Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

04 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:10:00 WinXP 123.213.158.26 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
0 of 33
2 of 33 716df12201
NEW
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02]
f4654210bb
NEW none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

T:00:17:00 WinXP 60.35.209.31 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:40:00 WinXP 121.125.22.243 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33
0 of 33 633a67eac3
[Firefox: 5 hits: 07-19 to 07-30]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[none]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
none|none
Armadillo|
FSG| none
lines=81
lines=92 none
trace
trace

00:52:00 Win2K-f 123.217.129.71 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f9a0fc79b3
NEW none[none] none:none
none|none none none

00:58:00 WinXP 122.21.239.32 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:00:59:00 WinXP 220.107.190.59 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 34 of 36 5fb5174a26
NEW none[none] none:none
none|none none none

T:01:01:00 Win2K-f 122.133.129.30 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 24 of 36 da7e62b29d
NEW none[none] none:none
none|none none none

01:06:00 WinXP 84.187.70.139 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
KAMEN, NORDRHEIN-WESTFALEN, DE. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

01:09:00 Win2K-f 123.213.182.15 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.124:80
US:207.123.46.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 34 of 36
30 of 32 3ddc67d556
NEW
8390780c27
[Firefox:30 hits: 06-18 to 08-01] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

01:12:00 Win2K-f 125.192.27.224 (MESH.AD.JP):
NEC CORPORATION,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 21 of 36 3e613f57c0
NEW none[none] none:none
none|none none none

01:12:00 WinXP 118.1.31.216 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:01:15:00 WinXP 121.83.21.3 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:70 hits: 12-14 to 08-02] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:01:16:00 WinXP 62.11.115.152 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
GB:welcome3.smile.co.uk 445 pcap raw alerts
ruleset http
http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:508 hits: 05-04 to 08-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

01:16:00 WinXP 118.108.41.140 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

01:18:00 WinXP 118.236.93.36 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 93385541f3
[Firefox:19 hits: 06-22 to 08-02] none[4] none:none
none|none none trace

T:01:18:00 WinXP 118.236.154.212 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

01:20:00 Win2K-f 120.74.205.65 (-):
. 72.10.172.218:7382 CA:italian.swiifatecihno.com 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 35 of 36 6655ed5fd7
NEW none[none] none:none
none|none none none

01:25:00 Win2K-f 119.72.64.23 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 15 of 36 eed6a50223
NEW none[none] none:none
none|none none none

01:29:00 WinXP 221.127.13.85 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
89 lines Yeah : 1.8
profile none summary
tarball 34 of 36 514dd25ab3
NEW none[none] none:none
none|none none none

01:33:00 Win2K-f 221.127.70.170 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 36 011af15e19
[Firefox: 2 hits: 08-01 to 08-02] none[none] none:none
none|none none none

01:34:00 Win2K-f 124.102.63.98 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 682d244b3a
NEW none[none] none:none
none|none none none

T:01:40:00 WinXP 122.21.239.32 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

01:40:00 WinXP 78.147.201.87 (-):
OPAL TELECOM DSL,
UK. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
105 lines Yeah : 1.8
profile none summary
tarball 32 of 33 778acb5418
NEW none[none] none:none
none|none none none

T:01:43:00 WinXP 213.42.178.121 (-):
DAR ZAYED FOR COMPREHENSIVE WELFARE,
ABU DHABI, ABU DHABI, AE. (100Mbps) 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 16 of 36 a07a5efeb1
NEW none[none] none:none
none|none none none

T:01:46:00 Win2K-f 118.109.37.185 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 15 of 36 07bb94631b
NEW none[none] none:none
none|none none none

T:01:53:00 Win2K-f 221.127.194.105 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 4 hits: 06-27 to 08-02] none[none] none:none
none|none none none

01:56:00 Win2K-f 75.60.187.19 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:58:00 WinXP 122.134.4.226 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
64 lines Yeah : 1.8
profile none summary
tarball 25 of 33 80205569e9
[Firefox: 2 hits: 06-27 to 06-29] none[none] none:none
none|none none none

T:01:58:00 Win2K-f 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:02:02:00 WinXP 91.141.37.72 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 19 of 32 0993a67cea
[Firefox: 2 hits: 06-30 to 08-02] none[none] none:none
none|none none none

T:02:09:00 WinXP 124.102.63.98 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 1.8
profile none summary
tarball 34 of 36 682d244b3a
NEW none[none] none:none
none|none none none

T:02:11:00 Win2K-f 61.218.171.61 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
57ce4acac2
[Firefox:91 hits: 06-17 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

02:23:00 WinXP 62.255.36.12 (NTLI.NET):
NTL INTERNET,
STOCKPORT, ENGLAND, UK. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:512 hits: 12-31 to 08-02] 048df78048 [0] ASM:Graph
none|none lines=61 trace

02:24:00 Win2K-f 221.127.193.119 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 4 hits: 06-27 to 08-02] none[none] none:none
none|none none none

02:27:00 WinXP 121.115.196.175 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

02:36:00 Win2K-f 92.11.142.173 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 32 of 33 eab50c3dea
[Firefox: 9 hits: 06-28 to 07-01] none[none] none:none
none|none none none

02:41:00 WinXP 220.219.255.245 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

02:42:00 Win2K-f 220.107.190.59 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 5fb5174a26
NEW none[none] none:none
none|none none none

T:02:42:00 Win2K-f 82.239.223.132 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 16 of 33 59e003d98c
NEW none[none] none:none
none|none none none

T:02:48:00 WinXP 24.76.125.6 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SAULT STE. MARIE, ONTARIO, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 33 of 33
25 of 34 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
b6cf789b7d
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:02:51:00 Win2K-f 151.118.174.129 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 32
0 of 32 7f66e51c85
[Firefox: 4 hits: 07-11 to 08-02]
9d12fe9d3b
[Firefox: 4 hits: 07-11 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

02:52:00 Win2K-f 122.16.118.20 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

03:04:00 WinXP 118.218.20.133 (-):
. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 168aab35a3
[Firefox:79 hits: 06-17 to 08-02]
667f0c59f3
[Firefox: 9 hits: 07-04 to 08-02] none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:03:04:00 WinXP 81.57.148.167 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

03:09:00 Win2K-f 207.144.168.221 (SPIRITTELECOM.COM):
CHESTER TELEPHONE COMPANY,
CHESTER, SOUTH CAROLINA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:03:13:00 Win2K-f 77.253.254.203 (COM.PL):
NETIA,
PL. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 35 of 36 a2cc1d9ba5
NEW none[none] none:none
none|none none none

03:14:00 WinXP 77.253.254.203 (COM.PL):
NETIA,
PL. 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 35 of 36 a2cc1d9ba5
NEW none[none] none:none
none|none none none

T:03:15:00 Win2K-f 122.16.68.154 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:12351 HK:proxim.ircgalaxy.pl
:chat-shqip.org
:w3bs.chat-shqip.org
HK:210.245.211.11:65520
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 20 of 36 e503f738ad
NEW none[none] none:none
none|none none none

03:19:00 Win2K-f 118.236.162.141 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

03:24:00 Win2K-f 208.127.8.130 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a CA:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset irc
221 lines Yeah : 1.3
profile none summary
tarball 26 of 32 5aeb9abc92
[Firefox: 4 hits: 12-27 to 07-19] none[none] none:none
none|none none none

03:28:00 Win2K-f 83.153.246.135 (PPP.TISCALI.FR):
TELECOM ITALIA FRANCE BROADBAND POOLS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. (DIAL) 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 13 of 33 ffb3b175e5
[Firefox: 9 hits: 06-27 to 07-01] none[none] none:none
none|none none none

T:03:35:00 WinXP 62.47.162.172 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 26 of 36 9ede699f81
NEW none[none] none:none
none|none none none

T:03:41:00 Win2K-f 76.75.95.195 (NEXICOM.NET):
NEXICOM INC,
CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
b7082104e4
[Firefox:67 hits: 06-18 to 08-02] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

03:47:00 Win2K-f 91.67.210.97 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

03:47:00 Win2K-f 61.203.30.23 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:03:54:00 Win2K-f 118.105.174.58 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox: 8 hits: 06-28 to 07-01] none[none] none:none
none|none none none

T:03:55:00 Win2K-f 89.179.73.6 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset irc
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:55:00 WinXP 81.137.216.248 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
LONDON, ENGLAND, UK. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

03:56:00 WinXP 219.98.251.4 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 20 of 36 11b342745b
NEW none[none] none:none
none|none none none

T:03:57:00 Win2K-f 118.87.29.72 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:00:00 Win2K-f 122.135.240.29 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 14 of 36 7f90fcc856
NEW none[none] none:none
none|none none none

04:02:00 Win2K-f 118.9.225.201 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 28 of 33 86346e9208
NEW none[none] none:none
none|none none none

04:06:00 Win2K-f 202.70.232.58 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 15 of 36 7619ff1355
NEW none[none] none:none
none|none none none

T:04:14:00 Win2K-f 121.84.242.223 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 9ce22e20b7
NEW none[none] none:none
none|none none none

04:18:00 Win2K-f 119.72.51.52 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 29 of 33 9ddd6c5e47
[Firefox: 2 hits: 06-29 to 06-29] none[none] none:none
none|none none none

04:19:00 WinXP 221.127.36.232 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

04:29:00 Win2K-f 124.61.34.217 (-):
POWERCOM,
KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:198.78.201.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 32 09c3d90250
NEW
8f34a39070
NEW
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

04:30:00 WinXP 221.138.251.203 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36
0 of 33 2105e8a465
NEW
9d7e3071c2
NEW
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

04:33:00 Win2K-f 122.17.111.96 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:04:36:00 WinXP 60.254.231.110 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 5 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:04:41:00 WinXP 60.237.127.78 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:769 hits: 07-11 to 08-02] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:04:42:00 WinXP 119.11.107.213 (-):
. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 15 of 36 f5e257ce96
[Firefox: 2 hits: 08-01 to 08-02] none[none] none:none
none|none none none

T:04:43:00 Win2K-f 71.85.135.8 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:50:00 Win2K-f 75.179.35.8 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:50:00 WinXP 116.127.167.184 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 633a67eac3
[Firefox: 5 hits: 07-19 to 07-30]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02] none[none]
a08f3b74a4[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=81 none
trace

04:52:00 Win2K-f 118.236.154.212 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

04:52:00 WinXP 66.48.192.13 (UU.NET):
MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS,
MONCTON, NEW BRUNSWICK, CA. n/a 135 pcap raw alerts
ruleset other
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:53:00 Win2K-f 122.147.99.13 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:54:00 WinXP 222.148.246.150 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:04:56:00 WinXP 66.48.192.13 (UU.NET):
MCI COMMUNICATIONS SERVICES INC. D/B/A VERIZON BUSINESS,
MONCTON, NEW BRUNSWICK, CA. n/a 135 pcap raw alerts
ruleset other
147 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:540 hits: 06-18 to 08-02] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

T:05:00:00 WinXP 58.88.21.199 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:02:00 WinXP 124.85.177.127 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 94.36.65.59:13001 HK:proxima.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.8
profile none summary
tarball 31 of 33 c1f444637f
NEW none[none] none:none
none|none none none

T:05:04:00 Win2K-f 60.237.160.204 (MESH.AD.JP):
NEC CORPORATION,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

05:05:00 Win2K-f 123.254.54.187 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

05:05:00 WinXP 217.144.4.109 (-):
NETWORK EXCHANGE TECHNOLOGY,
AMMAN, 'AMMAN, JO. (DSL) n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:05:11:00 Win2K-f 220.96.49.108 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 22 of 36 07ebc59154
NEW none[none] none:none
none|none none none

05:14:00 Win2K-f 222.151.3.186 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:05:14:00 WinXP 122.130.164.213 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
92 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
NEW none[none] none:none
none|none none none

T:05:14:00 Win2K-f 24.31.166.118 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NASHPORT, OHIO, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:20:00 WinXP 72.133.52.114 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LINCOLN, NEBRASKA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:23:00 WinXP 118.6.56.79 (-):
. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
61 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:05:27:00 Win2K-f 98.140.229.237 (-):
. n/a HK:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset other
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:33:00 Win2K-f 72.230.139.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

05:33:00 WinXP 80.132.210.78 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DUSSELDORF, NORDRHEIN-WESTFALEN, DE. (DIAL) 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 12 of 33 9a32965bc8
[Firefox:12 hits: 06-28 to 07-28] none[none] none:none
none|none none none

05:34:00 Win2K-f 221.127.192.240 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 4 hits: 06-27 to 08-02] none[none] none:none
none|none none none

05:47:00 WinXP 75.191.146.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:49:00 Win2K-f 221.191.75.154 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 16 of 33 df49df7e9e
[Firefox: 2 hits: 06-29 to 06-30] none[none] none:none
none|none none none

T:05:49:00 WinXP 203.112.60.43 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
65 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

05:53:00 Win2K-f 118.0.162.127 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1fbeb11726
NEW none[none] none:none
none|none none none

05:55:00 WinXP 123.216.238.33 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 29 of 36 ba818cf3a3
NEW none[none] none:none
none|none none none

05:57:00 WinXP 122.133.244.5 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 30 of 33 da7aac0dc4
[Firefox: 8 hits: 06-27 to 08-02] none[none] none:none
none|none none none

06:00:00 Win2K-f 218.223.213.179 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

06:00:00 Win2K-f 60.36.69.187 (PLALA.OR.JP):
PLALA NETWORKS INC,
SAYAMA, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:06:06:00 WinXP 118.7.76.155 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:06:07:00 WinXP 118.240.0.141 (-):
. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:06:07:00 WinXP 118.6.56.79 (-):
. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
65 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:06:19:00 WinXP 117.4.101.154 (ADSL.VIETTEL.VN):
VIETEL CORPORATION,
HANOI, HA NOI, VN. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

06:20:00 WinXP 170.51.194.200 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:06:20:00 WinXP 70.245.160.247 (SWBELL.NET):
PPPOX POOL - BRAS1 WCHTKS,
LIBERAL, KANSAS, US. (DIAL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

06:21:00 Win2K-f 172.135.39.197 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.41.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33 3373948767
[Firefox:12 hits: 07-03 to 07-30]
c73f738c30
[Firefox:12 hits: 07-03 to 07-30] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:25:00 WinXP 221.127.68.54 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 32 of 36 011af15e19
[Firefox: 2 hits: 08-01 to 08-02] none[none] none:none
none|none none none

T:06:26:00 Win2K-f 118.8.116.35 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

06:31:00 Win2K-f 170.51.126.93 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

06:37:00 WinXP 123.224.154.98 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 22 of 36 e9912fe69e
NEW none[none] none:none
none|none none none

06:37:00 WinXP 220.96.49.108 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 22 of 36 07ebc59154
NEW none[none] none:none
none|none none none

06:39:00 Win2K-f 125.0.95.182 (INFOWEB.NE.JP):
FUJITSU LIMITED,
TOKYO, TOKYO, JP. (DIAL) n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.3
profile none summary
tarball 13 of 33 7e8babc6f9
NEW none[none] none:none
none|none none none

T:06:41:00 WinXP 4.186.72.84 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HOBOKEN, NEW JERSEY, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
4 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:41:00 Win2K-f 221.127.13.34 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 21 of 36 9cfb0cd4cf
NEW none[none] none:none
none|none none none

T:06:44:00 WinXP 60.237.115.157 (MESH.AD.JP):
NEC CORPORATION,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:06:46:00 Win2K-f 60.39.84.74 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b843db8006
NEW none[none] none:none
none|none none none

06:49:00 WinXP 41.214.166.93 (-):
. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 41065f98ee
NEW none[none] none:none
none|none none none

06:50:00 WinXP 58.88.66.187 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 22 of 35 41ec9d69c8
NEW none[none] none:none
none|none none none

06:52:00 Win2K-f 124.86.177.128 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

06:53:00 WinXP 77.241.139.166 (-):
HI3GACCESS,
SE. 194.54.90.246:80 UA:citi-bank.ru
DE:kidos-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

06:54:00 WinXP 81.181.34.138 (AIRBOY.RO):
SC IZA-NET SRL,
BUCHAREST, BUCURESTI, RO. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 21 of 36 fa749b103b
NEW none[none] none:none
none|none none none

T:06:55:00 Win2K-f 125.58.66.121 (-):
. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 4c3df24b32
[Firefox:124 hits: 06-17 to 08-02]
dbce870f48
[Firefox: 5 hits: 07-03 to 07-25] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

T:06:57:00 WinXP 77.241.139.166 (-):
HI3GACCESS,
SE. n/a UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:06:00 WinXP 66.140.228.111 (SWBELL.NET):
DIAL POOL - NAS2.SNANTX,
SAN ANTONIO, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:25:00 WinXP 71.42.39.151 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

07:26:00 WinXP 123.254.49.118 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:07:31:00 Win2K-f 60.254.230.107 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 36 cae23b7b95
NEW none[none] none:none
none|none none none

07:38:00 Win2K-f 122.18.253.51 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:07:38:00 Win2K-f 221.184.233.220 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

07:41:00 Win2K-f 78.144.43.42 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:07:41:00 WinXP 118.241.78.253 (-):
. 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

07:42:00 Win2K-f 119.72.0.101 (-):
. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2a933f091d
NEW none[none] none:none
none|none none none

T:07:46:00 Win2K-f 221.187.11.46 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

07:48:00 WinXP 118.236.106.223 (-):
. n/a :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:07:49:00 WinXP 122.133.145.202 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 36 of 36 0f4d0b5522
NEW none[none] none:none
none|none none none

07:50:00 Win2K-f 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:50:00 Win2K-f 91.65.132.136 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 399a88233f
[Firefox: 5 hits: 06-28 to 08-02] none[none] none:none
none|none none none

07:52:00 Win2K-f 4.171.180.2 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GAINESVILLE, FLORIDA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
904 lines Yeah : 1.3
profile none summary
tarball 33 of 36 a952bf2806
NEW none[none] none:none
none|none none none

T:07:54:00 WinXP 60.34.10.196 (PLALA.OR.JP):
PLALA NETWORKS INC,
TOKYO, TOKYO, JP. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 23 of 33 cf153403d1
[Firefox: 4 hits: 06-28 to 07-02] none[none] none:none
none|none none none

08:02:00 WinXP 60.46.188.164 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 34 of 36 64ccb555e0
NEW none[none] none:none
none|none none none

08:02:00 WinXP 125.102.38.55 (UCOM.NE.JP):
G-OS0025N,
JP. (100Mbps) 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:08:00 WinXP 61.218.171.61 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
57ce4acac2
[Firefox:91 hits: 06-17 to 08-02]
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

08:15:00 WinXP 58.88.30.163 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:08:16:00 Win2K-f 122.133.251.171 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:18:00 Win2K-f 221.127.178.18 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:19:00 Win2K-f 222.233.214.125 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 0 of 32
29 of 32
0 of 32 73f1082158
[Firefox:540 hits: 06-18 to 08-02]
9d677c3f70
[Firefox: 5 hits: 06-20 to 07-29]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] 73f1082158 [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

T:08:21:00 Win2K-f 118.8.161.230 (-):
. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 24 of 36 7e91a7d70f
NEW none[none] none:none
none|none none none

08:23:00 Win2K-f 118.8.161.230 (-):
. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 24 of 36 7e91a7d70f
NEW none[none] none:none
none|none none none

T:08:25:00 WinXP 62.215.39.209 (-):
FAST TELCO INFRA STRUCTURE WEB ACCESS USERS,
KUWAIT, AL KUWAYT, KW. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 34 of 35 043592e432
NEW none[none] none:none
none|none none none

T:08:28:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a HK:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset other
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:34:00 Win2K-f 118.0.133.222 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 12 of 32 91653172e0
NEW none[none] none:none
none|none none none

T:08:35:00 WinXP 123.254.7.29 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:43:00 Win2K-f 217.201.83.58 (-):
TELECOM ITALIA MOBILE,
IT. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:08:44:00 WinXP 78.147.106.201 (-):
OPAL TELECOM DSL,
UK. 94.36.65.59:13001 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:46:00 WinXP 118.8.93.253 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

08:49:00 WinXP 96.13.232.208 (-):
. 194.54.90.246:80 UA:citi-bank.ru
US:adult-empire.com 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:751 hits: 05-01 to 07-29] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:08:51:00 WinXP 92.46.0.200 (IKBCC.COM):
EU-ZZ,
UK. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
66 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

09:06:00 Win2K-f 217.248.44.61 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KOELN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:09:08:00 WinXP 118.105.168.221 (-):
. n/a CA:done.blacktiehsbdcs.com 445 pcap raw alerts
ruleset shell
ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 28 of 30 2aa59ba425
[Firefox:47 hits: 06-30 to 07-26] 2aa59ba425 [1] ASM:Graph
ASPack| lines=10 trace

09:13:00 WinXP 67.11.22.251 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
:www.proxy-socks.net
US:master-x.com
GB:195.92.84.198:80
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
12 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29
0 of 36 753f82b489
NEW
a12cab51ef
[Firefox:1149 hits: 05-01 to 08-02]
e361fbe1d2
NEW none[none]
40f7f463c4[0]
none [none] none:none
ASM:Graph
none:none
none|none
ASPack|
none|none none
lines=281
embedded dns
none none
trace
none

09:14:00 WinXP 170.51.52.49 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

09:19:00 WinXP 219.110.152.136 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

09:21:00 Win2K-f 85.243.222.128 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:09:22:00 Win2K-f 217.248.44.61 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KOELN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
30 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

09:22:00 WinXP 66.50.89.35 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. n/a UA:citi-bank.ru
DE:kidos-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

09:24:00 Win2K-f 123.220.31.235 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7097bbda4d
NEW none[none] none:none
none|none none none

T:09:24:00 WinXP 66.50.89.35 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:09:24:00 WinXP 217.201.116.95 (-):
TELECOM ITALIA MOBILE,
IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:751 hits: 05-01 to 07-29] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:09:28:00 Win2K-f 170.51.126.187 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:29:00 Win2K-f 88.134.140.88 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:09:30:00 WinXP 78.52.232.50 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 30 of 33 b9b41e58f3
NEW none[none] none:none
none|none none none

T:09:35:00 WinXP 208.127.8.130 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 72.10.172.218:9928 CA:teek.ihshsd8.com 135 pcap raw alerts
ruleset irc
223 lines Yeah : 1.8
profile none summary
tarball 26 of 32 5aeb9abc92
[Firefox: 4 hits: 12-27 to 07-19] none[none] none:none
none|none none none

09:35:00 Win2K-f 217.229.235.110 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
SAARBRUCKEN, SAARLAND, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b6b69f1052
NEW none[none] none:none
none|none none none

T:09:37:00 WinXP 125.198.91.81 (MESH.AD.JP):
NEC CORPORATION,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:09:41:00 Win2K-f 217.226.176.99 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DORTMUND, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:09:41:00 WinXP 203.82.124.17 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:09:53:00 WinXP 82.141.87.237 (KOTINET.COM):
POHJANMAAN PPO OY,
YLIVIESKA, OULUN LAANI, FI. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 18 of 36 e4d3794f7a
NEW none[none] none:none
none|none none none

10:03:00 WinXP 118.236.208.46 (-):
. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

10:10:00 WinXP 84.187.122.118 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
AACHEN, NORDRHEIN-WESTFALEN, DE. (DIAL) 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 35 of 36 4db283bb0f
NEW none[none] none:none
none|none none none

T:10:10:00 Win2K-f 63.245.41.66 (FLAMINGOTV.NET):
FLAMINGO TELEVISION BONAIRE,
AN. n/a 135 pcap raw alerts
ruleset other
206 lines Yeah : 1.3
profile none summary
tarball 33 of 36 4e5d2822db
NEW none[none] none:none
none|none none none

10:12:00 Win2K-f 209.29.84.15 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:14:00 Win2K-f 122.134.4.226 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 33 of 36 f7888d61a1
NEW none[none] none:none
none|none none none

10:14:00 Win2K-f 170.51.190.60 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:18:00 WinXP 80.96.13.120 (RNC.RO):
RNC,
CONSTANTA, CONSTANTA, RO. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:10:22:00 WinXP 60.46.188.164 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 34 of 36 64ccb555e0
NEW none[none] none:none
none|none none none

T:10:28:00 WinXP 122.133.183.138 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 21 of 36 3e613f57c0
NEW none[none] none:none
none|none none none

T:10:29:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. n/a 135 pcap raw alerts
ruleset other
298 lines Yeah : 1.3
profile none summary
tarball 32 of 33 fe22b8315f
[Firefox: 4 hits: 06-19 to 06-30] none[4] none:none
StarForce| none trace

T:10:34:00 WinXP 122.131.133.23 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:10:49:00 Win2K-f 118.6.124.69 (-):
. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
:w3bs.chat-shqip.org
HK:210.245.211.11:65520
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 20 of 33 d284c3c3f6
[Firefox: 2 hits: 06-30 to 08-02] none[none] none:none
none|none none none

10:54:00 WinXP 213.148.250.148 (CONCEPTS.NL):
CONCEPTS-CUST-FTTH-ROTTERDAM,
ROTTERDAM, ZUID-HOLLAND, NL. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 24 of 36 d829d59784
NEW none[none] none:none
none|none none none

T:10:57:00 WinXP 61.155.20.168 (-):
SUZHOU-DATONG-TECHNOLOGY-CORP,
SUZHOU, JIANGSU, CN. (100Mbps) n/a 135 pcap raw alerts
ruleset other
55 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:91 hits: 06-17 to 08-02] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

11:04:00 Win2K-f 118.15.2.214 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:12:00 WinXP 203.76.177.154 (EXATT.NET):
INTERNET SERVICE PROVIDER,
PUNE, MAHARASHTRA, IN. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:11:15:00 Win2K-f 89.178.96.39 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:17:00 Win2K-f 61.222.236.159 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
57ce4acac2
[Firefox:91 hits: 06-17 to 08-02] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:17:00 WinXP 4.249.231.58 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CROZET, VIRGINIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:512 hits: 12-31 to 08-02] 048df78048 [0] ASM:Graph
none|none lines=61 trace

11:19:00 WinXP 221.189.34.223 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 16 of 33 c6f8fb9835
[Firefox: 2 hits: 06-28 to 06-30] none[none] none:none
none|none none none

T:11:20:00 Win2K-f 217.202.52.204 (-):
TELECOM ITALIA MOBILE,
IT. 94.36.65.59:13001 HK:proxim.ircgalaxy.pl
:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.8
profile none summary
tarball 20 of 36 3612ee7e34
NEW none[none] none:none
none|none none none

11:23:00 Win2K-f 207.144.75.217 (INFOAVE.NET):
INFO AVENUE INTERNET SERVICES LLC,
MYRTLE BEACH, SOUTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:23:00 WinXP 122.21.1.26 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:256 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:11:24:00 Win2K-f 123.220.220.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:11:29:00 Win2K-f 75.50.54.88 (SBCGLOBAL.NET):
PPPOX POOL - RBACK4.SPFDMO,
SPRINGFIELD, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:30:00 WinXP 170.51.90.32 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:30:00 Win2K-f 123.220.199.235 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 779f46c6f0
NEW none[none] none:none
none|none none none

T:11:40:00 WinXP 96.10.195.237 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36
0 of 33 95a1e56583
NEW
b39357c344
NEW
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:11:43:00 WinXP 122.18.253.51 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 94.36.65.59:13001 :chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:43:00 Win2K-f 88.134.53.10 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 94.36.65.59:12351 :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:47:00 Win2K-f 200.40.36.153 (ADINET.COM.UY):
ACCESOS ADINET,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:12:04:00 Win2K-f 81.181.34.138 (AIRBOY.RO):
SC IZA-NET SRL,
BUCHAREST, BUCURESTI, RO. n/a HK:proxim.ircgalaxy.pl
:chat-shqip.org
:w3bs.chat-shqip.org
HK:210.245.211.11:80
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 21 of 36 fa749b103b
NEW none[none] none:none
none|none none none

T:12:09:00 WinXP 86.105.222.154 (AIRBITES.RO):
SC ISP TOPALL SRL,
RO. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 35 451f1974e7
NEW none[none] none:none
none|none none none

12:12:00 Win2K-f 86.155.166.53 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

12:13:00 Win2K-f 122.16.39.138 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 33 a793802e3c
[Firefox: 4 hits: 06-28 to 08-02] none[none] none:none
none|none none none

12:26:00 WinXP 118.0.133.222 (-):
. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 12 of 32 91653172e0
NEW none[none] none:none
none|none none none

T:12:30:00 WinXP 122.21.1.26 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

12:35:00 Win2K-f 4.162.252.189 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HALLSVILLE, TEXAS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
236 lines Yeah : 1.3
profile none summary
tarball 32 of 36 4fcad30511
NEW none[none] none:none
none|none none none

13:02:00 Win2K-f 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:09:00 Win2K-f 118.236.106.223 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:242 hits: 06-27 to 08-02] none[none] none:none
none|none none none

13:09:00 Win2K-f 123.220.220.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a :chat-shqip.org
:w3bs.chat-shqip.org
94.36.65.59:12351
94.36.65.59:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:222 hits: 06-27 to 08-02] none[none] none:none
none|none none none

T:13:18:00 Win2K-f 116.127.81.151 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

13:18:00 WinXP 24.80.120.144 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
231 lines Yeah : 1.3
profile none summary
tarball 31 of 36 47dc3d8ccf
NEW none[none] none:none
none|none none none

T:13:30:00 WinXP 70.71.27.202 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NEW WESTMINSTER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:41:00 WinXP 170.51.199.139 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:43:00 WinXP 69.123.135.76 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
SPRING VALLEY, NEW YORK, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:wr.mcboo.com
IL:bfb88.a1001186.wrs.mcboo.com
US:208.111.173.53:80
DE:85.114.143.2:80 135 pcap raw alerts
ruleset irc
http
145 lines Yeah : 1.8
profile none summary
tarball 32 of 34
19 of 35
15 of 36
17 of 35
30 of 34
0 of 33 2c9c851322
NEW
37f41fd8ab
[Firefox:37 hits: 07-24 to 08-02]
4f8c3add37
NEW
5ab0a45f63
[Firefox:41 hits: 07-24 to 08-02]
bd37db5990
NEW
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[none]
none [none]
none [none]
none [none]
none [none]
e07c29c4ae[1] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
FSG| none
none
none
none
none
lines=92 none
none
none
none
none
trace

T:13:58:00 Win2K-f 4.240.213.228 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ANGEL FIRE, NEW MEXICO, US. (DIAL) 84.244.6.253:2345 66.29.31.3:80 US:qtas.net
SE:dzuc.net
NL:acidisa.com 445 pcap raw alerts
ruleset http
irc
70 lines Yeah : 1.3
profile none summary
tarball 5 of 36
12 of 36 2886ee78a1
NEW
aea11319ab
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:03:00 Win2K-f 24.66.120.60 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:14:00 WinXP 200.100.227.178 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:20:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:20:00 WinXP 80.63.230.19 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 33 bce12aa21f
[Firefox:27 hits: 05-12 to 07-17] none[4] none:none
PolyEnE| none trace

14:22:00 Win2K-f 92.11.216.19 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
US:wr.mcboo.com
IL:bfb88.a1001186.wrs.mcboo.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset irc
http
256 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35
30 of 32
none 37f41fd8ab
[Firefox:37 hits: 07-24 to 08-02]
5ab0a45f63
[Firefox:41 hits: 07-24 to 08-02]
7452c8448d
[Firefox: 8 hits: 06-17 to 08-01]
fd9b49840f
[Firefox: 6 hits: 06-23 to 07-23] none[none]
none [none]
none [4]
fd9b49840f[1] none:none
none:none
none:none
ASM:Graph
none|none
none|none
PolyEnE|
Armadillo| none
none
none
lines=81 none
none
trace
trace

T:14:25:00 WinXP 24.82.158.33 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PORTAGE, MANITOBA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:206.33.43.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:11 hits: 06-20 to 07-29]
e5c7bce70e
[Firefox:11 hits: 06-20 to 07-29] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:35:00 Win2K-f 75.51.249.145 (-):
HASSAN MAHFOOD,
PLANO, TEXAS, US. (100Mbps) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:40:00 WinXP 200.100.149.117 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
NEW none[none] none:none
none|none none none

14:53:00 WinXP 70.183.235.134 (COX.NET):
COX COMMUNICATIONS,
PENSACOLA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

15:08:00 WinXP 91.78.178.242 (MTU.RU):
MTU,
RU. n/a 445 pcap raw alerts
ruleset shell
shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 36 of 36 cc159acda3
NEW none[none] none:none
none|none none none

15:19:00 Win2K-f 63.17.182.20 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:26:00 WinXP 91.150.84.225 (KRSTARICA.NET):
KRSTARICA-NET,
CS. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1467 hits: 12-31 to 08-02] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:30:00 Win2K-f 24.31.224.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
258 lines Yeah : 1.3
profile none summary
tarball 32 of 36 2bc347d52d
NEW none[none] none:none
none|none none none

T:15:52:00 WinXP 190.30.146.65 (NET.AR):
APOLO -GOLD-TELECOM-PER,
BUENOS AIRES, BUENOS AIRES, AR. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 8178c88f5e
[Firefox:14 hits: 07-08 to 07-22] none[none] none:none
none|none none none

T:15:55:00 WinXP 201.69.123.48 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
NEW none[none] none:none
none|none none none

15:58:00 WinXP 4.255.202.18 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
YUKON, OKLAHOMA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:04:00 WinXP 76.90.206.249 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 55fe9d9ade
[Firefox:55 hits: 05-03 to 07-28] 4bce6c4887 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:16:10:00 WinXP 4.253.133.186 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:508 hits: 05-04 to 08-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

16:24:00 WinXP 24.211.196.240 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02]
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:16:27:00 WinXP 24.27.122.88 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 9716d7995a
[Firefox: 2 hits: 07-26 to 07-26] none[none] none:none
none|none none none

16:36:00 Win2K-f 72.251.35.45 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
NEW KENSINGTON, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
147 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

16:52:00 WinXP 170.51.210.90 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 22 of 36 f56d1553c6
NEW none[none] none:none
none|none none none

T:17:13:00 Win2K-f 172.129.179.27 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:17:33:00 WinXP 70.70.221.54 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.201.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:39:00 WinXP 76.226.96.162 (SBCGLOBAL.NET):
PPPOX SE3.SFLDMI,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02]
e07c29c4ae
[Firefox:150 hits: 06-19 to 08-02] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:17:47:00 Win2K-f 71.51.117.176 (EMBARQHSD.NET):
EMBARQ CORPORATION,
WINTER PARK, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

17:47:00 WinXP 4.244.214.245 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, MISSOURI, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

17:58:00 WinXP 76.10.28.74 (PAVLOVMEDIA.COM):
VILLAGE AT CHANDLER CROSSING,
EAST LANSING, MICHIGAN, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3300 hits: 12-31 to 08-02] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

18:06:00 WinXP 118.108.89.178 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:769 hits: 07-11 to 08-02] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

18:26:00 WinXP 4.154.54.213 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WEAVERVILLE, NORTH CAROLINA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80 135 pcap raw alerts
ruleset http
173 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:28:00 WinXP 60.40.112.2 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

18:35:00 WinXP 201.32.181.118 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:18:37:00 WinXP 201.32.181.118 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
SE:viking.dal.net
SE:ozbytes.dal.net
SE:vancouver.dal.net
US:lia.zanet.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 35 a016783b32
NEW none[none] none:none
none|none none none

T:18:37:00 Win2K-f 63.20.124.51 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
164 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:38:00 WinXP 70.182.92.124 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:40:00 WinXP 220.147.143.140 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:18:57:00 WinXP 97.93.77.213 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:59:00 WinXP 172.190.104.96 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
159 lines Yeah : 1.3
profile none summary
tarball 29 of 34 8dfb3b619f
[Firefox: 4 hits: 07-22 to 08-02] none[none] none:none
none|none none none

19:04:00 Win2K-f 61.222.2.212 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
57ce4acac2
[Firefox:91 hits: 06-17 to 08-02] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:06:00 Win2K-f 71.104.26.100 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
POMONA, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:06:00 WinXP 66.19.187.33 (USLEC.NET):
USLEC CORP,
MIAMI, FLORIDA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 24 of 36 712fc4df04
NEW none[none] none:none
none|none none none

T:19:24:00 WinXP 219.91.86.38 (APOL.COM.TW):
ASIA PACIFIC ON-LINE SERVICES INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

19:49:00 WinXP 216.126.173.169 (USLEC.NET):
USLEC CORP,
KNOXVILLE, TENNESSEE, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 445 pcap raw alerts
ruleset http
http
http
11 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1149 hits: 05-01 to 08-02] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:19:54:00 WinXP 70.131.64.174 (SBCGLOBAL.NET):
PPPOX POOL - RBACK2 EMHRIL,
LIBERTYVILLE, ILLINOIS, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:769 hits: 07-11 to 08-02] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

20:03:00 Win2K-f 4.254.226.29 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CALDWELL, IDAHO, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:13:00 WinXP 65.6.227.6 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
PLAINFIELD, INDIANA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:508 hits: 05-04 to 08-02] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

20:18:00 WinXP 208.105.186.90 (-):
. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:20:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:30:00 Win2K-f 12.198.30.48 (-):
JOYCE MEDIA INC,
ACTON, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:35:00 Win2K-f 61.250.198.91 (KRLINE.NET):
KRNIC,
KR. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:36:00 WinXP 4.231.236.109 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SUNNYSIDE, NEW YORK, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:238 hits: 09-28 to 08-02] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

20:52:00 WinXP 68.149.249.8 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 5ba106150e
[Firefox: 2 hits: 07-08 to 07-17]
801e729de2
[Firefox: 2 hits: 07-08 to 07-17] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

20:56:00 Win2K-f 75.85.112.104 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PLACENTIA, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:206.33.45.125:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:58:00 WinXP 76.94.78.53 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1467 hits: 12-31 to 08-02] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:21:23:00 Win2K-f 130.13.106.19 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 d5a7eb7c3b
[Firefox: 2 hits: 08-01 to 08-02] none[none] none:none
none|none none none

21:23:00 Win2K-f 130.13.106.19 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 87.119.200.214:6667 HK:proxim.ircgalaxy.pl
CH:irc.albcrew.rr.nu
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
lanman
shell
shell
shell
irc
335 lines Yeah : 1.3
profile none summary
tarball 33 of 35 8e6c290df4
NEW none[none] none:none
none|none none none

21:29:00 Win2K-f 119.94.25.253 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset http
133 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33 16874933ea
[Firefox:25 hits: 06-18 to 07-29]
76ee340669
[Firefox:25 hits: 06-18 to 07-29] 16874933ea [1]
none [4] ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

T:21:31:00 WinXP 87.250.42.72 (BVCOM.NET):
BROADBAND CLIENTS,
CS. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:67 hits: 05-22 to 08-02] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:21:37:00 Win2K-f 210.117.91.22 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
209 lines Yeah : 1.3
profile none summary
tarball 34 of 36
31 of 36 4fd2470644
NEW
5e23f51b86
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:46:00 WinXP 61.224.88.228 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:12 hits: 07-13 to 08-02] none[none] none:none
none|none none none

T:21:50:00 Win2K-f 66.63.81.104 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.126:80
US:205.128.79.125:80
US:206.33.43.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:02:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
a08f3b74a4
[Firefox:363 hits: 06-18 to 08-02] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:07:00 Win2K-f 58.120.140.76 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:07:00 Win2K-f 64.139.104.242 (RCABLETV.COM):
NCI DATA.COM INC,
REPUBLIC, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:11:00 Win2K-f 24.30.174.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORANGE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.79.124:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1083 hits: 06-17 to 08-02]
73f1082158
[Firefox:540 hits: 06-18 to 08-02] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:41:00 Win2K-f 123.213.156.207 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:206.33.43.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33
0 of 32 168aab35a3
[Firefox:79 hits: 06-17 to 08-02]
4c3df24b32
[Firefox:124 hits: 06-17 to 08-02]
b5919931fe
[Firefox:211 hits: 06-20 to 08-02] none[4]
4c3df24b32[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:47:00 WinXP 124.111.5.151 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
[Firefox:11 hits: 06-21 to 08-02]
58c343a8d8
[Firefox:12 hits: 06-21 to 08-02] none[4]
58c343a8d8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:22:49:00 WinXP 67.10.172.15 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1149 hits: 05-01 to 08-02] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

22:55:00 WinXP 70.67.179.250 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
DUNCAN, BRITISH COLUMBIA, CA. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b51fc4f2e1
NEW none[none] none:none
none|none none none

T:23:07:00 WinXP 123.226.90.105 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 e1ffcf9fb1
NEW none[none] none:none
none|none none none

23:25:00 WinXP 117.96.4.146 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 ed67210b9b
[Firefox: 3 hits: 07-25 to 07-27] none[none] none:none
none|none none none

T:23:25:00 WinXP 117.96.4.146 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 ed67210b9b
[Firefox: 3 hits: 07-25 to 07-27] none[none] none:none
none|none none none

23:42:00 WinXP 122.2.32.103 (PLDT.NET):
JNEC7300I03_CONSUMER,
CEBU, CEBU CITY, PH. n/a 135 pcap raw alerts
ruleset other
184 lines Yeah : 1.3
profile none summary
tarball 31 of 33 954a98c971
[Firefox: 5 hits: 06-09 to 07-23] none[4] none:none
FSG| none trace

23:54:00 Win2K-f 125.180.175.143 (-):
POWC-061,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:206.33.43.126:80
US:207.123.37.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 33 of 35
32 of 33 1d569ef2a7
NEW
58408136a4
[Firefox: 7 hits: 06-28 to 07-27] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none