Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:06:00 WinXP 118.236.158.69 (-):
. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

00:09:00 WinXP 116.42.55.50 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 36 9a762ae96e
NEW none[none] none:none
none|none none none

00:10:00 Win2K-f 116.80.70.31 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.3
profile none summary
tarball 15 of 35 d4a55ad30b
NEW none[none] none:none
none|none none none

T:00:21:00 WinXP 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
82 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
57ce4acac2
[Firefox:85 hits: 06-17 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

00:25:00 Win2K-f 195.20.215.10 (-):
SC IPN INVEST SRL,
RO. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:28:00 WinXP 207.14.14.217 (-):
AAFES/BARRACKS,
HERNDON, VIRGINIA, US. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 2 hits: 08-01 to 08-01] none[none] none:none
none|none none none

T:00:29:00 WinXP 211.58.52.191 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 29 of 36 74c6c141d8
NEW none[none] none:none
none|none none none

00:29:00 Win2K-f 58.0.108.201 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 24 of 36 7467b433ff
NEW none[none] none:none
none|none none none

00:33:00 Win2K-f 221.125.128.229 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball 34 of 36 d68adcc610
NEW none[none] none:none
none|none none none

00:35:00 WinXP 144.134.23.110 (TMNS.NET.AU):
TELSTRAINTERNET27,
BRISBANE, QUEENSLAND, AU. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset http
70 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
b7082104e4
[Firefox:64 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

00:38:00 WinXP 202.70.249.50 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:00:45:00 WinXP 221.171.145.251 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

00:49:00 Win2K-f 83.182.234.239 (CUST.TELE2.BE):
TELE2 BELGIUM,
BE. 210.245.211.11:65520 190.174.67.119:12351 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:00:52:00 Win2K-f 122.18.87.111 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 30 of 33 05c06c2445
NEW none[none] none:none
none|none none none

00:58:00 Win2K-f 118.7.206.105 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 34 of 36 4ef585afb1
NEW none[none] none:none
none|none none none

00:59:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:05:00 Win2K-f 125.195.106.55 (MESH.AD.JP):
NEC CORPORATION,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:01:07:00 Win2K-f 219.249.4.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:wr.mcboo.com
IL:bfb88.a1001186.wrs.mcboo.com 135 pcap raw alerts
ruleset http
irc
924 lines Yeah : 1.8
profile none summary
tarball 31 of 33
19 of 35
17 of 35
20 of 36
0 of 32
33 of 35 168aab35a3
[Firefox:77 hits: 06-17 to 08-01]
37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01]
f7738e7352
[Firefox: 2 hits: 07-25 to 07-27] none[4]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] none:none
none:none
none:none
none:none
ASM:Graph
none:none
tElock|
none|none
none|none
none|none
ASProtect|
none|none none
none
none
none
lines=90
none trace
none
none
none
trace
none

T:01:08:00 Win2K-f 86.97.16.224 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
ABU DHABI, ABU DHABI, AE. n/a 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

01:10:00 Win2K-f 118.236.17.219 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 34 of 36 16ac40add4
NEW none[none] none:none
none|none none none

01:11:00 WinXP 118.236.234.6 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 29 of 36 b9466579da
NEW none[none] none:none
none|none none none

01:16:00 Win2K-f 203.54.9.101 (TMNS.NET.AU):
TELSTRAINTERNET5,
WAGGA WAGGA, NEW SOUTH WALES, AU. 210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
188 lines Yeah : 1.8
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:01:19:00 WinXP 4.159.173.23 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MILWAUKEE, WISCONSIN, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

01:23:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:25:00 Win2K-f 91.67.162.231 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:01:29:00 Win2K-f 88.134.8.174 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 23 of 36 c00d8cab52
NEW none[none] none:none
none|none none none

01:30:00 WinXP 88.134.101.102 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 2 hits: 07-01 to 08-01] none[none] none:none
none|none none none

T:01:31:00 Win2K-f 218.210.80.111 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
57ce4acac2
[Firefox:85 hits: 06-17 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:45:00 Win2K-f 124.102.49.142 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 30 of 33 10439d86a5
[Firefox: 2 hits: 06-29 to 08-01] none[none] none:none
none|none none none

01:46:00 WinXP 82.237.126.53 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 210.245.211.11:65520 190.174.67.119:12351 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 33 of 36 3945f9348d
NEW none[none] none:none
none|none none none

01:47:00 WinXP 78.92.138.77 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com
SE:coins.dal.net
SE:vancouver.dal.net
:flanders.be.eu.undernet.org
SE:viking.dal.net 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 ffbfabccb0
NEW none[none] none:none
none|none none none

01:48:00 Win2K-f 85.152.193.172 (CM-85-152-59-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 17 of 36 2abba5d3b2
NEW none[none] none:none
none|none none none

01:50:00 Win2K-f 118.236.170.178 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

02:13:00 WinXP 124.18.20.159 (R-124-18-16-10.COMMUFA.JP):
CHUBU TELECOMMUNICATIONS CO. INC,
JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:02:15:00 Win2K-f 222.235.112.107 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com 139 pcap raw alerts
ruleset irc
http
16 lines Yeah : 1.3
profile none summary
tarball 17 of 35 5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01] none[none] none:none
none|none none none

02:16:00 WinXP 81.132.123.192 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:02:17:00 Win2K-f 125.197.165.158 (MESH.AD.JP):
NEC CORPORATION,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:02:18:00 Win2K-f 124.18.20.159 (R-124-18-16-10.COMMUFA.JP):
CHUBU TELECOMMUNICATIONS CO. INC,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

02:21:00 Win2K-f 58.4.168.48 (UCOM.NE.JP):
G-FO0001N,
JP. (100Mbps) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:102 hits: 07-13 to 08-01] none[none] none:none
none|none none none

02:25:00 Win2K-f 219.250.172.73 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
117 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32
0 of 32 8a75955033
[Firefox:13 hits: 06-20 to 07-30]
9276c8b36b
[Firefox:13 hits: 06-20 to 07-30]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
9276c8b36b[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

02:25:00 WinXP 118.111.81.205 (-):
. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 30 of 33 da7aac0dc4
[Firefox: 7 hits: 06-27 to 06-29] none[none] none:none
none|none none none

T:02:26:00 WinXP 80.180.173.177 (POOL80180.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PADOVA, VENETO, IT. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 1.8
profile none summary
tarball 10 of 33 4f3df56c30
[Firefox:10 hits: 06-28 to 07-02] none[none] none:none
none|none none none

02:26:00 WinXP 92.22.217.150 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:80
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 21 of 33 b74424c3b5
NEW none[none] none:none
none|none none none

T:02:30:00 Win2K-f 91.141.104.153 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 19 of 32 0993a67cea
NEW none[none] none:none
none|none none none

02:36:00 WinXP 71.85.135.8 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:36:00 Win2K-f 122.134.101.37 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 28 of 35 08106a1056
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

02:38:00 WinXP 85.185.131.101 (-):
FARA ERTEBAT KASHAN CO,
IR. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:43:00 WinXP 220.211.246.171 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 34 of 36 91a39be2d1
NEW none[none] none:none
none|none none none

T:02:44:00 Win2K-f 78.148.225.173 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

02:48:00 Win2K-f 90.209.20.57 (SKY.COM):
BSKYB,
UK. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:microsoft.com
US:download.microsoft.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:50:00 Win2K-f 118.0.47.213 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 20ef97231e
NEW none[none] none:none
none|none none none

02:55:00 WinXP 122.30.102.230 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

02:56:00 WinXP 85.179.75.189 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 190.174.67.119:12351 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 23 of 36 d6b77235fb
NEW none[none] none:none
none|none none none

T:03:05:00 WinXP 123.220.18.4 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:03:07:00 WinXP 118.236.61.37 (-):
. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 35 of 36 0740079256
NEW none[none] none:none
none|none none none

T:03:11:00 Win2K-f 58.4.168.48 (UCOM.NE.JP):
G-FO0001N,
JP. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:102 hits: 07-13 to 08-01] none[none] none:none
none|none none none

03:20:00 Win2K-f 118.109.136.217 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
NEW none[none] none:none
none|none none none

03:22:00 Win2K-f 77.20.216.15 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 20 of 33 364d957b43
NEW none[none] none:none
none|none none none

T:03:34:00 WinXP 123.220.136.247 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:03:36:00 WinXP 221.126.92.156 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:03:37:00 WinXP 222.148.153.33 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

03:41:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
57ce4acac2
[Firefox:85 hits: 06-17 to 08-01] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:44:00 Win2K-f 89.241.136.34 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. (DSL) n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

03:45:00 WinXP 130.13.130.52 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
137 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 32 7f66e51c85
[Firefox: 3 hits: 07-11 to 07-22]
9d12fe9d3b
[Firefox: 3 hits: 07-11 to 07-22] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

03:51:00 WinXP 65.84.20.233 (-):
TRAVEL HOUSE INC,
BARRINGTON, ILLINOIS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.46.124:80
US:199.93.46.125:80 135 pcap raw alerts
ruleset http
91 lines Yeah : 1.3
profile none summary
tarball 31 of 35
33 of 33
0 of 33 421ecabb8c
NEW
53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[none]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
tElock|
FSG| none
none
lines=92 none
trace
trace

T:03:52:00 Win2K-f 122.21.241.141 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 29 of 36 8c6dfab5d6
NEW none[none] none:none
none|none none none

03:54:00 WinXP 118.236.169.223 (-):
. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:03:55:00 Win2K-f 98.121.74.236 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:03:55:00 WinXP 96.14.98.240 (-):
. 210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
121 lines Yeah : 1.8
profile none summary
tarball 31 of 33
29 of 34
0 of 33 0bfa79dc19
[Firefox: 3 hits: 07-22 to 07-25]
8dfb3b619f
[Firefox: 3 hits: 07-22 to 07-25]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:03:59:00 Win2K-f 92.227.31.143 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
JP:chat-shqip.org
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 22 of 36 75aea17f9a
NEW none[none] none:none
none|none none none

04:01:00 Win2K-f 123.254.35.63 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
NEW none[none] none:none
none|none none none

T:04:04:00 WinXP 91.141.40.26 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:05:00 WinXP 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:04:07:00 WinXP 118.83.96.98 (-):
. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
63 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:15:00 Win2K-f 77.20.109.133 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 29 of 36 82c155322b
NEW none[none] none:none
none|none none none

04:16:00 Win2K-f 205.168.223.27 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
GRAND JUNCTION, COLORADO, US. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:04:28:00 Win2K-f 122.30.102.230 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:30:00 WinXP 210.192.201.41 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 001b6f7107
[Firefox: 2 hits: 07-29 to 08-01] none[none] none:none
none|none none none

T:04:36:00 WinXP 202.163.161.79 (TCNET.NE.JP):
TONAMI INTERNET SERVICE(TONAMI TRANSPORTATIONCO. LTD.),
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:36:00 WinXP 118.236.186.235 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:38:00 Win2K-f 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:85 hits: 06-17 to 08-01] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

04:40:00 Win2K-f 125.215.116.158 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:04:44:00 WinXP 217.114.235.139 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:52:00 Win2K-f 91.65.35.21 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

04:53:00 WinXP 118.105.147.153 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 33 of 35 dd0b6249c4
NEW none[none] none:none
none|none none none

T:04:54:00 WinXP 60.236.103.172 (MESH.AD.JP):
NEC CORPORATION,
YOKOHAMA, KANAGAWA, JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:04:58:00 WinXP 125.193.41.113 (MESH.AD.JP):
NEC CORPORATION,
JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 28 of 33 a9c8d121f2
[Firefox:11 hits: 06-28 to 07-28] none[none] none:none
none|none none none

04:59:00 Win2K-f 216.198.174.70 (INTELLEQCOM.NET):
INTELLEQ COMMUNICATIONS CORPORATION,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32
0 of 32 3cd7958258
[Firefox:15 hits: 06-17 to 07-29]
41efedf70f
[Firefox:14 hits: 06-19 to 07-29]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
41efedf70f[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=82
lines=90 trace
trace
trace

05:00:00 Win2K-f 84.187.229.102 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
MöNCHENGLADBACH, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:05:02:00 Win2K-f 208.77.179.102 (MYCOMSPAN.COM):
COMSPAN BANDON NETWORK LLC,
BANDON, OREGON, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
125 lines Yeah : 1.8
profile none summary
tarball 34 of 35
32 of 35 2d76ff4e53
[Firefox: 3 hits: 07-23 to 07-28]
7df1377ee3
[Firefox: 3 hits: 07-23 to 07-28] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

05:15:00 Win2K-f 210.139.195.20 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7ab8f4dfcd
NEW none[none] none:none
none|none none none

05:16:00 WinXP 87.2.14.67 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
TREVISO, VENETO, IT. n/a JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 10 of 33 4f3df56c30
[Firefox:10 hits: 06-28 to 07-02] none[none] none:none
none|none none none

T:05:17:00 WinXP 125.215.116.158 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

05:22:00 Win2K-f 217.114.235.139 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

05:24:00 Win2K-f 222.148.153.33 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

05:25:00 WinXP 60.40.235.70 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:05:28:00 Win2K-f 218.109.127.32 (-):
WASU-BB,
CN. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
19 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:30:00 WinXP 123.217.92.14 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

05:32:00 WinXP 87.57.182.195 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
US:adult-empire.com
EU:crutop.nu
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
NEW none[none] none:none
none|none none none

T:05:40:00 WinXP 120.75.113.10 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b159c8991d
NEW none[none] none:none
none|none none none

T:05:42:00 WinXP 123.217.92.14 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

05:42:00 WinXP 81.155.196.186 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
BRACKNELL, ENGLAND, UK. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 22 of 35 de9c878632
NEW none[none] none:none
none|none none none

05:44:00 Win2K-f 122.133.169.112 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 30 of 33 663bde7a19
NEW none[none] none:none
none|none none none

05:53:00 Win2K-f 222.149.11.140 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:00:00 WinXP 62.227.126.21 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 210.245.211.11:65520 190.174.67.119:12351 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 34 of 36 9776cda2f1
NEW none[none] none:none
none|none none none

T:06:03:00 WinXP 122.130.220.75 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 34 of 36 4389a3025c
NEW none[none] none:none
none|none none none

T:06:03:00 Win2K-f 222.144.174.9 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:06:00 Win2K-f 60.254.240.143 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 4 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:12:00 WinXP 118.237.87.125 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 93385541f3
[Firefox:18 hits: 06-22 to 07-27] none[4] none:none
none|none none trace

06:13:00 WinXP 219.249.72.116 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
[Firefox:10 hits: 06-21 to 07-27]
58c343a8d8
[Firefox:11 hits: 06-21 to 07-27] none[4]
58c343a8d8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

06:14:00 Win2K-f 221.127.192.7 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 3 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:06:15:00 WinXP 219.167.203.67 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:236 hits: 09-28 to 08-01] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:06:15:00 WinXP 63.245.41.18 (FLAMINGOTV.NET):
FLAMINGO TELEVISION BONAIRE,
AN. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:06:17:00 Win2K-f 88.111.241.103 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:06:19:00 Win2K-f 84.187.229.102 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
MöNCHENGLADBACH, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:31:00 Win2K-f 122.21.241.141 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
30 lines Yeah : 1.3
profile none summary
tarball 29 of 36 8c6dfab5d6
NEW none[none] none:none
none|none none none

06:35:00 Win2K-f 118.108.138.195 (-):
. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:35:00 Win2K-f 122.29.119.175 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 22 of 36 14fd72f162
NEW none[none] none:none
none|none none none

T:06:38:00 Win2K-f 118.111.24.121 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

06:41:00 Win2K-f 122.17.168.147 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 26ac4391e0
[Firefox: 4 hits: 06-28 to 06-30] none[none] none:none
none|none none none

T:06:51:00 WinXP 58.88.23.190 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 16 of 36 664d461fd8
NEW none[none] none:none
none|none none none

06:56:00 Win2K-f 218.168.94.37 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:102 hits: 07-13 to 08-01] none[none] none:none
none|none none none

06:58:00 WinXP 121.3.66.108 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 34 of 36 94a6b635e8
NEW none[none] none:none
none|none none none

07:00:00 WinXP 84.72.88.162 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

07:01:00 Win2K-f 118.237.46.167 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 30 of 33 2be4b098c5
NEW none[none] none:none
none|none none none

T:07:02:00 Win2K-f 97.93.93.123 (-):
. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:07:04:00 WinXP 118.1.229.8 (-):
. 210.245.211.11:65520 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
http
163 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
34 of 36
20 of 36 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
779f46c6f0
NEW
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

07:05:00 Win2K-f 89.245.199.28 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:05:00 Win2K-f 203.112.60.41 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:07:05:00 Win2K-f 217.249.59.215 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KONSTANZ, BADEN-WURTTEMBERG, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

07:06:00 WinXP 122.25.68.19 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 190.174.67.119:12351 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:13001
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.8
profile none summary
tarball 34 of 36 e80215f572
NEW none[none] none:none
none|none none none

07:11:00 WinXP 124.241.151.57 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 67.43.236.98:5190 HK:proxim.ircgalaxy.pl
US:mx1.hotmail.com
US:mailin-02.mx.aol.com
BE:ftp.scarlet.be
US:yutunrz.1dumb.com
US:mailin-04.mx.aol.com
CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
:nadsam0.info
US:mcduii.3-a.net
:jdjsloy.dynserv.com
**:wyqggvow.afraid.org
**:nttstziinpa.hn.org
US:fcnhysydw.yi.org
US:dlivmg.1dumb.com
US:neytteybbo.3-a.net
:fzzdik.dynserv.com
:pkvgzaecagx.afraid.org
**:yraqztt.hn.org
US:kpxvrvdefs.yi.org
US:qeqfsvxousx.1dumb.com
US:imtoey.3-a.net
:jrscqsshxs.dynserv.com
:yjjtuvsro.afraid.org
**:firradbqzku.hn.org
US:dgwigom.yi.org
US:mfltoqgqt.1dumb.com
US:ksfvgfrf.3-a.net
:uhqoyjlu.dynserv.com
:bdtjkffl.afraid.org
**:ipurfbqpsdj.hn.org
US:orugtuapnzu.yi.org
US:gyssafafiq.1dumb.com
US:ihhyzby.3-a.net
:pvxkideqlen.dynserv.com
US:130.107.136.182:64995
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
http
irc
781 lines Yeah : 1.8
profile none summary
tarball 30 of 33 48a8b58d74
[Firefox: 2 hits: 07-20 to 07-30] none[none] none:none
none|none none none

07:12:00 WinXP 219.71.115.52 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 34 of 36 832bc07e11
NEW none[none] none:none
none|none none none

T:07:13:00 WinXP 58.126.203.104 (HANANET.NET):
HANARO TELECOM INC,
KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:wr.mcboo.com
IL:bfb88.a1001186.wrs.mcboo.com 135 pcap raw alerts
ruleset irc
http
1323 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
29 of 32
20 of 36
28 of 32
0 of 33 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8a75955033
[Firefox:13 hits: 06-20 to 07-30]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01]
9276c8b36b
[Firefox:13 hits: 06-20 to 07-30]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[none]
none [none]
none [4]
none [none]
9276c8b36b[1]
e07c29c4ae[1] none:none
none:none
none:none
none:none
ASM:Graph
ASM:Graph
none|none
none|none
tElock|
none|none
Armadillo|
FSG| none
none
none
none
lines=81
lines=92 none
none
trace
none
trace
trace

T:07:19:00 WinXP 60.39.219.159 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 30 of 33 479d8f872a
NEW none[none] none:none
none|none none none

07:32:00 Win2K-f 118.236.180.32 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:wr.mcboo.com
US:206.251.244.226:80 445 pcap raw alerts
ruleset ftp
irc
http
163 lines Yeah : 1.8
profile none summary
tarball 31 of 33
19 of 35
17 of 35
20 of 36 1ff6cb719b
NEW
37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:07:35:00 Win2K-f 61.251.14.135 (-):
DAEJEON TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:wr.mcboo.com
US:206.251.244.226:80 135 pcap raw alerts
ruleset irc
http
878 lines Yeah : 1.8
profile none summary
tarball 24 of 33
32 of 33
19 of 35
17 of 35
20 of 36
0 of 32 074325ecbc
[Firefox: 5 hits: 07-02 to 07-26]
2a66fc87fa
[Firefox: 5 hits: 07-02 to 07-26]
37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
ASProtect| none
none
none
none
none
lines=90 none
none
none
none
none
trace

T:07:38:00 WinXP 118.111.24.150 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

07:39:00 Win2K-f 58.90.12.113 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
32 lines Yeah : 1.3
profile none summary
tarball 16 of 36 89f5a89b7f
NEW none[none] none:none
none|none none none

T:07:41:00 Win2K-f 130.13.219.251 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
185 lines Yeah : 0.8
profile none summary
tarball 21 of 35 d190f1f6c6
[Firefox: 4 hits: 07-29 to 08-01] none[none] none:none
none|none none none

07:44:00 WinXP 130.13.219.251 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
185 lines Yeah : 0.8
profile none summary
tarball 21 of 35 d190f1f6c6
[Firefox: 4 hits: 07-29 to 08-01] none[none] none:none
none|none none none

07:45:00 Win2K-f 118.236.184.214 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

07:46:00 WinXP 85.86.219.34 (CLIENTES.EUSKALTEL.ES):
EUSKALTEL,
SAN SEBASTIAN, PAIS VASCO, ES. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 35 8b3607bd00
[Firefox: 4 hits: 07-26 to 07-29] none[none] none:none
none|none none none

T:07:49:00 WinXP 58.93.230.190 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:07:52:00 WinXP 123.224.165.117 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 210.245.211.11:65520 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
JP:chat-shqip.org
US:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
171 lines Yeah : 1.8
profile none summary
tarball 19 of 35
20 of 36
17 of 35
20 of 36 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
3f3535246a
NEW
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:07:53:00 WinXP 130.13.40.104 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
187 lines Yeah : 0.8
profile none summary
tarball 22 of 35 35085295a6
[Firefox: 6 hits: 07-28 to 08-01] none[none] none:none
none|none none none

T:07:57:00 Win2K-f 123.225.254.37 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 22 of 36 d0c214d8fb
NEW none[none] none:none
none|none none none

T:08:01:00 Win2K-f 97.94.109.231 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:01:00 WinXP 123.224.165.117 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 210.245.211.11:65520 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
JP:chat-shqip.org
US:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
198 lines Yeah : 1.8
profile none summary
tarball 19 of 35
20 of 36
17 of 35
20 of 36 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
3f3535246a
NEW
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

08:03:00 Win2K-f 98.140.228.4 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:10:00 Win2K-f 96.10.195.237 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
US:wr.mcboo.com
US:206.251.244.226:80 135 pcap raw alerts
ruleset irc
http
1021 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
32 of 36
35 of 36
0 of 32 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01]
95a1e56583
NEW
b39357c344
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
none [none]
none [none]
none [none]
b5919931fe[1] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
ASProtect| none
none
none
none
none
lines=90 none
none
none
none
none
trace

T:08:10:00 Win2K-f 79.126.32.118 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

08:11:00 WinXP 209.216.178.202 (GORGE.NET):
GORGE NETWORKS INC,
HOOD RIVER, OREGON, US. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
11 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:506 hits: 05-04 to 07-30] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

08:21:00 Win2K-f 220.109.86.242 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 31 of 33 a558523d9e
[Firefox: 3 hits: 06-27 to 06-30] none[none] none:none
none|none none none

08:21:00 WinXP 92.17.128.58 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:194.90.224.86:80 445 pcap raw alerts
ruleset ftp
irc
http
115 lines Yeah : 1.3
profile none summary
tarball 17 of 35
20 of 36
34 of 36 5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01]
c7ca9ba1bd
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

08:21:00 Win2K-f 81.96.118.67 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
BEDFORD, ENGLAND, UK. (DSL) n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

08:23:00 WinXP 222.233.182.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset irc
106 lines Yeah : 1.8
profile none summary
tarball 31 of 33
30 of 32 1509c8d024
[Firefox:14 hits: 06-17 to 07-29]
f23b040440
[Firefox: 5 hits: 06-22 to 07-25] none[4]
f23b040440[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

08:24:00 Win2K-f 221.126.94.215 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:08:26:00 WinXP 217.184.204.102 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
KASSEL, HESSEN, DE. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

08:31:00 WinXP 121.3.197.126 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 34 of 36 74560ac1c2
NEW none[none] none:none
none|none none none

T:08:31:00 Win2K-f 122.18.249.178 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
JP:chat-shqip.org
US:wr.mcboo.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
http
191 lines Yeah : 1.8
profile none summary
tarball 19 of 35
23 of 36
17 of 35
20 of 36 37f41fd8ab
[Firefox:28 hits: 07-24 to 08-01]
5372d8531d
NEW
5ab0a45f63
[Firefox:30 hits: 07-24 to 08-01]
8d7113c2ce
[Firefox:19 hits: 08-01 to 08-01] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

08:33:00 Win2K-f 118.240.157.152 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:08:46:00 Win2K-f 116.80.88.239 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
JP. 190.174.67.119:13001 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 24 of 36 7467b433ff
NEW none[none] none:none
none|none none none

T:08:49:00 Win2K-f 220.105.154.172 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:08:52:00 WinXP 170.51.113.98 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:54:00 WinXP 218.110.10.11 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:08:55:00 Win2K-f 151.198.28.150 (VERIZON.NET):
VERIZON INTERNET SERVICES,
WEST NEW YORK, NEW JERSEY, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org 445 pcap raw alerts
ruleset irc
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:57:00 WinXP 118.0.253.71 (-):
. n/a JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:09:04:00 WinXP 212.49.177.190 (-):
BALADA TELECOMUNICACIONES,
TRES CANTOS, MADRID, ES. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
NL:london.uk.eu.undernet.org
NL:diemen.nl.eu.undernet.org
:caen.fr.eu.undernet.org
SE:ozbytes.dal.net
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
SE:qis.md.us.dal.net
:flanders.be.eu.undernet.org
SE:coins.dal.net
US:lia.zanet.net
:los-angeles.ca.us.undernet.org
:lulea.se.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 20 of 32 93dabb5a19
[Firefox: 2 hits: 12-13 to 07-22] none[none] none:none
none|none none none

09:04:00 WinXP 212.49.177.190 (-):
BALADA TELECOMUNICACIONES,
TRES CANTOS, MADRID, ES. n/a RU:moscow-advokat.ru
SE:coins.dal.net
AT:graz.at.eu.undernet.org
:flanders.be.eu.undernet.org
:caen.fr.eu.undernet.org
:brussels.be.eu.undernet.org
SE:ced.dal.net
SE:broadway.ny.us.dal.net
HR:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
SE:vancouver.dal.net
:los-angeles.ca.us.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

09:07:00 Win2K-f 118.8.57.141 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

09:09:00 Win2K-f 170.51.87.248 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:11:00 WinXP 63.19.36.58 (UU.NET):
UUNET TECHNOLOGIES INC,
CECILIA, KENTUCKY, US. n/a 135 pcap raw alerts
ruleset other
165 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:524 hits: 06-18 to 08-01] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

T:09:14:00 WinXP 221.191.83.117 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 190.174.67.119:12351 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:09:21:00 WinXP 88.134.176.123 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 19 of 36 761eac5dd8
NEW none[none] none:none
none|none none none

T:09:22:00 Win2K-f 217.119.36.211 (SUOMICOM.FI):
SUOMI COMMUNICATIONS OY,
ESPOO, ETELA-SUOMEN LAANI, FI. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 11 of 32 66e8e64289
[Firefox: 2 hits: 06-29 to 06-29] none[none] none:none
none|none none none

09:25:00 WinXP 70.73.107.59 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:32:00 Win2K-f 118.9.218.120 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

09:33:00 WinXP 118.240.3.249 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

09:34:00 Win2K-f 220.104.11.123 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

09:38:00 WinXP 212.62.127.112 (-):
INTERNATIONAL COMPUTER COMPANY LTD,
MANILA, MANILA, PH. n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:09:50:00 Win2K-f 92.227.29.159 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 16 of 36 12eff47f3e
NEW none[none] none:none
none|none none none

09:52:00 Win2K-f 118.7.129.68 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

09:56:00 Win2K-f 221.127.195.205 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
NEW none[none] none:none
none|none none none

09:56:00 Win2K-f 97.93.93.123 (-):
. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:09:58:00 Win2K-f 89.240.227.124 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:09:59:00 WinXP 84.75.164.189 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
US:www.counterdata.com
DE:m1.webstats.motigo.com
GB:www.chechenpress.co.uk
:www.islamicfinder.org
US:www.youtube.com
US:www.vimeo.com
RU:grani-tv.ru 445 pcap raw alerts
ruleset http
http
348 lines Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:59 hits: 05-10 to 08-01] none[3] none:none
ASPack| none trace

09:59:00 WinXP 122.133.143.191 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 190.174.67.119:13001 JP:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:10:15:00 WinXP 96.14.28.211 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 34 of 36 406815ec44
NEW none[none] none:none
none|none none none

10:19:00 WinXP 216.199.165.252 (FDN.COM):
FDN.COM,
JACKSONVILLE, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32
0 of 33 3cd7958258
[Firefox:15 hits: 06-17 to 07-29]
41efedf70f
[Firefox:14 hits: 06-19 to 07-29]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
41efedf70f[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

10:25:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:10:25:00 Win2K-f 91.66.106.226 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 2 hits: 07-01 to 08-01] none[none] none:none
none|none none none

10:25:00 Win2K-f 221.127.195.26 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 190.174.67.119:13001 JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
NEW none[none] none:none
none|none none none

10:25:00 Win2K-f 122.146.241.152 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
57ce4acac2
[Firefox:85 hits: 06-17 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:10:27:00 Win2K-f 118.108.163.238 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 21 of 33 b1bcfb40a8
[Firefox: 2 hits: 06-29 to 08-01] none[none] none:none
none|none none none

T:10:33:00 WinXP 130.13.204.12 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 92.114.4.2:6667 :irc.qifort.rr.nu 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
NEW none[none] none:none
none|none none none

10:37:00 WinXP 130.13.204.12 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
NEW none[none] none:none
none|none none none

T:10:43:00 WinXP 118.6.244.146 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:10:44:00 Win2K-f 70.78.212.223 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
135 lines Yeah : 1.8
profile none summary
tarball 31 of 35
33 of 35
0 of 32 03f242275e
NEW
31d5e9cb41
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:10:48:00 Win2K-f 122.16.123.165 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

10:52:00 WinXP 86.134.72.5 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

10:56:00 Win2K-f 217.219.114.47 (-):
BOSHEHR COMMUNICATION COMPANY,
IR. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

10:57:00 Win2K-f 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:59:00 Win2K-f 125.58.103.188 (-):
. n/a 135 pcap raw alerts
ruleset other
1009 lines Yeah : 1.3
profile none summary
tarball 22 of 36
34 of 36 111a2a6865
NEW
80d9739229
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:11:00:00 Win2K-f 213.76.154.12 (LANNET.PL):
LANNET S.C. W. KOMALA Z. LOMPERTA,
WARSAW, MAZOWIECKIE, PL. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 8d51183047
[Firefox: 2 hits: 06-29 to 07-01] none[none] none:none
none|none none none

11:03:00 WinXP 130.13.51.249 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
184 lines Yeah : 0.8
profile none summary
tarball 22 of 35 35085295a6
[Firefox: 6 hits: 07-28 to 08-01] none[none] none:none
none|none none none

T:11:06:00 Win2K-f 63.109.247.248 (NEWSKIES.NET):
BT LIMITED,
BEIRUT, BEYROUTH, LB. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:10:00 Win2K-f 170.51.171.199 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:18:00 WinXP 122.18.114.148 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 33 a793802e3c
[Firefox: 3 hits: 06-28 to 08-01] none[none] none:none
none|none none none

11:23:00 Win2K-f 202.225.118.130 (MESH.AD.JP):
C&C INTERNET SERVICE MESH (NEC CORPORATION),
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 22 of 36 2dc8ce3599
NEW none[none] none:none
none|none none none

T:11:23:00 WinXP 201.231.83.52 (SRC.ORG):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:38:00 WinXP 122.133.143.191 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

11:47:00 Win2K-f 88.134.39.157 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

11:49:00 WinXP 86.20.78.93 (NTL.COM):
NTL INFRASTRUCTURE - BIRMINGHAM,
LICHFIELD, ENGLAND, UK. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

11:56:00 WinXP 68.144.136.209 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
139 lines Yeah : 1.8
profile none summary
tarball 29 of 33
32 of 33
0 of 33 0c1c51204b
[Firefox: 3 hits: 06-18 to 07-05]
3d293743d8
[Firefox: 3 hits: 06-18 to 07-05]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] 0c1c51204b [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
PolyEnE|
FSG| lines=82
none
lines=92 trace
trace
trace

T:12:06:00 Win2K-f 206.169.140.14 (-):
TIME WARNER TELECOM INC,
ZIHUATANEJO, GUERRERO, MX. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:12:00 WinXP 75.186.43.93 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

12:17:00 Win2K-f 81.13.247.243 (213.IN-ADDR.ARPA):
TVS2NET,
MARTIGNY, VALAIS, CH. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

12:20:00 Win2K-f 92.228.77.179 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

12:21:00 Win2K-f 24.68.242.36 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
101 lines Yeah : 1.8
profile none summary
tarball 31 of 33
1 of 33
0 of 32 48f8b1a711
[Firefox: 7 hits: 06-19 to 07-15]
aecf2a5fc9
[Firefox: 5 hits: 06-19 to 07-15]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
aecf2a5fc9[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:24:00 WinXP 67.10.214.80 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUGAR LAND, TEXAS, US. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
US:lia.zanet.net
SE:ozbytes.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:26:00 WinXP 118.6.72.100 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 35 of 36 a4855a8070
NEW none[none] none:none
none|none none none

T:12:32:00 WinXP 118.6.188.21 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 29 of 36 8c6dfab5d6
NEW none[none] none:none
none|none none none

T:12:35:00 WinXP 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:12:36:00 Win2K-f 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01]
b7082104e4
[Firefox:64 hits: 06-18 to 08-01] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

T:12:39:00 Win2K-f 24.83.81.55 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 36
31 of 36 b5919931fe
[Firefox:181 hits: 06-20 to 08-01]
e87e85c617
NEW
fee1248b85
NEW b5919931fe [1]
none [none]
none [none] ASM:Graph
none:none
none:none
ASProtect|
none|none
none|none lines=90
none
none trace
none
none

12:43:00 Win2K-f 87.250.39.18 (BVCOM.NET):
CABLE BROADBAND USERS,
CS. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:12:45:00 Win2K-f 92.8.34.171 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 1.3
profile none summary
tarball 24 of 36 2c0f2d4796
NEW none[none] none:none
none|none none none

12:51:00 WinXP 91.65.132.207 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
30 lines Yeah : 1.3
profile none summary
tarball 32 of 33 399a88233f
[Firefox: 4 hits: 06-28 to 07-02] none[none] none:none
none|none none none

12:58:00 Win2K-f 58.88.23.190 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 16 of 36 664d461fd8
NEW none[none] none:none
none|none none none

T:13:00:00 Win2K-f 70.63.202.49 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HAVELOCK, NORTH CAROLINA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
1083 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36
0 of 32 644b2a1105
NEW
9c9ab20965
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

13:08:00 WinXP 122.18.246.40 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

13:09:00 Win2K-f 72.251.79.120 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

13:18:00 Win2K-f 60.33.194.66 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

13:28:00 WinXP 221.187.214.31 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

13:31:00 Win2K-f 122.16.151.237 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 20 of 33 d284c3c3f6
NEW none[none] none:none
none|none none none

13:40:00 WinXP 82.193.229.19 (EDISCOM.DE):
RFT BRANDENBURG,
BRANDENBURG, BRANDENBURG, DE. 210.245.211.11:65520 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 445 pcap raw alerts
ruleset http
irc
8 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7b1a3bf102
NEW none[none] none:none
none|none none none

13:42:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
512 lines Yeah : 1.3
profile none summary
tarball 33 of 35
32 of 35 4113025530
NEW
e3ca792d99
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:13:44:00 WinXP 84.247.46.193 (-):
GENIUS NETWORK SYSTEM SRL,
GALATI, GALATI, RO. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:48:00 Win2K-f 78.146.76.22 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 32 of 33 3f8d1c3246
[Firefox: 5 hits: 06-28 to 08-01] none[none] none:none
none|none none none

T:13:54:00 WinXP 85.117.4.169 (ZICOM.PL):
ZICOM WIM ZIELINSKI SPOLKA JAWNA,
TARNOW, MALOPOLSKIE, PL. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset shell
ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1e7e35a53c
NEW none[none] none:none
none|none none none

14:01:00 WinXP 61.210.174.98 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 36 88d0c0c4f6
[Firefox: 3 hits: 08-01 to 08-01] none[none] none:none
none|none none none

T:14:09:00 Win2K-f 116.41.102.110 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
115 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33 4ab2ecbc0f
[Firefox: 3 hits: 06-29 to 07-02]
65eb2e3aee
[Firefox: 3 hits: 06-29 to 07-02] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:10:00 WinXP 77.57.90.7 (SOLPA.NET):
CABLECOM,
ZURICH, ZURICH, CH. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
US:www.counterdata.com
DE:m1.webstats.motigo.com
GB:www.chechenpress.co.uk
US:67.15.211.9:80 445 pcap raw alerts
ruleset http
http
143 lines Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:59 hits: 05-10 to 08-01] none[3] none:none
ASPack| none trace

14:14:00 WinXP 130.13.41.35 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 64.32.14.92:6915 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
:ircn3t.cjb.net
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
63 lines Yeah : 1.3
profile none summary
tarball 29 of 32 355281ab68
[Firefox: 3 hits: 06-13 to 07-28] none[4] none:none
StarForce| none trace

14:14:00 Win2K-f 130.13.57.208 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
184 lines Yeah : 0.8
profile none summary
tarball 22 of 35 35085295a6
[Firefox: 6 hits: 07-28 to 08-01] none[none] none:none
none|none none none

T:14:15:00 Win2K-f 130.13.57.208 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
185 lines Yeah : 0.8
profile none summary
tarball 22 of 35 35085295a6
[Firefox: 6 hits: 07-28 to 08-01] none[none] none:none
none|none none none

14:18:00 WinXP 71.102.148.151 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) n/a US:searchportal.information.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
US:www.counterdata.com
DE:m1.webstats.motigo.com
GB:www.chechenpress.co.uk
:www.islamicfinder.org
US:www.youtube.com
US:www.vimeo.com
RU:grani-tv.ru 135 pcap raw alerts
ruleset http
679 lines Argh : 0.3
profile none summary
tarball none none none none none none none

14:22:00 WinXP 212.27.26.28 (-):
MLIFENET,
RU. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
DE:dl2.teenpassage.com
:caen.fr.eu.undernet.org
SE:ced.dal.net
:washington.dc.us.undernet.org
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
:brussels.be.eu.undernet.org 445 pcap raw alerts
ruleset http
irc
10 lines Yeah : 1.8
profile none summary
tarball 30 of 32 d23978004f
[Firefox: 3 hits: 06-12 to 06-19] none[4] none:none
PolyEnE| none trace

T:14:22:00 WinXP 212.27.26.28 (-):
MLIFENET,
RU. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net
:gaspode.zanet.org.za
:los-angeles.ca.us.undernet.org
:caen.fr.eu.undernet.org
SE:qis.md.us.dal.net
NO:london.uk.eu.undernet.org
SE:viking.dal.net
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
:lulea.se.eu.undernet.org
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 32 d23978004f
[Firefox: 3 hits: 06-12 to 06-19] none[4] none:none
PolyEnE| none trace

T:14:24:00 Win2K-f 71.136.17.66 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:29:00 Win2K-f 68.94.113.64 (SWBELL.NET):
PPPOX POOL - RBACK2 KSC2MO,
KANSAS CITY, MISSOURI, US. (DSL) 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
US:microsoft.com
US:download.microsoft.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
http
26 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:30:00 Win2K-f 70.78.212.223 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
123 lines Yeah : 1.8
profile none summary
tarball 31 of 35
33 of 35
0 of 32 03f242275e
NEW
31d5e9cb41
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

14:31:00 WinXP 75.12.118.225 (SBCGLOBAL.NET):
PPPOX POOL - RBACK8.SKT2CA,
STOCKTON, CALIFORNIA, US. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com
:www.proxy-socks.net
US:www.bankofmadura.com
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:506 hits: 05-04 to 07-30] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

14:33:00 Win2K-f 80.142.92.83 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BONN, NORDRHEIN-WESTFALEN, DE. n/a 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:14:34:00 Win2K-f 60.33.194.66 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:14:47:00 Win2K-f 208.127.234.227 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
148 lines Yeah : 1.8
profile none summary
tarball 29 of 33
0 of 32
30 of 33 2ef2f78792
[Firefox: 9 hits: 06-21 to 07-26]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01]
b7a332eb7c
[Firefox: 9 hits: 06-21 to 07-26] 2ef2f78792 [1]
b5919931fe[1]
none [4] ASM:Graph
ASM:Graph
none:none
Armadillo|
ASProtect|
tElock| lines=82
lines=90
none trace
trace
trace

14:49:00 Win2K-f 170.51.105.6 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
9 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:50:00 Win2K-f 130.13.203.100 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 92.114.4.2:6667 :irc.qifort.rr.nu
92.114.4.2:6667 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
NEW none[none] none:none
none|none none none

14:54:00 Win2K-f 60.40.247.18 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 31 of 33 b6075d6a91
[Firefox: 4 hits: 06-27 to 06-29] none[none] none:none
none|none none none

T:14:58:00 Win2K-f 130.13.97.83 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 d5a7eb7c3b
NEW none[none] none:none
none|none none none

15:07:00 WinXP 125.175.51.132 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 16 of 36 664d461fd8
NEW none[none] none:none
none|none none none

15:09:00 WinXP 24.109.245.119 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox: 2 hits: 07-28 to 08-01] none[none] none:none
none|none none none

T:15:11:00 Win2K-f 24.109.245.119 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
US:microsoft.com
US:download.microsoft.com
DE:85.114.143.2:80 445 pcap raw alerts
ruleset irc
http
22 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:15:11:00 WinXP 82.55.176.148 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:15:24:00 WinXP 91.64.151.107 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 21 of 33 55125e15a2
[Firefox: 2 hits: 06-29 to 07-01] none[none] none:none
none|none none none

15:36:00 Win2K-f 72.75.108.156 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
18 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:43:00 WinXP 75.137.190.17 (CHARTER.COM):
CHARTER COMMUNICATIONS,
ATHENS, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:44:00 Win2K-f 119.11.97.10 (-):
. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 15 of 36 f5e257ce96
NEW none[none] none:none
none|none none none

16:00:00 Win2K-f 92.1.57.94 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:80
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 24 of 36 e97814e64a
NEW none[none] none:none
none|none none none

T:16:13:00 WinXP 121.83.4.230 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:69 hits: 12-14 to 08-01] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:16:19:00 Win2K-f 24.39.18.204 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PORTLAND, MAINE, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:27:00 WinXP 124.108.236.249 (ENJOY.NE.JP):
DEODEO CORPORATION,
HIROSHIMA, HIROSHIMA, JP. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 30 of 33 6bf9acfa77
[Firefox: 3 hits: 07-01 to 07-30] none[none] none:none
none|none none none

16:28:00 Win2K-f 123.225.76.166 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:16:34:00 Win2K-f 76.161.225.191 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:16:37:00 WinXP 74.70.4.125 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:38:00 WinXP 82.82.160.237 (ARCOR-IP.NET):
ARCOR-DSL-NET,
HERNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:236 hits: 09-28 to 08-01] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

16:41:00 Win2K-f 62.227.51.96 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.8
profile none summary
tarball 34 of 36 9776cda2f1
NEW none[none] none:none
none|none none none

16:41:00 Win2K-f 58.138.52.204 (DY.BBEXCITE.JP):
EXCITE JAPAN CO. LTD,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
JP:w3bs.chat-shqip.org
DE:dl2.teenpassage.com
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 21 of 36 226ccca138
NEW none[none] none:none
none|none none none

16:42:00 Win2K-f 172.169.11.117 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:16:42:00 Win2K-f 75.136.137.173 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:47:00 WinXP 4.159.113.112 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GRAND RAPIDS, MICHIGAN, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:50:00 WinXP 24.70.236.100 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3294 hits: 12-31 to 08-01] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:50:00 Win2K-f 220.221.188.152 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 30 of 36 7140ff24e6
NEW none[none] none:none
none|none none none

16:53:00 Win2K-f 125.174.162.166 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c77830a49b
NEW none[none] none:none
none|none none none

T:17:03:00 Win2K-f 89.243.225.105 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

17:08:00 WinXP 119.11.80.180 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
143 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7ce2f4c7ac
NEW none[none] none:none
none|none none none

T:17:09:00 WinXP 219.110.182.151 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 24 of 36 27254e3577
NEW none[none] none:none
none|none none none

17:09:00 Win2K-f 221.127.69.123 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 36 011af15e19
NEW none[none] none:none
none|none none none

T:17:15:00 WinXP 124.108.236.249 (ENJOY.NE.JP):
DEODEO CORPORATION,
HIROSHIMA, HIROSHIMA, JP. (DSL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
JP:chat-shqip.org
DE:dl2.teenpassage.com
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001
HK:210.245.211.11:65520
DE:85.114.143.2:80 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 30 of 33 6bf9acfa77
[Firefox: 3 hits: 07-01 to 07-30] none[none] none:none
none|none none none

17:16:00 WinXP 60.32.28.164 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 20ef97231e
NEW none[none] none:none
none|none none none

T:17:34:00 WinXP 122.18.195.62 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:239 hits: 06-27 to 08-01] none[none] none:none
none|none none none

17:37:00 WinXP 220.106.171.120 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

17:39:00 Win2K-f 75.51.249.145 (-):
HASSAN MAHFOOD,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:42:00 WinXP 60.237.126.119 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:17:43:00 WinXP 98.140.43.243 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:00:00 Win2K-f 124.115.15.45 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:10:00 WinXP 65.212.110.124 (HARTCOM.NET):
HART TELECOM,
HARTWELL, GEORGIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 445 pcap raw alerts
ruleset http
http
http
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1148 hits: 05-01 to 08-01] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:18:10:00 WinXP 81.13.247.243 (213.IN-ADDR.ARPA):
TVS2NET,
MARTIGNY, VALAIS, CH. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

T:18:12:00 Win2K-f 71.160.155.31 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
VICTORVILLE, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:19:00 WinXP 118.236.97.145 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 34 of 36 2fa419d040
NEW none[none] none:none
none|none none none

18:21:00 Win2K-f 122.134.52.204 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:217 hits: 06-27 to 08-01] none[none] none:none
none|none none none

18:24:00 Win2K-f 151.33.181.177 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
NOVARA, PIEMONTE, IT. (DIAL) 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:18:37:00 WinXP 70.241.16.151 (SWBELL.NET):
PPPOX POOL - RBACK22.HSTNTX,
HOUSTON, TEXAS, US. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:18:37:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
57ce4acac2
[Firefox:85 hits: 06-17 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

18:47:00 WinXP 24.24.213.219 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTMINSTER, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

18:55:00 Win2K-f 124.241.138.11 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:58:00 Win2K-f 170.51.67.47 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

19:04:00 WinXP 130.13.57.208 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
184 lines Yeah : 0.8
profile none summary
tarball 22 of 35 35085295a6
[Firefox: 6 hits: 07-28 to 08-01] none[none] none:none
none|none none none

19:08:00 Win2K-f 75.49.226.215 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
ST. LOUIS, MISSOURI, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:19:10:00 Win2K-f 99.160.56.237 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:21:00 WinXP 71.70.226.166 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SALISBURY, NORTH CAROLINA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:315 hits: 05-03 to 07-24] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:19:26:00 Win2K-f 144.134.155.68 (TMNS.NET.AU):
TELSTRAINTERNET27,
MELBOURNE, VICTORIA, AU. n/a 135 pcap raw alerts
ruleset other
139 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:524 hits: 06-18 to 08-01] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

T:19:29:00 WinXP 216.203.250.156 (ALGX.NET):
XO COMMUNICATIONS,
SCOTTSDALE, ARIZONA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
116 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:19:44:00 WinXP 74.75.3.142 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33
0 of 33 4c3df24b32
[Firefox:122 hits: 06-17 to 08-01]
53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
e07c29c4ae
[Firefox:136 hits: 06-19 to 08-01] 4c3df24b32 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

T:19:49:00 WinXP 117.99.26.79 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1461 hits: 12-31 to 08-01] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:19:50:00 WinXP 216.139.96.35 (GRM.NET):
GRAND RIVER MUTUAL TELEPHONE CORPORATION,
PRINCETON, MISSOURI, US. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a0044bcb25
NEW none[none] none:none
none|none none none

19:57:00 WinXP 64.24.250.217 (POPSITE.NET):
USLEC CORP,
SEATTLE, WASHINGTON, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
118 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:58:00 Win2K-f 86.146.47.120 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:179 hits: 06-27 to 08-01] none[none] none:none
none|none none none

20:05:00 WinXP 124.102.64.112 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:766 hits: 07-11 to 08-01] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:20:16:00 Win2K-f 4.162.153.45 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:17:00 Win2K-f 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:17:00 Win2K-f 4.162.153.45 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
254 lines Yeah : 1.8
profile none summary
tarball 34 of 36
0 of 32
31 of 36 7401201471
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01]
c4ebafaad4
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

20:19:00 WinXP 210.190.195.87 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:766 hits: 07-11 to 08-01] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

20:57:00 Win2K-f 222.239.206.51 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:11:00 Win2K-f 70.74.22.253 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
892 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 33
0 of 32 81264c16dd
[Firefox: 5 hits: 07-03 to 08-01]
9a91743938
[Firefox: 6 hits: 07-03 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:21:12:00 Win2K-f 172.190.70.44 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
93 lines Yeah : 1.3
profile none summary
tarball 15 of 35 530647452c
NEW none[none] none:none
none|none none none

T:21:15:00 Win2K-f 122.146.241.152 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:18:00 Win2K-f 59.146.111.26 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a JP:chat-shqip.org
JP:w3bs.chat-shqip.org
190.174.67.119:12351
190.174.67.119:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 36 11b342745b
NEW none[none] none:none
none|none none none

T:21:23:00 Win2K-f 58.126.178.89 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:122 hits: 06-17 to 08-01]
53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

21:23:00 Win2K-f 63.246.48.244 (GEUSNET.NET):
GEUS,
GREENVILLE, TEXAS, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset http
irc
495 lines Yeah : 1.3
profile none summary
tarball 34 of 36
34 of 36 93ab32be05
NEW
a713d33590
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:24:00 WinXP 219.108.250.59 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:511 hits: 12-31 to 08-01] 048df78048 [0] ASM:Graph
none|none lines=61 trace

21:37:00 Win2K-f 170.51.209.231 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:59 hits: 05-22 to 08-01] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

21:39:00 Win2K-f 4.166.159.210 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:47:00 WinXP 118.236.159.131 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 34 of 36 2fa419d040
NEW none[none] none:none
none|none none none

21:48:00 Win2K-f 66.63.81.104 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:51:00 WinXP 118.236.159.131 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 34 of 36 2fa419d040
NEW none[none] none:none
none|none none none

21:57:00 Win2K-f 121.73.51.128 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
383 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 32 7f89b38665
NEW
a51a50404e
NEW
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:22:01:00 Win2K-f 124.241.138.11 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:22:17:00 WinXP 24.79.207.124 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:32:00 Win2K-f 130.13.132.150 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
185 lines Yeah : 0.8
profile none summary
tarball 21 of 35 d190f1f6c6
[Firefox: 4 hits: 07-29 to 08-01] none[none] none:none
none|none none none

T:22:33:00 WinXP 130.13.132.150 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
184 lines Yeah : 0.8
profile none summary
tarball 21 of 35 d190f1f6c6
[Firefox: 4 hits: 07-29 to 08-01] none[none] none:none
none|none none none

22:34:00 Win2K-f 4.255.193.235 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLAREMORE, OKLAHOMA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
73f1082158
[Firefox:524 hits: 06-18 to 08-01] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:36:00 WinXP 98.108.53.78 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
US:208.111.173.47:80
US:208.111.173.51:80
HK:210.245.211.11:65520
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
147 lines Yeah : 1.8
profile none summary
tarball 31 of 32
29 of 33 5378ab9d2d
[Firefox: 3 hits: 06-28 to 07-26]
60a6e7e23c
[Firefox: 3 hits: 06-28 to 07-26] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:22:47:00 WinXP 218.168.67.126 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:11 hits: 07-13 to 07-30] none[none] none:none
none|none none none

22:47:00 WinXP 60.236.68.239 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 83971cbcad
NEW none[none] none:none
none|none none none

T:22:49:00 Win2K-f 118.218.141.40 (-):
. 210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
122 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33
0 of 32 168aab35a3
[Firefox:77 hits: 06-17 to 08-01]
667f0c59f3
[Firefox: 8 hits: 07-04 to 08-01]
b5919931fe
[Firefox:181 hits: 06-20 to 08-01] none[4]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
tElock|
none|none
ASProtect| none
none
lines=90 trace
none
trace

22:56:00 WinXP 70.61.108.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:08:00 WinXP 203.91.175.244 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 72.10.172.211:8080 CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info
:nadsam0.info
US:130.107.130.121:64442 135 pcap raw alerts
ruleset irc
http
321 lines Yeah : 1.8
profile none summary
tarball 16 of 35
24 of 32
16 of 35 474312616d
[Firefox: 5 hits: 07-23 to 07-30]
4f51b7cd6f
[Firefox: 3 hits: 06-25 to 07-29]
d717616974
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

23:08:00 Win2K-f 99.164.123.200 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
a08f3b74a4
[Firefox:351 hits: 06-18 to 08-01] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:15:00 WinXP 116.127.207.195 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
129 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:13 hits: 06-20 to 07-30]
9276c8b36b
[Firefox:13 hits: 06-20 to 07-30] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:25:00 WinXP 220.229.78.210 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:27:00 WinXP 123.254.42.118 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:766 hits: 07-11 to 08-01] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

23:39:00 WinXP 75.4.224.90 (SBCGLOBAL.NET):
RBACK34A.IRVNCA,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1046 hits: 06-17 to 08-01]
b7082104e4
[Firefox:64 hits: 06-18 to 08-01] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:23:56:00 WinXP 125.195.135.21 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none