Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

09 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:07:00 WinXP 116.127.164.194 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
103 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33
0 of 33 776985f561
[Firefox: 3 hits: 06-24 to 08-07]
8ec6129efe
[Firefox: 3 hits: 06-24 to 08-07]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] 776985f561 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=82
none
lines=92 trace
trace
trace

00:30:00 Win2K-f 116.127.232.15 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:207.123.42.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 06f27eb5cb
[Firefox: 6 hits: 07-02 to 08-06]
d27dfd506b
[Firefox: 6 hits: 07-02 to 08-06] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

00:30:00 Win2K-f 85.72.147.227 (OTENET.GR):
MULTIPROTOCOL SERVICE PROVIDER TO OTHER ISP'S AND END USERS,
AACHEN, NORDRHEIN-WESTFALEN, DE. (DSL) 85.214.127.219:59999 DE:skathari.oligarxia.com
DE:85.214.127.219:59999 445 pcap raw alerts
ruleset shell
ftp
irc
25 lines Yeah : 1.8
profile none summary
tarball 22 of 35 557c0e2562
[Firefox: 3 hits: 07-24 to 07-30] none[none] none:none
none|none none none

00:53:00 WinXP 124.241.139.170 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
57ce4acac2
[Firefox:101 hits: 06-17 to 08-08] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:59:00 WinXP 117.99.43.38 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:16 hits: 07-13 to 08-08] none[none] none:none
none|none none none

T:01:04:00 Win2K-f 211.21.186.122 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 67.43.236.99:1863 CA:xx.enterhere.biz
CA:alwayssam.com
CA:zonetech.info
US:130.107.242.5:52021 135 pcap raw alerts
ruleset irc
http
377 lines Yeah : 1.8
profile none summary
tarball 14 of 36
31 of 33
14 of 36
15 of 36
14 of 36 11768b975d
[Firefox: 3 hits: 08-06 to 08-07]
98cd9b1699
[Firefox: 2 hits: 07-17 to 08-06]
9b09258622
[Firefox: 5 hits: 08-05 to 08-07]
b6e55274d0
[Firefox: 4 hits: 08-05 to 08-07]
cd0d825f7a
[Firefox: 4 hits: 08-05 to 08-07] none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

T:01:38:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.201.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
57ce4acac2
[Firefox:101 hits: 06-17 to 08-08] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:02:00 WinXP 70.166.111.207 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:08:00 WinXP 85.181.243.17 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 8178c88f5e
[Firefox:15 hits: 07-08 to 08-04] none[none] none:none
none|none none none

02:38:00 Win2K-f 216.198.162.113 (MCLOUDTELECO.COM):
INTELLEQ COMMUNICATIONS CORPORATION,
NEWALLA, OKLAHOMA, US. (DSL) 72.10.172.218:2938 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
CA:japan.youngpeyatech.info
CA:fuck.urpal43sourpalhuh.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
CA:teek.ihshsd8.com
IL:194.90.224.86:80
HK:210.245.211.11:65520
CA:72.10.172.218:2938
CA:72.10.172.218:9928 135 pcap raw alerts
ruleset irc
http
772 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
35 of 36
20 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
7a1bcbbe62
[Firefox: 2 hits: 08-06 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:02:39:00 Win2K-f 71.74.226.112 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset other
115 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:39:00 WinXP 217.99.101.62 (TPNET.PL):
TPSA,
PL. (DIAL) n/a DE:siliconfireware.ru
:wpad
RU:www.bbin.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:446 hits: 01-01 to 08-08] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

02:40:00 Win2K-f 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:41:00 Win2K-f 118.83.135.141 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 33 627731ae2b
NEW
9db7aea9c0
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:53:00 Win2K-f 222.1.34.151 (DION.NE.JP):
DION (KDDI CORPORATION),
JP. (DIAL) 210.245.211.11:65520 72.10.172.218:2938 HK:proxima.ircgalaxy.pl
CA:japan.youngpeyatech.info
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

03:05:00 Win2K-f 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:12:00 Win2K-f 208.127.8.130 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 72.10.172.218:7763 :preek.oihduhdd.net
CA:fuck.urpal43sourpalhuh.com
CA:done.blacktiehsbdcs.com
CA:72.10.172.218:7763 135 pcap raw alerts
ruleset irc
221 lines Yeah : 1.8
profile none summary
tarball 26 of 32 5aeb9abc92
[Firefox: 7 hits: 07-15 to 08-07] none[none] none:none
none|none none none

03:12:00 WinXP 210.79.162.227 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 28 of 31 cc545e1c99
[Firefox: 2 hits: 05-30 to 07-14] 97a4355156 [0] ASM:Graph
none|none lines=90 trace

T:03:18:00 WinXP 172.136.11.231 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 3373948767
[Firefox:15 hits: 07-03 to 08-06]
c73f738c30
[Firefox:15 hits: 07-03 to 08-06]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

03:37:00 Win2K-f 118.105.163.79 (-):
. n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox: 9 hits: 06-28 to 08-04] none[none] none:none
none|none none none

T:03:56:00 WinXP 62.11.118.250 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a EU:siliconfireware.ru
US:searchportal.information.com
:wpad
:www.proxy-socks.net
CA:www.bmo.com
DE:212.227.111.29:80 445 pcap raw alerts
ruleset http
http
http
9 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:203 hits: 01-01 to 08-08] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:03:57:00 WinXP 92.40.112.244 (IKBCC.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
irc
54 lines Yeah : 0.8
profile none summary
tarball 34 of 36 dfb7497792
NEW none[none] none:none
none|none none none

04:10:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

04:13:00 WinXP 125.215.73.189 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:chat-shqip.org
IL:wr.mcboo.com
IL:dl.mcboo.com
US:b155.mcboo.com
IL:194.90.224.86:80 445 pcap raw alerts
ruleset ftp
irc
http
201 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35
20 of 36
35 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
bfdd1696a0
[Firefox: 2 hits: 08-02 to 08-05] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

04:14:00 Win2K-f 85.240.180.181 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
LEIRIA, LEIRIA, PT. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

04:18:00 WinXP 121.87.88.87 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 23 of 33 cf153403d1
[Firefox: 5 hits: 06-28 to 08-04] none[none] none:none
none|none none none

04:23:00 Win2K-f 125.215.105.100 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:04:35:00 WinXP 170.51.115.68 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:04:36:00 WinXP 117.99.25.8 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:416 hits: 12-31 to 08-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

04:41:00 WinXP 24.87.45.96 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:04:44:00 Win2K-f 79.69.80.247 (AS9105.COM):
TELINCO,
UK. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

04:49:00 Win2K-f 65.86.238.166 (DSL.NET):
DSL.NET INC,
BROOKLYN, NEW YORK, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 31 of 35
34 of 36 421ecabb8c
[Firefox: 2 hits: 07-24 to 08-02]
b52a9a3bf8
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:58:00 Win2K-f 118.105.163.79 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox: 9 hits: 06-28 to 08-04] none[none] none:none
none|none none none

T:05:03:00 WinXP 119.11.100.85 (-):
. n/a 445 pcap raw alerts
ruleset ftp
43 lines Yeah : 1.3
profile none summary
tarball 14 of 36 58354c705a
NEW none[none] none:none
none|none none none

T:05:05:00 WinXP 125.192.220.98 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:464 hits: 01-01 to 08-07] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

05:06:00 WinXP 82.4.211.105 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
LUTON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:249 hits: 01-05 to 08-08] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:05:18:00 WinXP 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

05:40:00 WinXP 24.82.125.111 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bb9f8df641
NEW none[none] none:none
none|none none none

05:50:00 Win2K-f 121.87.56.230 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 36 bf5d12566c
NEW none[none] none:none
none|none none none

05:53:00 Win2K-f 119.11.100.85 (-):
. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 15 of 36 a7b3286305
NEW none[none] none:none
none|none none none

T:05:53:00 Win2K-f 170.51.143.55 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

06:08:00 Win2K-f 78.149.143.3 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

06:13:00 Win2K-f 217.238.216.120 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KLEVE, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 32 of 35 cb06355b00
NEW none[none] none:none
none|none none none

06:16:00 Win2K-f 59.146.47.85 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:06:24:00 Win2K-f 210.246.73.66 (-):
SAMART INFONET CO. LTD. INTERNET SERVICE PROVIDER THAILAND,
BANGKOK, KRUNG THEP MAHANAKHON, TH. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
128 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:06:26:00 WinXP 58.91.17.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 22 of 35 41ec9d69c8
NEW none[none] none:none
none|none none none

T:06:38:00 Win2K-f 123.225.201.59 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:06:40:00 WinXP 81.131.37.249 (BTOPENWORLD.COM):
BT-WEBPORT,
LONDON, ENGLAND, UK. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:301 hits: 12-31 to 08-08] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:51:00 WinXP 59.146.47.85 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

06:56:00 WinXP 124.86.69.71 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7097bbda4d
NEW none[none] none:none
none|none none none

07:06:00 Win2K-f 125.215.98.173 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
[Firefox: 2 hits: 08-02 to 08-05] none[none] none:none
none|none none none

T:07:11:00 Win2K-f 130.13.201.128 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 206.117.237.200:6667 US:irc.qifort.rr.nu 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
[Firefox: 8 hits: 08-02 to 08-06] none[none] none:none
none|none none none

07:11:00 Win2K-f 130.13.201.128 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 23 of 36 3de9abec19
[Firefox: 8 hits: 08-02 to 08-06] none[none] none:none
none|none none none

T:07:18:00 WinXP 4.173.86.23 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.201.126:80
US:199.93.44.124:80 135 pcap raw alerts
ruleset other
127 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:07:19:00 Win2K-f 60.254.224.5 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

07:20:00 WinXP 117.99.20.211 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
SE:qis.md.us.dal.net
:flanders.be.eu.undernet.org
HR:london.uk.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 36 of 36 9b9e5dcb18
NEW none[none] none:none
none|none none none

T:07:39:00 Win2K-f 211.244.26.201 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
136 lines Yeah : 1.3
profile none summary
tarball 30 of 33
0 of 32
31 of 33 87bd0a062f
[Firefox: 6 hits: 06-29 to 07-28]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08]
c7d6018f97
[Firefox: 6 hits: 06-29 to 07-28] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

07:42:00 WinXP 220.108.16.131 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:249 hits: 01-05 to 08-08] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:07:55:00 WinXP 86.96.64.99 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 790dcb2cfc
NEW none[none] none:none
none|none none none

07:57:00 WinXP 81.40.12.66 (RIMA-TDE.NET):
TELEFONICA DE ESPANA SAU,
MADRID, MADRID, ES. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9b0bcbbfc8
NEW none[none] none:none
none|none none none

08:01:00 Win2K-f 83.88.103.248 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
ODENSE, FYN, DK. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 18 of 36 9abb4fa28e
NEW none[none] none:none
none|none none none

T:08:02:00 Win2K-f 221.184.83.243 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:08:15:00 WinXP 121.87.56.230 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 32 of 36 bf5d12566c
NEW none[none] none:none
none|none none none

08:23:00 Win2K-f 125.198.72.125 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 23 of 36 b5a2d54399
NEW none[none] none:none
none|none none none

T:08:23:00 WinXP 60.236.192.221 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:464 hits: 01-01 to 08-07] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

08:24:00 WinXP 4.234.18.191 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MIAMI, FLORIDA, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:122 hits: 01-01 to 08-08] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:08:24:00 WinXP 119.72.49.153 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 36 eed6a50223
[Firefox: 2 hits: 08-04 to 08-06] none[none] none:none
none|none none none

T:08:24:00 WinXP 4.234.18.191 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MIAMI, FLORIDA, US. (DIAL) n/a UA:citi-bank.ru
DE:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:122 hits: 01-01 to 08-08] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

08:40:00 WinXP 65.68.44.225 (SWBELL.NET):
AT&T INTERNET SERVICES,
KANSAS CITY, MISSOURI, US. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
116 lines Yeah : 1.3
profile none summary
tarball 32 of 33
28 of 32 3f0a5b2ebe
[Firefox: 9 hits: 06-18 to 08-06]
c6bfb5f0f2
[Firefox: 9 hits: 06-18 to 08-06] none[4]
c6bfb5f0f2[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

T:08:44:00 Win2K-f 66.217.138.70 (USLEC.NET):
USLEC CORP,
MARYLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80 135 pcap raw alerts
ruleset http
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

08:45:00 Win2K-f 62.235.219.198 (DSL.SCARLET.BE):
PI-BELGIUM,
BRUSSELS, BRUSSELS, BE. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

08:48:00 Win2K-f 78.148.78.75 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
34 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:09:03:00 Win2K-f 210.79.181.15 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox: 9 hits: 06-19 to 08-05]
79c01ec060
[Firefox:14 hits: 06-18 to 08-08] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:09:05:00 WinXP 125.197.192.111 (MESH.AD.JP):
NEC CORPORATION,
JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
JP:121.114.156.41:12351
JP:121.114.156.41:13001 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 31 of 33 a666364b88
NEW none[none] none:none
none|none none none

T:09:08:00 Win2K-f 92.20.51.167 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 f4a8c4177e
[Firefox: 5 hits: 06-28 to 07-01] none[none] none:none
none|none none none

T:09:09:00 Win2K-f 96.10.122.204 (-):
. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 36
35 of 36 95a1e56583
[Firefox: 3 hits: 08-02 to 08-06]
b39357c344
[Firefox: 3 hits: 08-02 to 08-06] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

09:20:00 WinXP 24.24.213.219 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTMINSTER, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:206.33.43.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

09:33:00 Win2K-f 88.111.162.188 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

09:39:00 Win2K-f 82.238.119.168 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 21 of 35 e9a93d6777
NEW none[none] none:none
none|none none none

09:40:00 Win2K-f 118.1.136.183 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 779f46c6f0
[Firefox: 2 hits: 08-02 to 08-04] none[none] none:none
none|none none none

09:41:00 Win2K-f 68.146.106.7 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:199.93.53.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 29 of 33
32 of 33
0 of 32 0c1c51204b
[Firefox: 6 hits: 06-18 to 08-06]
3d293743d8
[Firefox: 6 hits: 06-18 to 08-06]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] 0c1c51204b [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
PolyEnE|
ASProtect| lines=82
none
lines=90 trace
trace
trace

09:49:00 Win2K-f 118.240.191.93 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:09:58:00 Win2K-f 122.29.178.92 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

10:00:00 Win2K-f 193.120.116.183 (-):
LEAF IRELAND LTD,
IE. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.173.52:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 0 of 32 b5919931fe
[Firefox:265 hits: 06-20 to 08-08] b5919931fe [1] ASM:Graph
ASProtect| lines=90 trace

T:10:01:00 WinXP 122.26.30.196 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 34 of 36 4a7b14e413
NEW none[none] none:none
none|none none none

10:01:00 WinXP 170.51.64.59 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

10:03:00 Win2K-f 4.175.186.73 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUDUBON, NEW JERSEY, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.51:80
US:208.111.173.52:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:06:00 Win2K-f 24.44.234.137 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
NORWALK, CONNECTICUT, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:10:00 WinXP 208.105.101.185 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

10:12:00 WinXP 116.123.203.178 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 27 of 33
31 of 33 1951eee0cd
[Firefox: 2 hits: 06-18 to 07-24]
e5e0dbde57
[Firefox: 2 hits: 06-18 to 07-24] 1951eee0cd [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:10:15:00 WinXP 123.224.177.204 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

10:18:00 Win2K-f 85.243.220.41 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

10:27:00 WinXP 41.214.173.233 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 33 of 33 a483ba8aa1
[Firefox:13 hits: 07-09 to 08-06] none[none] none:none
none|none none none

10:28:00 Win2K-f 122.135.54.116 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:28:00 Win2K-f 84.187.113.138 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
KAMEN, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4db283bb0f
[Firefox: 3 hits: 08-04 to 08-06] none[none] none:none
none|none none none

T:10:29:00 WinXP 41.214.173.233 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 33 of 33 a483ba8aa1
[Firefox:13 hits: 07-09 to 08-06] none[none] none:none
none|none none none

T:10:31:00 WinXP 118.7.97.26 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:10:37:00 WinXP 82.4.211.105 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
LUTON, ENGLAND, UK. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:928 hits: 12-31 to 08-08] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:10:47:00 WinXP 66.14.107.10 (GTE.NET):
GENUITY DSL,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
US:206.33.43.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
64 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
b7082104e4
[Firefox:75 hits: 06-18 to 08-08] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

10:48:00 WinXP 116.123.42.54 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
144 lines Yeah : 1.3
profile none summary
tarball 31 of 33
24 of 33
0 of 33 6e2eaa0359
[Firefox: 3 hits: 07-10 to 07-18]
740e3bffe0
[Firefox: 4 hits: 06-25 to 07-18]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

10:52:00 Win2K-f 124.61.39.49 (-):
POWERCOM,
KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 0 of 33
32 of 33
0 of 32 4c3df24b32
[Firefox:133 hits: 06-17 to 08-08]
58408136a4
[Firefox: 8 hits: 06-28 to 08-04]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] 4c3df24b32 [1]
none [none]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
none|none
ASProtect| lines=81
none
lines=90 trace
none
trace

11:02:00 Win2K-f 78.146.227.185 (-):
OPAL TELECOM DSL,
UK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 32 of 33 3f8d1c3246
[Firefox: 6 hits: 06-28 to 08-02] none[none] none:none
none|none none none

T:11:13:00 Win2K-f 24.210.243.206 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:13:00 WinXP 217.201.215.141 (-):
TELECOM ITALIA MOBILE,
IT. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:928 hits: 12-31 to 08-08] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

11:19:00 WinXP 216.41.138.16 (SEMO.NET):
POPLAR BLUFF INTERNET INC,
DEXTER, MISSOURI, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:158 hits: 01-01 to 08-06] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

11:26:00 WinXP 123.224.177.204 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

11:27:00 Win2K-f 210.207.223.191 (BORA.NET):
BORANET-NET-210-206/,
SEOUL, KYONGGI-DO, KR. (100Mbps) n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.148.43:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36
0 of 32 6e4189aed5
NEW
a2abf80155
NEW
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:11:30:00 Win2K-f 211.215.171.19 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:133 hits: 06-17 to 08-08]
53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:11:34:00 Win2K-f 4.173.86.84 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:45:00 WinXP 122.29.111.224 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 21 of 36 966384fa1b
NEW none[none] none:none
none|none none none

11:48:00 Win2K-f 96.15.63.90 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33
0 of 32 6d86a1ff5a
[Firefox:29 hits: 06-25 to 08-07]
7f6e032fc0
[Firefox:29 hits: 06-25 to 08-07]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

11:51:00 WinXP 130.13.201.128 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 206.117.237.200:6667 US:irc.qifort.rr.nu 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
[Firefox: 8 hits: 08-02 to 08-06] none[none] none:none
none|none none none

T:11:52:00 Win2K-f 130.13.201.128 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 206.117.237.200:6667 US:irc.qifort.rr.nu 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
[Firefox: 8 hits: 08-02 to 08-06] none[none] none:none
none|none none none

11:53:00 WinXP 91.67.24.27 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 32 of 33 399a88233f
[Firefox: 6 hits: 06-28 to 08-04] none[none] none:none
none|none none none

12:05:00 WinXP 208.102.239.94 (FUSE.NET):
FUSE INTERNET ACCESS,
CINCINNATI, OHIO, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 ea096a2bdf
[Firefox:12 hits: 07-12 to 07-27] none[none] none:none
none|none none none

12:13:00 Win2K-f 91.65.197.65 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 19 of 36 7c489c6d80
NEW none[none] none:none
none|none none none

12:19:00 Win2K-f 122.29.178.92 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset other
15 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:31:00 Win2K-f 85.177.38.179 (ALICEDSL.DE):
HANSENET-ADSL,
DE. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

12:32:00 WinXP 117.99.18.62 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:416 hits: 12-31 to 08-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:12:33:00 Win2K-f 88.134.126.145 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:12:33:00 WinXP 117.99.18.62 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:416 hits: 12-31 to 08-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:39:00 WinXP 67.9.97.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
:www.proxy-socks.net
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:446 hits: 01-01 to 08-08] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

12:44:00 Win2K-f 122.26.30.196 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4a7b14e413
NEW none[none] none:none
none|none none none

12:54:00 WinXP 71.14.32.228 (CHARTER.COM):
CHARTER COMMUNICATIONS,
LAGRANGE, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.42.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
317 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33 378a4bac36
[Firefox: 5 hits: 07-01 to 08-08]
d11b4c2e19
[Firefox: 5 hits: 07-01 to 08-08] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:12:54:00 WinXP 71.14.32.228 (CHARTER.COM):
CHARTER COMMUNICATIONS,
LAGRANGE, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
317 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 378a4bac36
[Firefox: 5 hits: 07-01 to 08-08]
d11b4c2e19
[Firefox: 5 hits: 07-01 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

12:58:00 Win2K-f 78.148.114.73 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

12:59:00 WinXP 88.134.57.73 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

13:13:00 Win2K-f 58.157.253.215 (UCOM.NE.JP):
G-HK0001N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

13:14:00 WinXP 24.31.224.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
261 lines Yeah : 1.3
profile none summary
tarball 32 of 36 2bc347d52d
NEW none[none] none:none
none|none none none

T:13:14:00 WinXP 4.228.21.37 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:33:00 WinXP 170.51.105.63 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 1b2ce111f8
NEW none[none] none:none
none|none none none

T:13:41:00 WinXP 91.65.62.208 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bfec7d0b0b
[Firefox: 4 hits: 08-06 to 08-08] none[none] none:none
none|none none none

13:42:00 Win2K-f 70.183.165.30 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:53:00 WinXP 83.97.250.168 (CM-83-97-244-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
NEW none[none] none:none
none|none none none

T:13:59:00 WinXP 151.82.9.97 (38-151.NET24.IT):
IUNET-BNET,
IT. 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 14 of 32 90aa68c64b
NEW none[4] none:none
Armadillo| none trace

14:03:00 WinXP 121.84.247.226 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:77 hits: 01-08 to 08-08] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

14:07:00 Win2K-f 75.179.35.8 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08]
b7082104e4
[Firefox:75 hits: 06-18 to 08-08] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

14:12:00 Win2K-f 60.236.148.64 (MESH.AD.JP):
NEC CORPORATION,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

14:18:00 WinXP 83.213.237.191 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
VITORIA, PAIS VASCO, ES. n/a UA:citi-bank.ru
US:adult-empire.com 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 ea096a2bdf
[Firefox:12 hits: 07-12 to 07-27] none[none] none:none
none|none none none

T:14:18:00 WinXP 83.213.237.191 (CLIENTES.EUSKALTEL.ES):
GLOBAL TELECOMMUNICATION SERVICE PROVIDER,
VITORIA, PAIS VASCO, ES. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 32 ea096a2bdf
[Firefox:12 hits: 07-12 to 07-27] none[none] none:none
none|none none none

14:43:00 WinXP 130.13.51.204 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:301 hits: 12-31 to 08-08] 048df78048 [0] ASM:Graph
none|none lines=61 trace

14:44:00 WinXP 122.29.111.224 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:47:00 WinXP 190.225.93.195 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:416 hits: 12-31 to 08-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:14:48:00 Win2K-f 218.119.176.169 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:50:00 WinXP 67.11.55.69 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 eca9a5fa95
NEW none[none] none:none
none|none none none

T:15:00:00 WinXP 221.191.249.37 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 30 of 33 dd1195e952
[Firefox: 6 hits: 06-28 to 08-07] none[none] none:none
none|none none none

15:07:00 WinXP 125.198.118.41 (MESH.AD.JP):
NEC CORPORATION,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 30 of 33 da7aac0dc4
[Firefox: 9 hits: 06-27 to 08-04] none[none] none:none
none|none none none

15:12:00 Win2K-f 218.223.211.227 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

15:14:00 Win2K-f 170.51.194.90 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:15:29:00 Win2K-f 24.66.51.159 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:206.33.43.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 31 of 32
23 of 33 bca9e0fb5f
[Firefox:17 hits: 06-18 to 08-05]
e53a9ea82e
[Firefox:17 hits: 06-18 to 08-05] none[4]
e53a9ea82e[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

T:15:29:00 WinXP 41.214.168.86 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 25d78144c5
[Firefox: 5 hits: 08-01 to 08-08] none[none] none:none
none|none none none

15:34:00 Win2K-f 70.183.235.134 (COX.NET):
COX COMMUNICATIONS,
PENSACOLA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:35:00 WinXP 88.134.57.73 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

15:47:00 Win2K-f 118.105.153.235 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox: 9 hits: 06-28 to 08-04] none[none] none:none
none|none none none

15:47:00 WinXP 217.76.148.185 (ARSYSTEL.COM):
NET-ARSYS-EURO,
ES. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

15:51:00 Win2K-f 220.104.174.21 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TACHIKAWA, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 30 of 36 005226ccd5
NEW none[none] none:none
none|none none none

T:15:58:00 WinXP 220.104.133.146 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

15:59:00 Win2K-f 170.51.175.44 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:01:00 WinXP 68.119.206.89 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:16:16:00 WinXP 12.78.6.31 (ATT.NET):
AT&T WORLDNET SERVICES,
MIAMI, FLORIDA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 25 of 32 8ad3105462
[Firefox: 3 hits: 01-10 to 03-08] none[4] none:none
none|none none trace

16:23:00 WinXP 123.225.42.146 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

16:28:00 WinXP 118.109.47.132 (-):
. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:31:00 Win2K-f 123.220.121.245 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 c1f444637f
[Firefox: 2 hits: 06-30 to 08-04] none[none] none:none
none|none none none

T:16:36:00 WinXP 4.176.247.204 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TUCSON, ARIZONA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:37:00 Win2K-f 4.176.247.204 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TUCSON, ARIZONA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

17:07:00 WinXP 117.99.53.232 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:416 hits: 12-31 to 08-08] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

17:08:00 Win2K-f 24.166.155.151 (RR.COM):
ROAD RUNNER HOLDCO LLC,
APPLETON, WISCONSIN, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:11:00 WinXP 125.181.167.62 (-):
POWC-211,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.201.126:80
US:199.93.44.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 33 of 35
32 of 33 1d569ef2a7
[Firefox: 2 hits: 07-27 to 08-04]
58408136a4
[Firefox: 8 hits: 06-28 to 08-04] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:17:00 WinXP 118.0.187.34 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

17:37:00 WinXP 4.225.138.71 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LAWRENCEBURG, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:17:37:00 WinXP 219.241.199.120 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.42.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:133 hits: 06-17 to 08-08]
53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

17:42:00 WinXP 121.84.108.94 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:77 hits: 01-08 to 08-08] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:17:44:00 Win2K-f 118.7.179.103 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 25 of 36 e66b7f4416
NEW none[none] none:none
none|none none none

17:49:00 Win2K-f 71.189.119.92 (-):
LINDA LIU,
ONTARIO, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:17:50:00 Win2K-f 121.2.156.197 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. (DSL) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

17:55:00 WinXP 74.70.217.126 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SCHENECTADY, NEW YORK, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
GB:new.egg.com 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:203 hits: 01-01 to 08-08] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:17:59:00 WinXP 118.8.24.147 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 18 of 36 2d5f987505
NEW none[none] none:none
none|none none none

18:00:00 Win2K-f 220.137.79.112 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7097bbda4d
NEW none[none] none:none
none|none none none

18:06:00 WinXP 61.215.230.223 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
139 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33
0 of 33 88d78cb9b5
NEW
da7db6010c
NEW
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

18:10:00 Win2K-f 86.134.43.219 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset other
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:12:00 Win2K-f 60.250.68.68 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.115:80 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:19:00 WinXP 59.146.39.114 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

18:22:00 WinXP 221.190.96.102 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:464 hits: 01-01 to 08-07] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

18:23:00 Win2K-f 122.17.9.58 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 6b53bfa7d4
NEW none[none] none:none
none|none none none

18:23:00 WinXP 122.52.75.194 (PLDT.NET):
IPG,
PH. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:199.93.41.126:80
US:205.128.66.124:80
US:207.123.37.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33 16874933ea
[Firefox:28 hits: 06-18 to 08-07]
76ee340669
[Firefox:28 hits: 06-18 to 08-07] 16874933ea [1]
none [4] ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

T:18:26:00 Win2K-f 123.217.90.83 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

18:27:00 Win2K-f 99.181.179.231 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:29:00 WinXP 122.146.83.91 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.126:80
US:207.123.42.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:31:00 WinXP 67.9.97.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN ANTONIO, TEXAS, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
GB:new.egg.com 445 pcap raw alerts
ruleset http
http
http
http
34 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:446 hits: 01-01 to 08-08] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

18:38:00 Win2K-f 125.102.14.156 (UCOM.NE.JP):
IML,
JP. n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 27 of 36 0f33f28158
NEW none[none] none:none
none|none none none

T:18:38:00 WinXP 118.241.77.93 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

18:42:00 WinXP 202.59.116.62 (CHUKAI.NE.JP):
CHUKAI TELEVISION CO .LTD,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:464 hits: 01-01 to 08-07] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:18:44:00 Win2K-f 118.8.75.101 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 29 of 35 681533fefc
NEW none[none] none:none
none|none none none

18:44:00 Win2K-f 122.24.91.87 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e80215f572
NEW none[none] none:none
none|none none none

18:46:00 Win2K-f 122.18.194.70 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:48:00 WinXP 71.119.22.206 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:52:00 Win2K-f 122.130.129.209 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

19:06:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
57ce4acac2
[Firefox:101 hits: 06-17 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:19:23:00 Win2K-f 122.26.192.230 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

19:24:00 Win2K-f 116.123.80.139 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:84 hits: 06-17 to 08-07]
4c3df24b32
[Firefox:133 hits: 06-17 to 08-08] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:30:00 WinXP 220.104.133.146 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 30 of 36 005226ccd5
NEW none[none] none:none
none|none none none

T:19:32:00 WinXP 122.132.254.116 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

19:40:00 WinXP 24.86.92.59 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

19:41:00 Win2K-f 221.127.166.163 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

19:44:00 WinXP 70.45.172.78 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
SAN JUAN, PUERTO RICO, PR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:928 hits: 12-31 to 08-08] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:46:00 Win2K-f 66.88.98.162 (XO.NET):
XO COMMUNICATIONS,
HOLLYWOOD, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
b5919931fe
[Firefox:265 hits: 06-20 to 08-08] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

19:52:00 WinXP 124.86.98.37 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
69 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:19:54:00 WinXP 123.218.174.162 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
77 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:19:54:00 WinXP 222.145.174.246 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
65 lines Yeah : 1.8
profile none summary
tarball 19 of 33 cd9f81717d
NEW none[none] none:none
none|none none none

19:55:00 Win2K-f 63.25.151.34 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a 135 pcap raw alerts
ruleset other
163 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ebdad1dcab
NEW none[none] none:none
none|none none none

19:55:00 Win2K-f 123.254.33.111 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

19:57:00 Win2K-f 118.6.153.175 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

20:00:00 WinXP 122.17.106.48 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
68 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:20:04:00 WinXP 122.24.91.87 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 34 of 36 7710220cac
NEW none[none] none:none
none|none none none

20:05:00 WinXP 123.254.51.124 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

20:06:00 WinXP 74.70.217.126 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SCHENECTADY, NEW YORK, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:15:00 Win2K-f 60.56.70.232 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:21:00 WinXP 122.17.106.48 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

20:24:00 Win2K-f 123.254.8.244 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
[Firefox: 2 hits: 08-02 to 08-05] none[none] none:none
none|none none none

20:35:00 WinXP 221.115.95.86 (UCOM.NE.JP):
G-TK,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:249 hits: 01-05 to 08-08] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

20:42:00 Win2K-f 122.18.193.80 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:20:45:00 WinXP 66.53.82.124 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
126 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

21:01:00 Win2K-f 219.160.240.57 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 972ae8a511
NEW none[none] none:none
none|none none none

21:04:00 WinXP 61.121.40.72 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 210.245.211.11:65520 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
http
164 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
21 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
c256fba6b1
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

21:09:00 WinXP 60.38.200.4 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:249 hits: 01-05 to 08-08] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:21:09:00 Win2K-f 60.254.201.240 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
302 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
34 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
f90c4a048e
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

21:13:00 WinXP 79.13.14.164 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:21:18:00 WinXP 119.95.134.121 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:19:00 Win2K-f 119.95.134.121 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:22:00 WinXP 123.254.5.208 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:21:22:00 Win2K-f 202.67.20.155 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:21:35:00 Win2K-f 122.146.83.91 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:192.221.99.124:80
US:198.78.201.126:80 135 pcap raw alerts
ruleset other
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
73f1082158
[Firefox:629 hits: 06-18 to 08-08] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:39:00 WinXP 170.51.122.102 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

21:40:00 WinXP 96.51.42.208 (-):
. n/a 135 pcap raw alerts
ruleset other
480 lines Yeah : 1.3
profile none summary
tarball 25 of 36
35 of 36 48daaf8dce
NEW
57b907a474
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

21:42:00 WinXP 221.126.126.143 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

T:21:42:00 Win2K-f 222.145.108.155 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
SENDAI, MIYAGI, JP. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
170 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
34 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
e00d7a3df5
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:21:45:00 Win2K-f 123.224.96.169 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:21:45:00 WinXP 204.193.215.102 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
DENVER, COLORADO, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 01af816288
NEW none[none] none:none
none|none none none

T:21:55:00 WinXP 118.105.138.53 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 30 of 33 505238d7ef
[Firefox: 9 hits: 06-28 to 08-04] none[none] none:none
none|none none none

21:57:00 Win2K-f 119.94.166.151 (-):
. 210.245.211.11:65520 US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
US:192.221.110.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset irc
http
596 lines Yeah : 1.8
profile none summary
tarball 19 of 35
31 of 33
17 of 35
20 of 36
28 of 33 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
56a3822608
[Firefox: 3 hits: 07-05 to 08-05]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
a4c433c5d3
[Firefox: 3 hits: 07-05 to 08-05] none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

T:21:59:00 WinXP 117.99.13.245 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:81 hits: 01-03 to 08-05] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:21:59:00 Win2K-f 119.94.166.151 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
US:192.221.110.126:80
US:198.78.201.126:80
US:207.123.46.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset irc
http
251 lines Yeah : 1.8
profile none summary
tarball 19 of 35
31 of 33
17 of 35
20 of 36
28 of 33 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
56a3822608
[Firefox: 3 hits: 07-05 to 08-05]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
a4c433c5d3
[Firefox: 3 hits: 07-05 to 08-05] none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

22:02:00 Win2K-f 118.8.73.34 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:06:00 WinXP 219.160.16.142 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
105 lines Yeah : 1.8
profile none summary
tarball 32 of 36 d9109d2fec
NEW none[none] none:none
none|none none none

22:10:00 WinXP 118.9.121.202 (-):
. 210.245.211.11:65520 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
http
175 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
34 of 36
20 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
7710220cac
NEW
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

22:13:00 Win2K-f 122.24.186.83 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 24.192.170.232:13001 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
US:chat-shqip.org
IL:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
175 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
16 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08]
e0fac27562
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

22:15:00 Win2K-f 121.92.145.59 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
170 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
15 of 36
20 of 36 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08]
88d0c0c4f6
[Firefox: 4 hits: 08-01 to 08-02]
8d7113c2ce
[Firefox:34 hits: 08-01 to 08-08] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:22:17:00 Win2K-f 71.162.79.131 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WORCESTER, MASSACHUSETTS, US. 210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com 445 pcap raw alerts
ruleset irc
http
6 lines Yeah : 0.8
profile none summary
tarball 19 of 35
17 of 35 37f41fd8ab
[Firefox:44 hits: 07-24 to 08-08]
5ab0a45f63
[Firefox:55 hits: 07-24 to 08-08] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

22:18:00 Win2K-f 125.193.37.7 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:20:00 Win2K-f 24.80.178.224 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:22:00 WinXP 4.225.208.204 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80 135 pcap raw alerts
ruleset http
162 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08]
a08f3b74a4
[Firefox:412 hits: 06-18 to 08-08] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:23:00 WinXP 172.136.11.231 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
112 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 3373948767
[Firefox:15 hits: 07-03 to 08-06]
c73f738c30
[Firefox:15 hits: 07-03 to 08-06]
e07c29c4ae
[Firefox:192 hits: 06-19 to 08-08] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:22:27:00 WinXP 202.70.230.40 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:30:00 Win2K-f 125.215.114.123 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:31:00 Win2K-f 116.82.189.32 (OCN.NE.JP):
FUJITSU LIMITED,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:288 hits: 06-27 to 08-07] none[none] none:none
none|none none none

22:32:00 WinXP 170.51.124.170 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:106 hits: 05-22 to 08-08] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

22:33:00 Win2K-f 70.233.85.172 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12.MRDNCT,
SEYMOUR, CONNECTICUT, US. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:chat-shqip.org 445 pcap raw alerts
ruleset irc
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:36:00 WinXP 123.254.9.214 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:37:00 WinXP 86.134.43.219 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:39:00 Win2K-f 221.126.234.80 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:53:00 Win2K-f 121.92.145.59 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 15 of 36 88d0c0c4f6
[Firefox: 4 hits: 08-01 to 08-02] none[none] none:none
none|none none none

22:53:00 WinXP 118.219.237.248 (-):
. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
US:206.33.45.125:80
US:207.123.47.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
103 lines Yeah : 1.3
profile none summary
tarball 34 of 36
31 of 33 0f7b6b4c31
NEW
168aab35a3
[Firefox:84 hits: 06-17 to 08-07] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

22:57:00 Win2K-f 122.131.124.84 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:22:59:00 WinXP 218.223.211.227 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOYAMA, TOYAMA, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

T:23:02:00 WinXP 122.133.81.81 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

23:05:00 Win2K-f 219.251.122.220 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:133 hits: 06-17 to 08-08]
53bfe15e91
[Firefox:1244 hits: 06-17 to 08-08] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

23:09:00 Win2K-f 125.100.49.181 (UCOM.NE.JP):
IML,
JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

23:14:00 WinXP 70.118.225.45 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:25:00 Win2K-f 208.137.151.207 (NETDOOR.COM):
INTERNET DOORWAY INC,
JACKSON, MISSISSIPPI, US. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:31:00 WinXP 221.127.72.198 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

23:32:00 Win2K-f 119.11.115.117 (-):
. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

23:34:00 Win2K-f 116.82.189.32 (OCN.NE.JP):
FUJITSU LIMITED,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:278 hits: 06-27 to 08-07] none[none] none:none
none|none none none

23:40:00 Win2K-f 68.119.206.89 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:296 hits: 06-27 to 08-07] none[none] none:none
none|none none none