Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:11:00 Win2K-f 221.191.207.198 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
KYOTO, KYOTO, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

00:16:00 Win2K-f 122.130.219.68 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 28 of 33 a9c8d121f2
[Firefox:12 hits: 06-28 to 08-02] none[none] none:none
none|none none none

T:00:30:00 WinXP 76.168.73.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VENICE, CALIFORNIA, US. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:303 hits: 12-31 to 08-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

00:31:00 WinXP 218.239.82.42 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33
0 of 33 533d15b5ce
[Firefox:14 hits: 06-21 to 08-07]
58c343a8d8
[Firefox:15 hits: 06-21 to 08-07]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
58c343a8d8[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

00:32:00 Win2K-f 91.67.146.255 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

00:37:00 Win2K-f 125.215.70.231 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
[Firefox: 5 hits: 08-02 to 08-09] none[none] none:none
none|none none none

00:37:00 WinXP 121.102.147.53 (HI-HO.NE.JP):
PANASONIC NETWORK SERVICES INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:253 hits: 01-05 to 08-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:39:00 Win2K-f 60.254.222.32 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 6 hits: 06-27 to 08-04] none[none] none:none
none|none none none

T:00:40:00 Win2K-f 119.11.86.156 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:00:46:00 WinXP 76.174.36.155 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LOS ANGELES, CALIFORNIA, US. n/a RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
:flanders.be.eu.undernet.org
SE:ced.dal.net
:lulea.se.eu.undernet.org
:washington.dc.us.undernet.org
SE:vancouver.dal.net
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
NL:london.uk.eu.undernet.org
:gaspode.zanet.org.za
SE:viking.dal.net
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:00:47:00 WinXP 118.108.36.175 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:00:48:00 Win2K-f 58.88.195.213 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:00:50:00 WinXP 123.224.234.76 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:01:01:00 Win2K-f 221.126.255.119 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 35bcd0adbb
NEW none[none] none:none
none|none none none

01:07:00 WinXP 124.87.191.135 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 34 of 36 7097bbda4d
[Firefox: 3 hits: 08-04 to 08-09] none[none] none:none
none|none none none

01:10:00 WinXP 64.126.155.185 (LEWISTON.COM):
FIRST STEP INTERNET,
PULLMAN, WASHINGTON, US. n/a RU:moscow-advokat.ru
US:lia.zanet.net
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
NL:london.uk.eu.undernet.org
SE:ced.dal.net
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:viking.dal.net
:caen.fr.eu.undernet.org
:washington.dc.us.undernet.org
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:01:12:00 Win2K-f 88.111.160.84 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:18:00 WinXP 118.1.252.154 (-):
. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 15 of 36 86d0b73e6a
NEW none[none] none:none
none|none none none

01:23:00 Win2K-f 116.80.52.192 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:31:00 Win2K-f 221.243.46.85 (UCOM.NE.JP):
UCOM CORP,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 36 538629d2a9
NEW none[none] none:none
none|none none none

01:34:00 WinXP 118.236.157.67 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:01:37:00 Win2K-f 117.102.150.132 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:42:00 WinXP 210.233.198.164 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 33 3ed16ae12d
[Firefox:10 hits: 06-19 to 08-09]
79c01ec060
[Firefox:15 hits: 06-18 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] 3ed16ae12d [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

T:01:44:00 WinXP 221.126.253.173 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 34 of 36 35bcd0adbb
NEW none[none] none:none
none|none none none

T:01:50:00 WinXP 85.181.179.27 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:53:00 Win2K-f 125.215.76.111 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
35 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:01:55:00 Win2K-f 125.192.176.72 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:55:00 WinXP 118.1.32.189 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 32 of 36 d9109d2fec
NEW none[none] none:none
none|none none none

T:01:56:00 WinXP 202.70.252.104 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
OKAYAMA, OKAYAMA, JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:56:00 WinXP 80.219.216.215 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

01:57:00 Win2K-f 24.86.151.24 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80
US:208.111.173.47:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
117 lines Yeah : 1.3
profile none summary
tarball none
32 of 33 0dc39cd3c1
[Firefox: 5 hits: 06-27 to 07-13]
a120847406
[Firefox: 5 hits: 06-27 to 07-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:02:01:00 WinXP 116.80.52.192 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
58 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

02:04:00 Win2K-f 58.191.161.117 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 67.43.236.66:8080 CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info
US:130.107.199.42:23678
CA:72.10.166.195:80
CA:72.10.167.74:80 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball none none none none none none none

T:02:11:00 WinXP 79.138.199.34 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
:gaspode.zanet.org.za
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net
:lulea.se.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:broadway.ny.us.dal.net
:washington.dc.us.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

02:12:00 WinXP 79.138.199.34 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
SE:qis.md.us.dal.net
NL:london.uk.eu.undernet.org
SE:coins.dal.net
SE:viking.dal.net
SE:vancouver.dal.net
:washington.dc.us.undernet.org
:flanders.be.eu.undernet.org
SE:broadway.ny.us.dal.net
:caen.fr.eu.undernet.org
:gaspode.zanet.org.za
SE:ced.dal.net
AT:graz.at.eu.undernet.org
:brussels.be.eu.undernet.org
SE:ozbytes.dal.net
US:lia.zanet.net
NL:diemen.nl.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

02:19:00 Win2K-f 217.34.42.213 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
FARNHAM, ENGLAND, UK. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:206.33.43.126:80
HK:210.245.211.11:80 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 31 of 34
30 of 32 4864a03a4b
[Firefox: 2 hits: 07-24 to 08-01]
7452c8448d
[Firefox:10 hits: 06-17 to 08-08] none[none]
none [4] none:none
none:none
none|none
PolyEnE| none
none none
trace

02:24:00 Win2K-f 218.221.44.95 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 74560ac1c2
[Firefox: 3 hits: 08-02 to 08-07] none[none] none:none
none|none none none

T:02:25:00 Win2K-f 122.134.41.250 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:02:26:00 WinXP 118.236.157.67 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

02:29:00 WinXP 122.130.135.25 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 28 of 33 a9c8d121f2
[Firefox:12 hits: 06-28 to 08-02] none[none] none:none
none|none none none

T:02:30:00 Win2K-f 130.13.55.215 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset other
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

02:30:00 WinXP 130.13.55.215 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a CA:dong.nagitiriheiwu.net 135 pcap raw alerts
ruleset irc
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:46:00 Win2K-f 89.117.25.89 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:47:00 Win2K-f 221.127.73.29 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 5 hits: 08-01 to 08-09] none[none] none:none
none|none none none

T:02:49:00 WinXP 78.54.101.192 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

02:51:00 Win2K-f 122.134.221.188 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 da7aac0dc4
[Firefox:10 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:02:53:00 WinXP 194.84.42.83 (GLOBAL-SAMARA.RU):
(7676) GLOBALSAMARA LTD SAMARA,
RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 24 of 36 9fed44502b
NEW none[none] none:none
none|none none none

02:55:00 Win2K-f 93.126.8.38 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
21 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

02:59:00 WinXP 118.108.36.175 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

03:01:00 Win2K-f 82.103.205.179 (ELISA-LAAJAKAISTA.FI):
JYVASVIESTIN-NET,
FI. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 71b5bbe58a
NEW none[none] none:none
none|none none none

03:13:00 Win2K-f 124.86.125.71 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 31 of 33 a4fbe49195
[Firefox: 5 hits: 06-27 to 08-07] none[none] none:none
none|none none none

03:22:00 WinXP 85.117.4.169 (ZICOM.PL):
ZICOM WIM ZIELINSKI SPOLKA JAWNA,
TARNOW, MALOPOLSKIE, PL. n/a HK:proxim.ircgalaxy.pl
EU:pzrk.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 35 of 36 1e7e35a53c
NEW none[none] none:none
none|none none none

T:03:26:00 Win2K-f 221.235.212.6 (163DATA.COM.CN):
CHINANET HUBEI PROVINCE NETWORK,
HUBEI, HUBEI, CN. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:206.33.43.126:80
HK:210.245.211.11:65520
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36 d520716d56
NEW
e0cd81f940
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

03:31:00 WinXP 87.205.94.132 (INETIA.PL):
INTERNETIA,
PL. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 509b3029f8
[Firefox:19 hits: 07-25 to 08-07] none[none] none:none
none|none none none

T:03:32:00 WinXP 87.205.94.132 (INETIA.PL):
INTERNETIA,
PL. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 509b3029f8
[Firefox:19 hits: 07-25 to 08-07] none[none] none:none
none|none none none

03:32:00 WinXP 78.48.56.107 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 29 of 36 8d8d5ceddd
NEW none[none] none:none
none|none none none

T:03:32:00 Win2K-f 213.196.208.124 (NETCOLOGNE.DE):
DYNAMIC XDSL IP POOL,
KOELN, NORDRHEIN-WESTFALEN, DE. (DSL) 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 16 of 36 d90c21f4da
NEW none[none] none:none
none|none none none

03:36:00 Win2K-f 124.87.172.113 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
CHIBA, CHIBA, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

03:37:00 WinXP 41.214.171.21 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 25d78144c5
[Firefox: 6 hits: 08-01 to 08-09] none[none] none:none
none|none none none

03:38:00 Win2K-f 221.127.194.104 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 5 hits: 08-01 to 08-09] none[none] none:none
none|none none none

T:03:38:00 WinXP 41.214.171.21 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 36 25d78144c5
[Firefox: 6 hits: 08-01 to 08-09] none[none] none:none
none|none none none

03:43:00 WinXP 222.147.216.106 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 12 of 33 a96d6f6d31
[Firefox: 7 hits: 06-28 to 08-07] none[none] none:none
none|none none none

T:04:01:00 WinXP 203.196.65.116 (KAGACABLE.NE.JP):
KAGA CABLE TELEVISION CO.LTD,
JP. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:04:09:00 WinXP 82.141.84.190 (KOTINET.COM):
POHJANMAAN PPO OY,
YLIVIESKA, OULUN LAANI, FI. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 18 of 36 e4d3794f7a
[Firefox: 3 hits: 08-04 to 08-06] none[none] none:none
none|none none none

T:04:09:00 Win2K-f 220.111.213.115 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

04:13:00 Win2K-f 60.237.221.97 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:04:13:00 Win2K-f 221.170.65.18 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 78ea6a7dbb
NEW none[none] none:none
none|none none none

04:16:00 Win2K-f 170.51.202.27 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:113 hits: 05-22 to 08-09] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

04:20:00 Win2K-f 213.196.208.124 (NETCOLOGNE.DE):
DYNAMIC XDSL IP POOL,
KOELN, NORDRHEIN-WESTFALEN, DE. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 16 of 36 d90c21f4da
NEW none[none] none:none
none|none none none

T:04:27:00 Win2K-f 4.173.86.3 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 135 pcap raw alerts
ruleset other
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

04:27:00 Win2K-f 118.106.177.27 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:13 hits: 06-28 to 08-09] none[none] none:none
none|none none none

T:04:36:00 WinXP 218.221.44.95 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 34 of 36 74560ac1c2
[Firefox: 3 hits: 08-02 to 08-07] none[none] none:none
none|none none none

T:04:36:00 Win2K-f 118.1.182.227 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 22 of 35 41ec9d69c8
[Firefox: 2 hits: 08-04 to 08-09] none[none] none:none
none|none none none

T:04:41:00 Win2K-f 118.6.205.202 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

04:43:00 WinXP 60.35.206.42 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:253 hits: 01-05 to 08-09] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

04:44:00 Win2K-f 60.254.243.78 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 6 hits: 06-27 to 08-04] none[none] none:none
none|none none none

T:04:45:00 WinXP 59.158.242.115 (UCOM.NE.JP):
G-KG0018N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:468 hits: 01-01 to 08-09] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:04:48:00 Win2K-f 122.25.173.130 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

04:54:00 WinXP 218.228.180.159 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:01:00 Win2K-f 213.76.154.12 (LANNET.PL):
LANNET S.C. W. KOMALA Z. LOMPERTA,
WARSAW, MAZOWIECKIE, PL. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
7 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:02:00 WinXP 118.8.126.76 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

05:03:00 Win2K-f 84.13.223.94 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:08:00 Win2K-f 58.91.178.46 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:09:00 WinXP 116.80.7.247 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:13:00 Win2K-f 220.96.52.74 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:15:00 WinXP 123.222.123.12 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

05:18:00 WinXP 91.65.38.46 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

05:19:00 Win2K-f 218.43.11.89 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
SAPPORO, HOKKAIDO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

05:35:00 Win2K-f 222.150.68.168 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:35:00 Win2K-f 60.45.80.189 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 26 of 36 efc7c25ae4
NEW none[none] none:none
none|none none none

T:05:45:00 Win2K-f 70.61.156.13 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:204.160.126.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:50:00 Win2K-f 71.115.70.240 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
VALPARAISO, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 04d3700af1
NEW
6b338df2df
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

05:51:00 Win2K-f 119.11.83.26 (-):
. n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 7 of 36 f27b469798
NEW none[none] none:none
none|none none none

T:05:51:00 WinXP 213.242.239.217 (-):
PPTP CONNECTIONS,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

05:56:00 Win2K-f 78.144.38.66 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:05:58:00 WinXP 119.72.95.197 (-):
. n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:58:00 Win2K-f 60.33.196.131 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 aa346f4557
NEW none[none] none:none
none|none none none

T:05:59:00 Win2K-f 218.6.169.239 (-):
WESTERN DATA CENTER,
CHENGDU, SICHUAN, CN. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
23 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

06:00:00 Win2K-f 118.9.223.223 (-):
. n/a 445 pcap raw alerts
ruleset ftp
35 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

06:04:00 WinXP 123.225.117.38 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

06:14:00 Win2K-f 123.222.214.165 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:06:19:00 Win2K-f 24.80.186.91 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
377 lines Yeah : 1.3
profile none summary
tarball 31 of 35 cfe42c471f
NEW none[none] none:none
none|none none none

06:20:00 WinXP 122.26.68.247 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 34 of 36 7097bbda4d
[Firefox: 3 hits: 08-04 to 08-09] none[none] none:none
none|none none none

06:24:00 Win2K-f 144.134.27.150 (TMNS.NET.AU):
TELSTRAINTERNET27,
GOLD COAST, QUEENSLAND, AU. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80 135 pcap raw alerts
ruleset other
61 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
b7082104e4
[Firefox:77 hits: 06-18 to 08-09] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

06:33:00 WinXP 125.215.112.206 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
83 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:06:35:00 WinXP 4.233.194.86 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:303 hits: 12-31 to 08-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

06:36:00 WinXP 125.200.223.49 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

06:42:00 Win2K-f 60.254.198.202 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 6 hits: 06-27 to 08-04] none[none] none:none
none|none none none

06:44:00 Win2K-f 80.166.184.51 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
HELSINGøR, FREDERIKSBORG, DK. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 1.8
profile none summary
tarball 10 of 33 4f3df56c30
[Firefox:12 hits: 06-28 to 08-02] none[none] none:none
none|none none none

06:50:00 WinXP 124.84.148.192 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:06:50:00 WinXP 124.100.121.118 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:06:59:00 Win2K-f 202.223.97.84 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

06:59:00 WinXP 70.60.120.109 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36
0 of 33 1e438d2271
NEW
38b16f6895
NEW
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

06:59:00 Win2K-f 119.72.66.59 (-):
. 24.192.170.232:12351 HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
30 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:00:00 WinXP 92.227.219.225 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 8178c88f5e
[Firefox:16 hits: 07-08 to 08-09] none[none] none:none
none|none none none

T:07:00:00 WinXP 125.173.3.65 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:07:00:00 Win2K-f 91.141.37.15 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 19 of 32 0993a67cea
[Firefox: 3 hits: 06-30 to 08-04] none[none] none:none
none|none none none

T:07:02:00 Win2K-f 118.20.39.67 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

07:11:00 Win2K-f 122.29.23.129 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 10439d86a5
[Firefox: 3 hits: 06-29 to 08-02] none[none] none:none
none|none none none

07:15:00 WinXP 4.233.194.86 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW HAMPSHIRE, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:303 hits: 12-31 to 08-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:07:23:00 WinXP 118.1.78.157 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

07:33:00 WinXP 220.208.151.18 (CORALNET.OR.JP):
TONAMI TRANSPORTATION CO. LTD,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:07:35:00 WinXP 124.102.44.107 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

07:44:00 WinXP 60.254.215.187 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox: 6 hits: 06-27 to 08-04] none[none] none:none
none|none none none

07:46:00 Win2K-f 118.236.134.10 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

07:47:00 Win2K-f 202.223.97.84 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

07:49:00 WinXP 122.146.240.42 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:07:50:00 WinXP 122.17.191.59 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 30 of 36 005226ccd5
[Firefox: 2 hits: 08-09 to 08-09] none[none] none:none
none|none none none

T:07:56:00 Win2K-f 118.8.126.76 (-):
. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:01:00 Win2K-f 92.21.189.153 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
21 lines Yeah : 1.3
profile none summary
tarball 31 of 33 f4a8c4177e
[Firefox: 6 hits: 06-28 to 08-09] none[none] none:none
none|none none none

08:10:00 WinXP 118.105.152.183 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:13 hits: 06-28 to 08-09] none[none] none:none
none|none none none

08:19:00 Win2K-f 124.87.246.65 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:08:23:00 WinXP 203.112.54.225 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:08:24:00 Win2K-f 78.149.182.206 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 18939f8f76
NEW none[none] none:none
none|none none none

08:26:00 Win2K-f 82.141.79.236 (KOTINET.COM):
POHJANMAAN PPO OY,
YLIVIESKA, OULUN LAANI, FI. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 18 of 36 e4d3794f7a
[Firefox: 3 hits: 08-04 to 08-06] none[none] none:none
none|none none none

08:28:00 Win2K-f 121.82.199.184 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 33 of 36 aca942e50f
NEW none[none] none:none
none|none none none

T:08:29:00 Win2K-f 122.18.209.155 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0d1452e5d3
NEW none[none] none:none
none|none none none

T:08:35:00 WinXP 4.225.165.221 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:205.128.79.125:80
US:206.33.43.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:35:00 WinXP 67.150.173.174 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 0.8
profile none summary
tarball 32 of 32 92c8e458d8
[Firefox: 3 hits: 02-24 to 08-08] 4ba645ac3a [0] ASM:Graph
none|none lines=62 trace

T:08:38:00 Win2K-f 118.236.134.10 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

08:40:00 WinXP 218.47.36.66 (PLALA.OR.JP):
PLALA NETWORKS INC,
OSAKA, OSAKA, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 18 of 36 3a0702a5ab
NEW none[none] none:none
none|none none none

08:40:00 Win2K-f 221.190.146.54 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 aa346f4557
NEW none[none] none:none
none|none none none

08:44:00 Win2K-f 81.89.13.66 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

08:46:00 WinXP 83.125.108.63 (SIGN2.DE):
LAMBDANET COMMUNICATIONS,
UK. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 29 of 35 f752131714
NEW none[none] none:none
none|none none none

T:08:51:00 WinXP 170.51.99.125 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 1b2ce111f8
NEW none[none] none:none
none|none none none

08:52:00 WinXP 119.94.173.145 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 31 of 33
28 of 33
0 of 33 56a3822608
[Firefox: 5 hits: 07-05 to 08-09]
a4c433c5d3
[Firefox: 5 hits: 07-05 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

09:00:00 WinXP 219.105.97.143 (ADACHI.NE.JP):
CABLE TELEVISION ADACHI CORP,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:468 hits: 01-01 to 08-09] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:09:02:00 Win2K-f 81.173.131.90 (NETCOLOGNE.DE):
DYNAMIC CABLE MODEM IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 35 of 36 27df9c5c9a
NEW none[none] none:none
none|none none none

09:06:00 WinXP 125.196.134.73 (MESH.AD.JP):
NEC CORPORATION,
JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.8
profile none summary
tarball 20 of 36 671acdf0c9
NEW none[none] none:none
none|none none none

09:08:00 Win2K-f 121.63.135.42 (163DATA.COM.CN):
CHINANET HUBEI PROVINCE NETWORK,
WUHAN, HUBEI, CN. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:18:00 Win2K-f 221.126.84.160 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b06fcbb9ac
NEW none[none] none:none
none|none none none

T:09:23:00 Win2K-f 86.97.246.175 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
SHARJAH, ASH SHARIQAH, AE. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
32 lines Yeah : 1.3
profile none summary
tarball 25 of 36 eb7b07b431
NEW none[none] none:none
none|none none none

09:29:00 WinXP 125.203.110.97 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. (DSL) 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 17 of 32 b169ddd225
[Firefox: 3 hits: 06-29 to 08-01] none[none] none:none
none|none none none

09:29:00 WinXP 4.254.73.126 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80
US:206.33.43.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
119 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
b7082104e4
[Firefox:77 hits: 06-18 to 08-09] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

09:30:00 WinXP 98.24.90.201 (-):
. n/a DE:siliconfireware.ru
RU:www.bbin.ru
:wpad
RU:www.binbank.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:195.200.213.52:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:449 hits: 01-01 to 08-09] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:09:33:00 WinXP 61.222.6.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
57ce4acac2
[Firefox:104 hits: 06-17 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:09:46:00 Win2K-f 85.182.18.175 (ALICEDSL.DE):
HANSENET-ADSL,
OBERHAUSEN, NORDRHEIN-WESTFALEN, DE. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 24 of 36 0c42dd6a4e
NEW none[none] none:none
none|none none none

T:09:57:00 Win2K-f 170.51.124.170 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:59:00 Win2K-f 125.215.99.141 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:09:59:00 WinXP 58.190.91.56 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 17 of 33 64477225c9
[Firefox: 5 hits: 06-28 to 08-01] none[none] none:none
none|none none none

09:59:00 Win2K-f 80.219.209.151 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 d7c5eee185
NEW none[none] none:none
none|none none none

10:04:00 Win2K-f 4.228.204.113 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NAMPA, IDAHO, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
460 lines Yeah : 1.3
profile none summary
tarball 27 of 32 6c36e19037
[Firefox:14 hits: 06-22 to 08-01] none[4] none:none
none|none none trace

10:20:00 WinXP 221.184.162.85 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:10:23:00 WinXP 122.30.250.131 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 33 a793802e3c
[Firefox: 8 hits: 06-28 to 08-07] none[none] none:none
none|none none none

10:30:00 Win2K-f 24.153.117.210 (MYACTV.NET):
ANTIETAM CABLE TELEVISION INC,
HAGERSTOWN, MARYLAND, US. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.99.124:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 34 of 35
28 of 35 70c31be294
NEW
fead05e431
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

10:30:00 WinXP 118.7.215.45 (-):
. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

10:34:00 WinXP 170.51.103.226 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:113 hits: 05-22 to 08-09] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:10:36:00 Win2K-f 82.241.109.191 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:10:37:00 WinXP 221.187.38.48 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:10:50:00 WinXP 76.93.105.102 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:198.78.220.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:50:00 Win2K-f 85.180.161.243 (ALICEDSL.DE):
HANSENET-ADSL,
FRANKFURT, HESSEN, DE. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

10:50:00 Win2K-f 61.119.255.99 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 32 of 36 9e62ec2cc6
NEW none[none] none:none
none|none none none

10:57:00 Win2K-f 71.12.16.50 (CHARTER.COM):
CHARTER COMMUNICATIONS,
NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:10:58:00 Win2K-f 217.164.189.161 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORP,
ABU DHABI, ABU DHABI, AE. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f76ac65d72
NEW none[none] none:none
none|none none none

11:02:00 Win2K-f 170.51.124.170 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:113 hits: 05-22 to 08-09] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

11:28:00 WinXP 118.1.78.157 (-):
. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

11:32:00 WinXP 88.111.238.229 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

11:51:00 WinXP 82.227.193.137 (PROXAD.NET):
PROXAD / FREE SAS,
LYON, RHONE-ALPES, FR. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 31 of 33 ea912b50d0
NEW none[none] none:none
none|none none none

T:11:52:00 Win2K-f 221.190.117.105 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 b6075d6a91
[Firefox: 5 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:54:00 WinXP 221.190.117.105 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 31 of 33 b6075d6a91
[Firefox: 5 hits: 06-27 to 08-02] none[none] none:none
none|none none none

11:55:00 Win2K-f 70.73.116.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.173.53:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 33 of 36
34 of 36 0081841647
NEW
a5276149eb
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:12:01:00 WinXP 125.197.219.237 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 2 hits: 08-02 to 08-04] none[none] none:none
none|none none none

12:12:00 Win2K-f 78.106.142.250 (CORBINA.NET):
INVESTELEKTROSVIAZ LTD,
RU. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 0 of 32 b5919931fe
[Firefox:278 hits: 06-20 to 08-09] b5919931fe [1] ASM:Graph
ASProtect| lines=90 trace

12:18:00 WinXP 86.135.68.148 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
NORTHAMPTON, ENGLAND, UK. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

12:20:00 WinXP 69.41.137.113 (SEISMICINTERNET.NET):
SEISMIC ENTERPRISES,
KAILUA KONA, HAWAII, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:32:00 WinXP 219.160.238.163 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

12:33:00 WinXP 222.158.118.251 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 13 of 33 7e8babc6f9
[Firefox: 2 hits: 06-27 to 08-04] none[none] none:none
none|none none none

T:12:35:00 WinXP 85.181.174.199 (ALICEDSL.DE):
HANSENET-ADSL,
WUPPERTAL, NORDRHEIN-WESTFALEN, DE. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b063f77fe3
NEW none[none] none:none
none|none none none

12:38:00 Win2K-f 122.146.243.195 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09]
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:12:46:00 Win2K-f 118.105.189.32 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:13 hits: 06-28 to 08-09] none[none] none:none
none|none none none

T:12:54:00 Win2K-f 122.30.35.212 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 fd7526a245
NEW none[none] none:none
none|none none none

T:12:54:00 WinXP 195.14.254.43 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:03:00 Win2K-f 80.142.64.137 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BONN, NORDRHEIN-WESTFALEN, DE. n/a 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:13:05:00 WinXP 68.144.17.241 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
EU:kidos-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 e253fef35b
NEW none[none] none:none
none|none none none

13:10:00 Win2K-f 61.207.183.213 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 31 of 33 aa346f4557
NEW none[none] none:none
none|none none none

T:13:13:00 WinXP 89.144.177.100 (ASKIRAN.COM):
ANDISHE SABZ KHAZAR CO. P.J.S,
IR. n/a EU:siliconfireware.ru
:wpad
US:searchportal.information.com
GB:welcome3.smile.co.uk
US:208.73.210.32:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 21 of 31 6b47fac5de
NEW none[none] none:none
none|none none none

T:13:21:00 WinXP 24.66.226.238 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. n/a 135 pcap raw alerts
ruleset other
196 lines Yeah : 1.3
profile none summary
tarball 22 of 32 ae4e62adc2
[Firefox: 2 hits: 07-07 to 07-08] none[none] none:none
none|none none none

13:26:00 WinXP 70.76.138.232 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
54 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:648 hits: 06-18 to 08-09] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

13:31:00 Win2K-f 76.168.102.104 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SYLMAR, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80 135 pcap raw alerts
ruleset other
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:35:00 WinXP 86.129.185.163 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:13:36:00 WinXP 4.252.135.104 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SYCAMORE, ILLINOIS, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru
:parex-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:36:00 WinXP 68.114.152.54 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox: 7 hits: 08-02 to 08-08] none[none] none:none
none|none none none

T:13:46:00 WinXP 86.136.194.237 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWINDON, ENGLAND, UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:13:48:00 Win2K-f 86.129.185.163 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:13:50:00 WinXP 24.80.114.65 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80 135 pcap raw alerts
ruleset http
99 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
2 of 32 607b60ad51
[Firefox:13 hits: 06-20 to 08-05]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09]
e5c7bce70e
[Firefox:13 hits: 06-20 to 08-05] none[4]
e07c29c4ae[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

13:50:00 WinXP 4.158.156.14 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
8 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:205 hits: 01-01 to 08-09] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

13:52:00 Win2K-f 68.74.121.248 (AMERITECH.NET):
PPPOX POOL - RBACK1 EMHRIL,
CHICAGO, ILLINOIS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:59:00 Win2K-f 122.30.250.131 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 15 of 33 a793802e3c
[Firefox: 8 hits: 06-28 to 08-07] none[none] none:none
none|none none none

14:04:00 Win2K-f 123.254.3.158 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:14:08:00 Win2K-f 81.89.13.66 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

14:28:00 WinXP 78.148.58.128 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:14:29:00 WinXP 67.9.1.216 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PINELLAS PARK, FLORIDA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:33:00 Win2K-f 88.111.142.204 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

14:34:00 Win2K-f 65.81.218.115 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
BOAZ, ALABAMA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
186 lines Yeah : 1.3
profile none summary
tarball 31 of 35
34 of 36
0 of 32 421ecabb8c
[Firefox: 3 hits: 07-24 to 08-09]
8e6657f6e3
NEW
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

14:37:00 Win2K-f 68.127.240.86 (PACBELL.NET):
PPPOX POOL - RBACK4.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09]
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:14:43:00 WinXP 4.225.203.137 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:45:00 WinXP 4.225.203.137 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:53:00 WinXP 89.244.251.110 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 36 37cd59759e
NEW none[none] none:none
none|none none none

14:57:00 Win2K-f 172.168.16.146 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:05:00 WinXP 200.146.7.177 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:49 hits: 01-14 to 08-08] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:15:05:00 WinXP 200.146.7.177 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:49 hits: 01-14 to 08-08] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

15:08:00 WinXP 82.10.98.193 (NTL.COM):
NTL INFRASTRUCTURE - OXFORD,
SWINDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:79 hits: 01-08 to 08-09] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

15:10:00 Win2K-f 218.43.3.245 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
165 lines Yeah : 1.8
profile none summary
tarball 17 of 35
20 of 36
34 of 36 5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09]
c3c3cae354
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

15:24:00 Win2K-f 64.139.104.242 (RCABLETV.COM):
NCI DATA.COM INC,
REPUBLIC, WASHINGTON, US. (DSL) 210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
IL:194.90.224.86:80 135 pcap raw alerts
ruleset irc
http
257 lines Yeah : 1.8
profile none summary
tarball 33 of 33
17 of 35
0 of 32
20 of 36 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09]
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09] none[4]
none [none]
73f1082158[1]
none [none] none:none
none:none
ASM:Graph
none:none
tElock|
none|none
Armadillo|
none|none none
none
lines=81
none trace
none
trace
none

T:15:24:00 Win2K-f 69.109.153.52 (PACBELL.NET):
AT&T INTERNET SERVICES,
SAN DIEGO, CALIFORNIA, US. (100Mbps) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:24:00 Win2K-f 125.215.98.167 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

15:33:00 Win2K-f 206.171.179.241 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:38:00 WinXP 70.248.127.208 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

15:42:00 Win2K-f 200.12.190.102 (EAFIT.EDU.CO):
UNIVERSIDAD EAFIT,
MEDELLIN, ANTIOQUIA, CO. n/a 445 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:47:00 Win2K-f 60.237.98.122 (MESH.AD.JP):
NEC CORPORATION,
FUKUOKA, FUKUOKA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:15:48:00 Win2K-f 125.196.134.73 (MESH.AD.JP):
NEC CORPORATION,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
US:chat-shqip.org
IL:wr.mcboo.com
IL:dl.mcboo.com
US:b155.mcboo.com
US:w3bs.chat-shqip.org
IL:194.90.224.86:80
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
http
338 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
20 of 36
20 of 36 37f41fd8ab
[Firefox:55 hits: 07-24 to 08-09]
5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
671acdf0c9
NEW
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

15:50:00 Win2K-f 70.126.1.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:50:00 WinXP 133.205.253.174 (NIIGATA-U.AC.JP):
JAPAN NETWORK INFORMATION CENTER,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 24 of 36 596e449762
NEW none[none] none:none
none|none none none

T:15:55:00 WinXP 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:16:01:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
57ce4acac2
[Firefox:104 hits: 06-17 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:16:06:00 Win2K-f 213.5.37.39 (ACN.GR):
ACN ALTEC COMMUNICATIONS NETWORK S.A,
ATHENS, ATTIKI, GR. 210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
HK:proxim.ircgalaxy.pl
US:chat-shqip.org
IL:wr.mcboo.com
US:w3bs.chat-shqip.org
IL:194.90.224.86:80
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset irc
http
195 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35
20 of 36 37f41fd8ab
[Firefox:55 hits: 07-24 to 08-09]
5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

16:12:00 Win2K-f 118.9.219.226 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com 445 pcap raw alerts
ruleset ftp
irc
http
174 lines Yeah : 1.8
profile none summary
tarball 30 of 33
19 of 35
17 of 35
20 of 36 165df82815
NEW
37f41fd8ab
[Firefox:55 hits: 07-24 to 08-09]
5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

16:18:00 Win2K-f 122.29.89.60 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

16:20:00 WinXP 221.189.55.152 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

16:26:00 Win2K-f 99.160.56.71 (-):
. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
irc
69 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
b7082104e4
[Firefox:77 hits: 06-18 to 08-09] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

16:27:00 WinXP 206.125.157.203 (SHAWNEELINK.NET):
SHAWNEELINK,
EQUALITY, ILLINOIS, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
GB:welcome3.smile.co.uk 445 pcap raw alerts
ruleset http
http
http
http
34 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:449 hits: 01-01 to 08-09] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

16:31:00 Win2K-f 67.1.14.178 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
MERIDIAN, IDAHO, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
130 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:55:00 WinXP 60.254.199.132 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
IL:dl.mcboo.com
US:b156.mcboo.ws
US:208.111.173.51:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
irc
1157 lines Yeah : 1.8
profile none summary
tarball 35 of 36
19 of 35
17 of 35
20 of 36
28 of 36
0 of 33 1ca49e4d70
NEW
37f41fd8ab
[Firefox:55 hits: 07-24 to 08-09]
5ab0a45f63
[Firefox:66 hits: 07-24 to 08-09]
8d7113c2ce
[Firefox:44 hits: 08-01 to 08-09]
dad3ad1937
NEW
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] none[none]
none [none]
none [none]
none [none]
none [none]
e07c29c4ae[1] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
FSG| none
none
none
none
none
lines=92 none
none
none
none
none
trace

16:56:00 Win2K-f 116.81.26.58 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 02f755ede0
NEW none[none] none:none
none|none none none

T:17:03:00 Win2K-f 118.106.164.51 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:13 hits: 06-28 to 08-09] none[none] none:none
none|none none none

17:04:00 Win2K-f 170.51.122.71 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:15:00 WinXP 123.198.72.3 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 94a6b635e8
NEW none[none] none:none
none|none none none

T:17:17:00 Win2K-f 118.105.188.233 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 30 of 33 4c718f0d24
[Firefox: 4 hits: 06-29 to 08-07] none[none] none:none
none|none none none

T:17:20:00 Win2K-f 66.16.121.130 (CAVTEL.NET):
CAVALIER TELEPHONE,
BALTIMORE, MARYLAND, US. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:17:21:00 WinXP 60.45.176.204 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 aa346f4557
NEW none[none] none:none
none|none none none

17:39:00 Win2K-f 121.87.27.120 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:17:45:00 WinXP 221.126.95.16 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

17:47:00 Win2K-f 76.237.123.57 (SBCGLOBAL.NET):
PPPOX POOL - BRAS16.LSAN,
US. n/a US:microsoft.com
US:download.microsoft.com
US:206.33.43.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:56:00 WinXP 118.7.220.112 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 25 of 36 e66b7f4416
NEW none[none] none:none
none|none none none

17:59:00 Win2K-f 76.93.105.102 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:06:00 Win2K-f 221.126.95.16 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

18:06:00 WinXP 68.145.226.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
:flanders.be.eu.undernet.org
SE:broadway.ny.us.dal.net
:gaspode.zanet.org.za
SE:vancouver.dal.net
:caen.fr.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:coins.dal.net
NL:diemen.nl.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:421 hits: 12-31 to 08-09] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:18:10:00 WinXP 60.236.51.113 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

18:12:00 WinXP 24.80.170.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.44.124:80
US:205.128.79.125:80 135 pcap raw alerts
ruleset other
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:13 hits: 06-20 to 08-05]
e5c7bce70e
[Firefox:13 hits: 06-20 to 08-05] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:12:00 WinXP 123.254.34.150 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

18:22:00 WinXP 123.254.34.150 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:18:34:00 Win2K-f 122.17.189.44 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

18:39:00 Win2K-f 221.127.75.145 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:39:00 WinXP 170.51.207.131 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:113 hits: 05-22 to 08-09] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

18:44:00 WinXP 118.172.242.90 (-):
. 85.214.127.219:59999 DE:skathari.oligarxia.com 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 22 of 35 557c0e2562
[Firefox: 4 hits: 07-24 to 08-09] none[none] none:none
none|none none none

18:45:00 WinXP 60.236.75.127 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:18:46:00 WinXP 4.168.180.240 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOS ANGELES, CALIFORNIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

18:55:00 Win2K-f 202.70.232.58 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 36 7619ff1355
NEW none[none] none:none
none|none none none

18:58:00 Win2K-f 122.25.171.173 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:05:00 WinXP 122.131.251.68 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:11:00 WinXP 124.100.179.80 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:11:00 Win2K-f 119.11.68.94 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 24 of 36 2d48e6fd7e
NEW none[none] none:none
none|none none none

19:19:00 Win2K-f 4.240.21.115 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
88 lines Yeah : 1.3
profile none summary
tarball 15 of 36
0 of 33 44f6f7826a
NEW
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[none]
a08f3b74a4[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=81 none
trace

T:19:22:00 WinXP 218.227.191.144 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
HIROSHIMA, HIROSHIMA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:28:00 Win2K-f 118.236.103.136 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:32:00 WinXP 122.133.105.115 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 2 hits: 08-02 to 08-04] none[none] none:none
none|none none none

19:36:00 Win2K-f 210.206.109.168 (BORA.NET):
BORANET-NET-210-206/,
KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:205.128.66.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36 6e4189aed5
NEW
a2abf80155
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

19:45:00 Win2K-f 221.189.149.50 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

19:46:00 WinXP 151.33.176.201 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
TORINO, PIEMONTE, IT. (DIAL) 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:113 hits: 05-22 to 08-09] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

19:51:00 WinXP 130.13.54.135 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:303 hits: 12-31 to 08-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:19:58:00 Win2K-f 122.107.6.196 (-):
. n/a 135 pcap raw alerts
ruleset other
879 lines Yeah : 1.3
profile none summary
tarball 32 of 35 00b7e57d8b
NEW none[none] none:none
none|none none none

T:20:04:00 WinXP 130.13.54.135 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:303 hits: 12-31 to 08-09] 048df78048 [0] ASM:Graph
none|none lines=61 trace

20:05:00 Win2K-f 123.220.4.25 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 17 of 33 0e78be6c38
[Firefox: 2 hits: 06-27 to 06-28] none[none] none:none
none|none none none

T:20:06:00 WinXP 58.191.160.9 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset other
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:08:00 WinXP 220.99.227.98 (PLALA.OR.JP):
PLALA NETWORKS INC,
SHIZUOKA, SHIZUOKA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

20:18:00 WinXP 70.45.117.195 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
SAN JUAN, PUERTO RICO, PR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

20:20:00 Win2K-f 123.254.38.246 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

20:22:00 Win2K-f 119.11.104.52 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

20:22:00 WinXP 217.94.219.205 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 30 of 33 1ba3d9d3e8
[Firefox: 3 hits: 06-29 to 07-01] none[none] none:none
none|none none none

T:20:23:00 WinXP 121.115.187.229 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 27 of 36 1bcec3abd3
NEW none[none] none:none
none|none none none

20:34:00 Win2K-f 123.225.10.93 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:35:00 WinXP 124.100.54.170 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7097bbda4d
[Firefox: 3 hits: 08-04 to 08-09] none[none] none:none
none|none none none

20:35:00 WinXP 221.126.118.50 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b06fcbb9ac
NEW none[none] none:none
none|none none none

20:38:00 Win2K-f 118.105.191.179 (-):
. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:13 hits: 06-28 to 08-09] none[none] none:none
none|none none none

T:20:43:00 WinXP 123.254.38.246 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:20:46:00 Win2K-f 61.34.136.32 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
134 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 32 9d1c8d89a4
NEW
b57dbae4a3
NEW
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:20:58:00 Win2K-f 122.29.50.46 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

21:06:00 Win2K-f 125.195.91.61 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 2 hits: 08-02 to 08-04] none[none] none:none
none|none none none

T:21:06:00 Win2K-f 58.111.0.8 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:207.123.42.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:09:00 WinXP 60.254.220.152 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 33 9ddd6c5e47
[Firefox: 3 hits: 06-29 to 08-04] none[none] none:none
none|none none none

T:21:12:00 WinXP 119.11.104.52 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

21:12:00 WinXP 99.156.77.65 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
[Firefox:11 hits: 01-01 to 08-06] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

21:14:00 Win2K-f 118.216.191.111 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:138 hits: 06-17 to 08-09]
53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

21:19:00 WinXP 118.236.187.131 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

21:21:00 WinXP 221.127.195.37 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 7 hits: 06-27 to 08-04] none[none] none:none
none|none none none

21:24:00 Win2K-f 75.49.239.36 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
SOUTH FORK, MISSOURI, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
73f1082158
[Firefox:648 hits: 06-18 to 08-09]
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:31:00 Win2K-f 122.16.114.94 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 36 005226ccd5
[Firefox: 2 hits: 08-09 to 08-09] none[none] none:none
none|none none none

T:21:32:00 WinXP 116.127.167.184 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
87 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 633a67eac3
[Firefox: 7 hits: 07-19 to 08-04]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09] none[none]
a08f3b74a4[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=81 none
trace

T:21:41:00 Win2K-f 118.108.113.250 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

21:42:00 Win2K-f 24.66.51.159 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 0 of 32
31 of 32
23 of 33 b5919931fe
[Firefox:278 hits: 06-20 to 08-09]
bca9e0fb5f
[Firefox:18 hits: 06-18 to 08-09]
e53a9ea82e
[Firefox:18 hits: 06-18 to 08-09] b5919931fe [1]
none [4]
e53a9ea82e[1] ASM:Graph
none:none
ASM:Graph
ASProtect|
PolyEnE|
Armadillo| lines=90
none
lines=81 trace
trace
trace

21:48:00 Win2K-f 118.6.216.190 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

21:53:00 WinXP 219.116.139.165 (INFOWEB.NE.JP):
INFOWEB-CIDR-BLK,
TOKYO, TOKYO, JP. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

22:00:00 WinXP 222.145.88.248 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none

22:00:00 WinXP 99.163.48.147 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:79 hits: 01-08 to 08-09] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

22:09:00 Win2K-f 123.225.32.100 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:300 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:22:31:00 Win2K-f 123.225.32.100 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:32:00 WinXP 60.33.87.114 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

22:34:00 Win2K-f 218.230.221.240 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c3c3cae354
NEW none[none] none:none
none|none none none

T:22:45:00 Win2K-f 118.236.5.8 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9744f77d85
NEW none[none] none:none
none|none none none

22:46:00 WinXP 123.221.221.1 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 23 of 36 34862983cd
NEW none[none] none:none
none|none none none

T:22:47:00 WinXP 118.8.233.86 (-):
. 72.10.172.218:3838 :nagoo.nagitiriheiwu.net
CA:haiys.eiheihre3.com 445 pcap raw alerts
ruleset shell
ftp
irc
http
24 lines Yeah : 1.8
profile none summary
tarball 32 of 36
19 of 36 3281ff0235
NEW
3893b0bd5b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:22:55:00 Win2K-f 118.6.216.190 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

22:57:00 WinXP 124.84.179.100 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

23:19:00 WinXP 218.239.82.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33
0 of 33 4c3df24b32
[Firefox:138 hits: 06-17 to 08-09]
53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
e07c29c4ae
[Firefox:204 hits: 06-19 to 08-09] 4c3df24b32 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

23:20:00 Win2K-f 60.38.124.240 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e80215f572
[Firefox: 2 hits: 08-02 to 08-09] none[none] none:none
none|none none none

T:23:21:00 WinXP 80.96.151.206 (NEXTRA.RO):
SC-NEXTRA TELECOM SRL,
TIMISOARA, TIMIS, RO. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:322 hits: 06-27 to 08-09] none[none] none:none
none|none none none

T:23:27:00 WinXP 190.226.71.186 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:49 hits: 01-14 to 08-08] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

23:27:00 WinXP 190.226.71.186 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:49 hits: 01-14 to 08-08] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

23:36:00 WinXP 220.220.208.22 (PLALA.OR.JP):
NTT COMMUNICATIONS CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 33 of 36 cb9f55cc40
NEW none[none] none:none
none|none none none

23:38:00 Win2K-f 124.195.153.165 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1282 hits: 06-17 to 08-09]
a08f3b74a4
[Firefox:423 hits: 06-18 to 08-09]
b5919931fe
[Firefox:278 hits: 06-20 to 08-09] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:23:48:00 Win2K-f 219.160.106.220 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
NIIGATA, NIIGATA, JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c3c3cae354
NEW none[none] none:none
none|none none none

T:23:53:00 WinXP 114.120.114.140 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

23:56:00 Win2K-f 123.220.125.233 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:58:00 WinXP 67.155.83.62 (ALGX.NET):
XO COMMUNICATIONS,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

23:58:00 WinXP 67.155.83.62 (ALGX.NET):
XO COMMUNICATIONS,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:931 hits: 12-31 to 08-09] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

23:59:00 Win2K-f 124.97.148.204 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:301 hits: 06-27 to 08-09] none[none] none:none
none|none none none