16:16:00 WinXP 123.111.141.43 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
125 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 0c3d1ec2df
[Firefox:12 hits: 08-11 to 10-21]
8de905030e
[Firefox:12 hits: 08-11 to 10-21] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
16:16:00 WinXP 123.19.154.130 (-):
VIETNAM TELECOM NATIONAL (VTN),
VN. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 7b5895e921
NEW 		none[none] none:none
 none|none none none
T:16:20:00 WinXP 60.249.218.39 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
16:22:00 WinXP 75.34.188.209 (SBCGLOBAL.NET):
PPPOX POOL - RBACK19.CHCGIL,
CHICAGO, ILLINOIS, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:195 hits: 01-08 to 11-07] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:16:30:00 WinXP 83.248.127.121 (COMHEM.SE):
COM HEM CUSTOMER BROADBAND ACCESS,
SE. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 35 e50d19ea22
[Firefox: 5 hits: 10-21 to 11-08] 		none[none] none:none
 none|none none none
16:43:00 WinXP 116.59.49.205 (-):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 533435553d
NEW 		none[none] none:none
 none|none none none
T:16:43:00 WinXP 213.22.73.23 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 0d7e34e329
NEW 		none[none] none:none
 none|none none none
16:47:00 WinXP 186.9.10.43 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1e3cef226f
[Firefox: 7 hits: 11-04 to 11-08] 		none[none] none:none
 none|none none none
T:16:47:00 WinXP 186.9.10.43 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1e3cef226f
[Firefox: 7 hits: 11-04 to 11-08] 		none[none] none:none
 none|none none none
16:56:00 Win2K-f 99.243.132.236 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
PICKERING, ONTARIO, CA. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
16:59:00 WinXP 62.46.113.253 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:195 hits: 01-08 to 11-07] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:17:02:00 WinXP 64.24.142.200 (USLEC.NET):
USLEC CORP,
IRVING, TEXAS, US. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:195 hits: 01-01 to 11-08] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
17:06:00 Win2K-f 96.51.28.41 (-):
. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:204.160.104.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
192 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 32
34 of 36		 b455f223d6
[Firefox: 7 hits: 06-20 to 11-05]
f6a98dbff3
NEW 		b455f223d6 [1]
none [none] 		ASM:Graph
none:none
 Armadillo|
none|none 		lines=81
none 		trace
none
T:17:12:00 WinXP 66.217.240.153 (USLEC.NET):
USLEC CORP,
LEEDS, ALABAMA, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
EU:ebookfinaltrash.ru
US:spi.domainsponsor.com
:wpad
:www.proxy-socks.net
US:208.73.210.121:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
http
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:616 hits: 01-01 to 11-06] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:17:19:00 WinXP 70.44.43.233 (PTD.NET):
PENTELEDATA INC. - CABLE,
DINGMANS FERRY, PENNSYLVANIA, US. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 bfc27a259b
NEW 		none[none] none:none
 none|none none none
T:17:25:00 WinXP 190.188.130.215 (NET.AR):
PRIMA S.A,
AR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 31a5a51653
NEW 		none[none] none:none
 none|none none none
T:17:28:00 WinXP 200.225.171.103 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:33:00 WinXP 4.88.59.146 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MT. PLEASANT, SOUTH CAROLINA, US. (DIAL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:616 hits: 01-01 to 11-06] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
17:46:00 WinXP 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
39 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08] 		none[4] none:none
 tElock| none trace
T:17:56:00 WinXP 208.234.50.94 (ARIN.NET):
CENTENNIAL DE PUERTO RICO,
PR. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 03f64bb952
NEW 		none[none] none:none
 none|none none none
T:18:01:00 WinXP 212.27.28.45 (-):
MLIFENET,
RU. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 10c3e12a46
[Firefox:14 hits: 11-01 to 11-08] 		none[none] none:none
 none|none none none
18:09:00 WinXP 210.4.124.5 (-):
COMCLARK,
ROXAS, CAPIZ, PH. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b81df3157e
[Firefox: 4 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
T:18:09:00 WinXP 210.4.124.5 (-):
COMCLARK,
ROXAS, CAPIZ, PH. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 b81df3157e
[Firefox: 4 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
18:14:00 WinXP 67.216.115.1 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:26:00 WinXP 76.250.194.245 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:526 hits: 12-31 to 11-08] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
18:27:00 WinXP 99.170.21.97 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:198.78.201.126:80
US:207.123.37.123:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:37:00 WinXP 200.222.128.140 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:18:42:00 WinXP 190.208.121.79 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 2d815d2be3
[Firefox: 5 hits: 09-25 to 10-31] 		none[none] none:none
 none|none none none
18:51:00 Win2K-f 67.80.130.58 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
CLIFTON, NEW JERSEY, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:18:53:00 WinXP 218.50.139.217 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:204.160.104.126:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		1 of 33
32 of 33		 ce46f7ab87
[Firefox: 3 hits: 07-02 to 07-14]
d7dc1e3bea
[Firefox: 3 hits: 07-02 to 07-14] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:18:55:00 Win2K-f 64.21.224.55 (GONDTC.COM):
GONDTC.COM,
HARVEY, NORTH DAKOTA, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
18:56:00 Win2K-f 123.26.205.132 (-):
VIETNAM POST AND TELECOM CORPORATION,
VN. 		63.173.172.98:6668  
US:63.173.172.98:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 36 895fc368ac
[Firefox: 5 hits: 10-20 to 11-05] 		none[none] none:none
 none|none none none
T:19:06:00 WinXP 114.48.154.255 (-):
. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 6e2c86ceb0
NEW 		none[none] none:none
 none|none none none
T:19:11:00 Win2K-f 211.243.115.60 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 e5dab5f4ec
[Firefox:21 hits: 09-26 to 11-07] 		none[none] none:none
 none|none none none
T:19:26:00 Win2K-f 61.188.219.136 (163DATA.COM.CN):
CHINANET SICHUAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
19:30:00 WinXP 222.1.235.123 (DION.NE.JP):
DION (KDDI CORPORATION),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:538 hits: 01-05 to 11-08] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:19:31:00 WinXP 70.79.182.62 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 63aff91e9b
NEW 		none[none] none:none
 none|none none none
19:36:00 Win2K-f 70.67.255.162 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
191 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36
0 of 32
34 of 36		 37a8a3619b
NEW
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08]
ddbf0243eb
NEW 		none[none]
b5919931fe[1]
none [none] 		none:none
ASM:Graph
none:none
 none|none
ASProtect|
none|none 		none
lines=90
none 		none
trace
none
T:19:40:00 WinXP 219.251.196.29 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
[Firefox:41 hits: 06-21 to 11-07]
58c343a8d8
[Firefox:45 hits: 06-21 to 11-07] 		none[4]
58c343a8d8[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=82 		trace
trace
19:40:00 WinXP 4.179.50.200 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SEATTLE, WASHINGTON, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
103 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
19:48:00 Win2K-f 68.74.67.145 (-):
PPPOX POOL - EMHRIL RBACK,
CHICAGO, ILLINOIS, US. (100Mbps) 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:13:00 WinXP 86.136.83.192 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:24:00 Win2K-f 115.83.123.163 (-):
. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:205.128.70.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
234 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
32 of 36		 cc91fb83d8
NEW
d224be6e3b
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
20:25:00 Win2K-f 70.168.15.160 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:20:35:00 WinXP 122.133.86.101 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:caen.fr.eu.undernet.org
:brussels.be.eu.undernet.org
SE:ozbytes.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:848 hits: 12-31 to 11-08] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
20:55:00 Win2K-f 210.233.210.146 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
90 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 3ed16ae12d
[Firefox:32 hits: 06-19 to 11-05]
79c01ec060
[Firefox:75 hits: 06-18 to 11-05] 		3ed16ae12d [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
20:56:00 WinXP 121.73.39.56 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:192.221.96.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
352 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 7f89b38665
[Firefox:35 hits: 08-02 to 11-08]
a51a50404e
[Firefox:35 hits: 08-02 to 11-08] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:21:08:00 WinXP 89.195.192.146 (-):
ORANGE,
UK. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 fd113df0bb
[Firefox: 3 hits: 10-25 to 11-06] 		none[none] none:none
 none|none none none
21:08:00 WinXP 89.195.192.146 (-):
ORANGE,
UK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 fd113df0bb
[Firefox: 3 hits: 10-25 to 11-06] 		none[none] none:none
 none|none none none
21:09:00 WinXP 38.107.206.48 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 a4654e9d62
[Firefox: 3 hits: 10-28 to 10-29] 		none[none] none:none
 none|none none none
T:21:09:00 WinXP 38.107.206.48 (COGENTCO.COM):
PERFORMANCE SYSTEMS INTERNATIONAL INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 a4654e9d62
[Firefox: 3 hits: 10-28 to 10-29] 		none[none] none:none
 none|none none none
21:17:00 Win2K-f 207.5.219.107 (METROCAST.NET):
GREAT WORKS INTERNET,
ROCHESTER, NEW HAMPSHIRE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.123:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
21:50:00 WinXP 66.166.166.58 (COVAD.NET):
COVAD COMMUNICATIONS CO,
WASHINGTON, DISTRICT OF COLUMBIA, US. 		63.173.172.98:6667  
US:63.173.172.98:6667 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 94156f67b0
[Firefox:26 hits: 08-15 to 11-07] 		none[none] none:none
 none|none none none
21:51:00 WinXP 210.4.124.193 (-):
COMCLARK,
ROXAS, CAPIZ, PH. 		194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 b81df3157e
[Firefox: 4 hits: 11-03 to 11-08] 		none[none] none:none
 none|none none none
22:11:00 Win2K-f 70.183.63.227 (COX.NET):
COX COMMUNICATIONS INC,
NEWPORT BEACH, CALIFORNIA, US. 		n/a CN:imb.f6hbr.in
CN:124.207.41.198:5900 		135 pcap raw alerts
ruleset 		other
199 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 d732dd0b4d
[Firefox: 2 hits: 11-05 to 11-08] 		none[none] none:none
 none|none none none
22:13:00 WinXP 72.174.101.236 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. 		n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 15093b4cc0
NEW 		none[none] none:none
 none|none none none
T:22:23:00 WinXP 98.175.173.35 (-):
. 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
e07c29c4ae
[Firefox:815 hits: 06-19 to 11-08] 		none[4]
a08f3b74a4[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
22:35:00 WinXP 115.83.89.221 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 b1c85cee4b
[Firefox:18 hits: 10-27 to 11-08] 		none[none] none:none
 none|none none none
22:42:00 WinXP 82.67.252.160 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		33 of 36 48b9f498e7
NEW 		none[none] none:none
 none|none none none
22:44:00 Win2K-f 4.174.230.215 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BERWICK, PENNSYLVANIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.37.125:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
203 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:22:50:00 WinXP 121.84.172.228 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 1bfebad740
[Firefox: 4 hits: 10-29 to 11-02] 		none[none] none:none
 none|none none none
22:58:00 WinXP 60.250.247.204 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.73.126:80
US:207.123.37.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
57ce4acac2
[Firefox:331 hits: 06-17 to 11-08] 		none[4]
57ce4acac2[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:04:00 WinXP 122.146.80.5 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:207.123.42.126:80
US:207.123.47.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
73f1082158
[Firefox:1901 hits: 06-18 to 11-08] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:11:00 Win2K-f 121.254.82.22 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
TW. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
78 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:3818 hits: 06-17 to 11-08]
a08f3b74a4
[Firefox:1364 hits: 06-18 to 11-08]
b5919931fe
[Firefox:1096 hits: 06-20 to 11-08] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:23:24:00 WinXP 117.99.58.194 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:23:27:00 WinXP 218.162.177.59 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:1476 hits: 12-31 to 11-08] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
23:29:00 WinXP 60.249.218.39 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:48:00 WinXP 201.69.83.241 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1e3cef226f
[Firefox: 7 hits: 11-04 to 11-08] 		none[none] none:none
 none|none none none
T:23:53:00 WinXP 92.96.88.201 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 1e3cef226f
[Firefox: 7 hits: 11-04 to 11-08] 		none[none] none:none
 none|none none none
23:59:00 Win2K-f 122.146.241.229 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
269 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33
31 of 33		 dd98c3c108
[Firefox:12 hits: 06-24 to 11-03]
e98746deb1
[Firefox:11 hits: 06-24 to 11-03] 		dd98c3c108 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=82
none 		trace
trace