Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

11 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:08:00 WinXP 87.61.170.169 (IP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. n/a DE:siliconfireware.ru
DE:ebookfinaltrash.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:206 hits: 01-01 to 08-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

00:09:00 Win2K-f 64.192.64.16 (WCG.NET):
LIGHTCORE A CENTURYTELCOMPANY,
NASHUA, NEW HAMPSHIRE, US. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 33 1b94c1cc14
[Firefox: 3 hits: 07-01 to 07-11]
62728ad1cd
[Firefox: 3 hits: 07-01 to 07-11] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:00:11:00 WinXP 125.215.106.164 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
BANGKOK, KRUNG THEP MAHANAKHON, TH. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

00:13:00 Win2K-f 70.182.91.138 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.148.219:80
US:208.111.148.226:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
94 lines Yeah : 1.3
profile none summary
tarball 33 of 33
32 of 36 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
bea8cb1865
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:00:16:00 WinXP 66.81.249.210 (O1.COM):
O1 DIALUP SERVICES,
LOS ANGELES, CALIFORNIA, US. (DIAL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 35 12ce8f7873
NEW
762dc9242b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

00:28:00 Win2K-f 60.254.213.143 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 22 of 33 869081411d
[Firefox:10 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:00:29:00 Win2K-f 85.181.131.189 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

00:31:00 Win2K-f 125.192.101.68 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 5 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:00:33:00 Win2K-f 121.2.10.178 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 de502ebe9c
NEW none[none] none:none
none|none none none

00:37:00 WinXP 62.11.117.137 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
RU:www.bbin.ru
US:204.13.161.51:80
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
5 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:206 hits: 01-01 to 08-10] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:00:48:00 Win2K-f 122.134.248.62 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

00:49:00 WinXP 114.120.81.125 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:00:49:00 WinXP 114.120.81.125 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

00:58:00 WinXP 124.66.253.15 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

00:59:00 WinXP 122.29.50.46 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 24.192.170.232:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

01:04:00 Win2K-f 72.174.170.78 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
CEDAR CITY, UTAH, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80
HK:210.245.211.11:80 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 1c533ec8cf
NEW
a45061200b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

01:11:00 Win2K-f 76.198.233.24 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
ST. LOUIS, MISSOURI, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.47:80
US:208.111.173.51:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:16:00 WinXP 221.126.246.42 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 16 of 36 b90c0a7a49
NEW none[none] none:none
none|none none none

T:01:16:00 Win2K-f 221.126.253.148 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 28 of 36 043e258c65
NEW none[none] none:none
none|none none none

T:01:20:00 Win2K-f 119.11.75.252 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 15 of 36 d2208ff2a1
NEW none[none] none:none
none|none none none

01:21:00 WinXP 82.141.86.102 (KOTINET.COM):
POHJANMAAN PPO OY,
OULU, OULUN LAANI, FI. 24.192.170.232:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 18 of 36 e4d3794f7a
[Firefox: 5 hits: 08-04 to 08-10] none[none] none:none
none|none none none

01:25:00 WinXP 91.141.38.178 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 24.192.170.232:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 19 of 32 0993a67cea
[Firefox: 4 hits: 06-30 to 08-10] none[none] none:none
none|none none none

01:28:00 WinXP 220.156.77.229 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:01:36:00 Win2K-f 118.106.163.243 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 505238d7ef
[Firefox:18 hits: 06-28 to 08-10] none[none] none:none
none|none none none

T:01:46:00 WinXP 222.170.85.78 (163DATA.COM.CN):
CHINANET HEILONGJIANG PROVINCE NETWORK,
HEILONGJIANG, HEILONGJIANG, CN. 194.54.90.246:80 HK:proxima.ircgalaxy.pl
US:mx1.hotmail.com
US:mailin-01.mx.aol.com
US:ftp.newaol.com
US:yutunrz.1dumb.com
US:mailin-03.mx.aol.com
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
http
78 lines Yeah : 1.3
profile none summary
tarball 34 of 36
1 of 36 04af0c2254
NEW
6be4a7deb9
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:01:48:00 Win2K-f 221.127.156.197 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 16 of 36 b90c0a7a49
NEW none[none] none:none
none|none none none

T:01:51:00 WinXP 78.52.216.148 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:52:00 WinXP 84.187.188.70 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
AACHEN, NORDRHEIN-WESTFALEN, DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

01:52:00 Win2K-f 221.127.195.26 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 33 ec3d13cabe
[Firefox: 8 hits: 06-27 to 08-10] none[none] none:none
none|none none none

01:56:00 Win2K-f 118.6.97.149 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:01:58:00 WinXP 117.99.24.52 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:17 hits: 07-13 to 08-09] none[none] none:none
none|none none none

T:02:14:00 Win2K-f 60.236.185.207 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:24.192.170.232:12351
US:24.192.170.232:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

02:19:00 Win2K-f 63.23.68.69 (UU.NET):
UUNET TECHNOLOGIES INC,
LOS ANGELES, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80 135 pcap raw alerts
ruleset other
160 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:02:29:00 WinXP 60.250.201.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:03:11:00 Win2K-f 118.172.242.90 (-):
. 85.214.127.219:59999 DE:skathari.oligarxia.com 445 pcap raw alerts
ruleset shell
ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 22 of 35 557c0e2562
[Firefox: 5 hits: 07-24 to 08-10] none[none] none:none
none|none none none

03:14:00 WinXP 121.125.22.27 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.126:80
US:199.93.41.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33 6ec2a8994b
[Firefox:13 hits: 06-18 to 08-08]
857b781ca9
[Firefox: 9 hits: 06-18 to 08-08] none[4]
857b781ca9[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:03:15:00 WinXP 122.52.16.207 (PLDT.NET):
IPG,
PH. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:192.221.110.125:80
US:199.93.41.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
128 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33
0 of 33 16874933ea
[Firefox:29 hits: 06-18 to 08-09]
76ee340669
[Firefox:29 hits: 06-18 to 08-09]
e07c29c4ae
[Firefox:216 hits: 06-19 to 08-10] 16874933ea [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
PolyEnE|
FSG| lines=82
none
lines=92 trace
trace
trace

03:17:00 Win2K-f 116.123.244.127 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.126:80
US:199.93.41.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36 7564a6eb59
NEW
dac3eeed0e
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

03:18:00 WinXP 62.255.104.26 (NTLI.NET):
NTL INTERNET - BRENTFORD POP,
LONDON, ENGLAND, UK. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:308 hits: 12-31 to 08-10] 048df78048 [0] ASM:Graph
none|none lines=61 trace

03:52:00 WinXP 12.66.96.25 (PRSERV.NET):
AT&T GLOBAL SERVICES,
SCHAUMBURG, ILLINOIS, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:82 hits: 01-03 to 08-09] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

03:59:00 WinXP 92.228.78.18 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 30 of 36 0335abce73
NEW none[none] none:none
none|none none none

03:59:00 Win2K-f 122.134.5.94 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 21 of 36 47c80bd43f
NEW none[none] none:none
none|none none none

04:00:00 WinXP 78.48.235.113 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

04:02:00 WinXP 217.218.202.155 (-):
KAHROBANET,
IR. (100Mbps) n/a US:www.altavista.com
:www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
US:crime-research.ru
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:uvjiis.ru
:wpad
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
NL:www.viruslist.com
:pwvbfz.ru
:nuzbcp.ru
RU:alfabank.ru
:bqpuqt.ru
:okskyyn.ru
:pnlkria.ru
:kargai.ru
:www.proxy-socks.net
:kfwfceki.ru
GB:www.candidateverifier.com
:nhuwxyuw.ru
:udluzuq.ru
:fiazpvnne.ru
:ppxuub.ru
:lvwgdhwlj.ru
RU:www.cbr.ru
EU:crutop.nu
:raxeqajrf.ru
:dhagunb.ru
:zpwmktjv.ru
:aadqca.ru
:ygnrqi.ru
RU:www.mmbank.ru
:ycgnbe.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 12 of 36 cd8166e934
NEW none[none] none:none
none|none none none

04:07:00 Win2K-f 220.105.153.130 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:04:15:00 WinXP 122.17.74.186 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 33 of 33 3b2958417b
[Firefox: 5 hits: 07-09 to 07-29] none[none] none:none
none|none none none

T:04:15:00 Win2K-f 119.11.102.122 (-):
. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 33 of 36 dd62d21505
NEW none[none] none:none
none|none none none

T:04:27:00 WinXP 124.81.207.136 (CARSURIN.COM):
PT INDOSAT MEGA MEDIA,
ID. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f13919431d
NEW none[none] none:none
none|none none none

04:32:00 Win2K-f 96.15.192.47 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 6d86a1ff5a
[Firefox:30 hits: 06-25 to 08-09]
7f6e032fc0
[Firefox:30 hits: 06-25 to 08-09] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:39:00 Win2K-f 121.124.74.104 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

04:39:00 WinXP 76.171.226.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERMOSA BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

04:43:00 Win2K-f 119.11.67.184 (-):
. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:04:50:00 Win2K-f 220.99.148.51 (PLALA.OR.JP):
PLALA NETWORKS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 23 of 33 cf153403d1
[Firefox: 6 hits: 06-28 to 08-09] none[none] none:none
none|none none none

T:04:58:00 WinXP 222.147.230.98 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 30 of 33 dd1195e952
[Firefox: 7 hits: 06-28 to 08-09] none[none] none:none
none|none none none

05:04:00 Win2K-f 124.100.184.29 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

05:07:00 WinXP 220.144.146.79 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:26:00 Win2K-f 119.11.67.184 (-):
. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

05:26:00 Win2K-f 119.95.205.214 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:27:00 WinXP 118.169.35.177 (-):
. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:393 hits: 03-31 to 08-06] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:27:00 Win2K-f 78.96.73.37 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:393 hits: 03-31 to 08-06] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:05:27:00 WinXP 68.114.152.54 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox: 8 hits: 08-02 to 08-10] none[none] none:none
none|none none none

05:27:00 WinXP 68.114.152.54 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox: 8 hits: 08-02 to 08-10] none[none] none:none
none|none none none

05:28:00 Win2K-f 78.96.253.191 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
irc
17 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:393 hits: 03-31 to 08-06] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:32:00 WinXP 59.112.180.210 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:32:00 WinXP 93.120.154.189 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:427 hits: 12-31 to 08-10] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:05:36:00 WinXP 78.96.73.37 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
irc
81 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:393 hits: 03-31 to 08-06] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

05:47:00 WinXP 92.113.78.250 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:52:00 WinXP 221.170.10.218 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 f0c40a2b99
NEW none[none] none:none
none|none none none

05:58:00 WinXP 41.214.175.160 (-):
. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
:washington.dc.us.undernet.org
NL:london.uk.eu.undernet.org
SE:coins.dal.net
:caen.fr.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
:gaspode.zanet.org.za
SE:ced.dal.net
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox: 2 hits: 08-06 to 08-09] none[none] none:none
none|none none none

T:05:59:00 Win2K-f 71.79.67.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

05:59:00 WinXP 125.224.210.120 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:06:01:00 Win2K-f 220.144.146.79 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 e35375d064
NEW none[none] none:none
none|none none none

T:06:08:00 Win2K-f 219.71.115.57 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:06:11:00 WinXP 122.49.196.94 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:308 hits: 12-31 to 08-10] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:21:00 WinXP 114.120.57.190 (-):
. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a0044bcb25
[Firefox: 3 hits: 08-02 to 08-07] none[none] none:none
none|none none none

06:23:00 Win2K-f 65.68.19.187 (-):
POPLAR PCS,
JONESBORO, ARKANSAS, US. (100Mbps) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
0 of 32
28 of 32 3f0a5b2ebe
[Firefox:10 hits: 06-18 to 08-09]
b5919931fe
[Firefox:286 hits: 06-20 to 08-10]
c6bfb5f0f2
[Firefox:10 hits: 06-18 to 08-09] none[4]
b5919931fe[1]
c6bfb5f0f2[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
ASProtect|
Armadillo| none
lines=90
lines=81 trace
trace
trace

06:32:00 WinXP 69.232.234.92 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10]
e07c29c4ae
[Firefox:216 hits: 06-19 to 08-10] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

06:38:00 WinXP 75.50.54.88 (SBCGLOBAL.NET):
PPPOX POOL - RBACK4.SPFDMO,
SPRINGFIELD, MISSOURI, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

07:26:00 WinXP 193.248.49.147 (ABO.WANADOO.FR):
WANADOO FRANCE,
MONTPELLIER, LANGUEDOC-ROUSSILLON, FR. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:81 hits: 01-08 to 08-10] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

07:30:00 Win2K-f 71.100.215.14 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
TAMPA, FLORIDA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80
US:208.111.173.53:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

07:51:00 WinXP 85.122.66.140 (RNC.RO):
RNC,
RO. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 34 4fcb64de75
NEW none[none] none:none
none|none none none

T:07:52:00 WinXP 84.59.218.75 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) 64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:07:53:00 Win2K-f 222.150.90.172 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:58:00 WinXP 41.214.170.208 (-):
. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 41065f98ee
NEW none[none] none:none
none|none none none

T:08:08:00 Win2K-f 76.200.216.27 (SBCGLOBAL.NET):
PPPOX POOL - BRAS2.OKCYOK,
EDMOND, OKLAHOMA, US. (DSL) n/a
IL:194.90.224.86:80 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:38:00 WinXP 221.187.82.175 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 64.202.117.102:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 22 of 36 e48fdda0af
NEW none[none] none:none
none|none none none

T:08:58:00 Win2K-f 210.126.212.149 (KRLINE.NET):
KRNIC,
KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10]
b5919931fe
[Firefox:286 hits: 06-20 to 08-10] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

09:01:00 WinXP 84.59.218.75 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:09:04:00 WinXP 24.80.178.42 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.54:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:18:00 WinXP 71.65.27.234 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

09:22:00 WinXP 219.122.194.166 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 28 of 29 3a813df3ed
[Firefox: 4 hits: 02-04 to 03-13] 7759abbf55 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:09:28:00 WinXP 71.65.27.234 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

09:30:00 WinXP 219.114.16.34 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
KAWASAKI, KANAGAWA, JP. 64.202.117.102:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:09:42:00 WinXP 70.126.1.136 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

09:43:00 WinXP 195.241.196.56 (TISCALI.NL):
TISCALI-DIALN,
AMSTERDAM, NOORD-HOLLAND, NL. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:308 hits: 12-31 to 08-10] 048df78048 [0] ASM:Graph
none|none lines=61 trace

09:47:00 Win2K-f 96.14.19.36 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:50:00 WinXP 117.96.163.192 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

09:54:00 WinXP 58.85.253.155 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80
US:207.123.42.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 2e45ae247e
[Firefox: 4 hits: 06-25 to 07-07]
53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

T:10:07:00 Win2K-f 4.156.234.174 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BOSTON, MASSACHUSETTS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10]
b5919931fe
[Firefox:286 hits: 06-20 to 08-10] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:10:09:00 WinXP 219.167.87.102 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 210.245.211.11:65520 69.50.172.3:5190 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
EU:dablyt.cn
EU:s4.jonnyblack7934.net
US:mazerattikrak.info
EU:opilired.cn
EU:www.upononjob.cn
US:s2.jorbanblack.com
US:69.50.172.3:5190 445 pcap raw alerts
ruleset ftp
irc
http
http
737 lines Yeah : 1.8
profile none summary
tarball 8 of 36
34 of 36
33 of 35
20 of 36
17 of 35
22 of 36
27 of 36
17 of 36
36 of 36
28 of 36 3607190229
NEW
4afcb71ac9
NEW
4ffbac004b
NEW
58a560dc60
NEW
5ab0a45f63
[Firefox:72 hits: 07-24 to 08-10]
6276734470
NEW
a839b3ac67
NEW
c94ba94f51
NEW
e4b5535cf1
NEW
ea3c84acac
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none
none
none
none none
none
none
none
none
none
none
none
none
none

10:23:00 WinXP 64.126.154.205 (FSR.NET):
FIRST STEP INTERNET,
LENORE, IDAHO, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:427 hits: 12-31 to 08-10] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:10:23:00 WinXP 64.126.154.205 (FSR.NET):
FIRST STEP INTERNET,
LENORE, IDAHO, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:427 hits: 12-31 to 08-10] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

10:24:00 WinXP 190.139.135.68 (NET.AR):
TELECOM ARGENTINA S.A,
AR. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
DE:dl2.teenpassage.com 445 pcap raw alerts
ruleset http
irc
9 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c996d575d2
NEW none[none] none:none
none|none none none

T:10:28:00 WinXP 207.5.205.88 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:206.33.43.126:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:35:00 Win2K-f 78.59.188.74 (ZEBRA.LT):
LIETUVOS,
LT. n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

10:47:00 WinXP 77.37.156.57 (NCNET.RU):
NCN-INFRA,
RU. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
http
10 lines Yeah : 0.8
profile none summary
tarball 34 of 36 e02fae8192
NEW none[none] none:none
none|none none none

T:10:52:00 WinXP 170.51.79.188 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

10:56:00 WinXP 130.13.33.243 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
EU:dablyt.cn
EU:s4.jonnyblack7934.net
US:mazerattikrak.info
EU:opilired.cn
EU:www.upononjob.cn
196.32.220.3:80
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset irc
http
http
671 lines Yeah : 1.8
profile none summary
tarball 8 of 36
19 of 35
17 of 35
16 of 36
32 of 33
29 of 32
20 of 36
36 of 36
28 of 36 3607190229
NEW
37f41fd8ab
[Firefox:59 hits: 07-24 to 08-10]
5ab0a45f63
[Firefox:72 hits: 07-24 to 08-10]
7027497b1d
NEW
7f66e51c85
[Firefox: 7 hits: 07-11 to 08-06]
9d12fe9d3b
[Firefox: 8 hits: 07-11 to 08-06]
a9bf3a8b28
NEW
e4b5535cf1
NEW
ea3c84acac
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none
none
none none
none
none
none
none
none
none
none
none

11:14:00 WinXP 62.180.145.221 (IGNITE.NET):
BT-IGNITE-FREESURF-DIALPORTS,
DE. n/a 445 pcap raw alerts
ruleset http
6 lines Argh : 0.3
profile none summary
tarball none none none none none none none

11:22:00 Win2K-f 99.155.138.102 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.149:80
US:208.111.148.152:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:31:00 WinXP 4.174.252.67 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHILADELPHIA, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

11:50:00 WinXP 77.254.41.137 (COM.PL):
NETIA,
PL. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

11:54:00 WinXP 71.104.209.44 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
YUCAIPA, CALIFORNIA, US. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:427 hits: 12-31 to 08-10] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:34:00 Win2K-f 209.29.83.137 (TELUS.COM):
TELUS COMMUNICATIONS INC,
TORONTO, ONTARIO, CA. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10]
b5919931fe
[Firefox:286 hits: 06-20 to 08-10] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

12:36:00 WinXP 41.214.186.97 (-):
. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox: 2 hits: 08-06 to 08-09] none[none] none:none
none|none none none

12:38:00 WinXP 89.244.205.55 (VERSANETONLINE.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. 64.202.117.102:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 15 of 36 37cd59759e
[Firefox: 2 hits: 08-01 to 08-10] none[none] none:none
none|none none none

12:42:00 WinXP 76.174.68.59 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHINO HILLS, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 35 of 36 852e30ad56
NEW none[none] none:none
none|none none none

12:54:00 Win2K-f 4.139.108.6 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:01:00 WinXP 71.68.82.150 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MONROE, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:16:00 WinXP 68.145.40.145 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b09a84a473
NEW none[none] none:none
none|none none none

13:22:00 Win2K-f 75.82.147.241 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:27:00 WinXP 66.57.211.32 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FAYETTEVILLE, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

13:40:00 WinXP 79.112.226.225 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 f0b49cdcfc
[Firefox: 4 hits: 07-04 to 07-19] none[none] none:none
none|none none none

13:44:00 Win2K-f 75.33.114.78 (-):
DHCP STLSMO RBACK,
ST. LOUIS, MISSOURI, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 33
32 of 33 c925f34dbe
NEW
f3f14bc33d
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

13:52:00 WinXP 12.73.22.137 (ATT.NET):
AT&T WORLDNET SERVICES,
PORTLAND, OREGON, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:52:00 WinXP 200.100.170.232 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SãO PAULO, BR. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 3c6d20789c
NEW none[none] none:none
none|none none none

13:52:00 WinXP 170.51.102.252 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:52:00 WinXP 200.100.170.232 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SãO PAULO, BR. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 bf25e70e47
NEW none[none] none:none
none|none none none

T:14:01:00 Win2K-f 92.41.49.106 (IKBCC.COM):
EU-ZZ,
UK. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:47:00 Win2K-f 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:206.33.43.126:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
b7082104e4
[Firefox:80 hits: 06-18 to 08-10] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

14:54:00 WinXP 219.110.152.81 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

14:58:00 Win2K-f 4.246.204.132 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a 135 pcap raw alerts
ruleset other
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:04:00 Win2K-f 89.241.129.109 (-):
OPAL TELECOM DSL,
LUTON, ENGLAND, UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 22 of 36 a621498c51
NEW none[none] none:none
none|none none none

T:15:05:00 Win2K-f 24.92.189.231 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:15:10:00 WinXP 213.183.191.57 (EWE-IP-BACKBONE.DE):
EWETEL-ANTISPAM1-NET,
OLDENBURG, NIEDERSACHSEN, DE. n/a 445 pcap raw alerts
ruleset other
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:12:00 Win2K-f 122.134.29.34 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

15:17:00 Win2K-f 4.247.158.231 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TAMPA, FLORIDA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
137 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:17:00 WinXP 70.166.111.23 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.45.125:80
US:207.123.42.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 34 of 36
28 of 33 da00a8e7a1
[Firefox: 3 hits: 08-05 to 08-08]
f685f8e027
[Firefox: 7 hits: 06-18 to 08-08] none[none]
f685f8e027[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=82 none
trace

15:19:00 Win2K-f 172.138.244.109 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:662 hits: 06-18 to 08-10] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

15:25:00 WinXP 60.250.201.224 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:15:26:00 Win2K-f 124.98.226.76 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 22 of 34 fc924abdd3
NEW none[none] none:none
none|none none none

15:38:00 WinXP 92.41.8.173 (IKBCC.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 6f1691e3b3
[Firefox: 2 hits: 06-03 to 07-23] none[4] none:none
PolyEnE| none trace

15:49:00 Win2K-f 221.190.21.164 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:15:51:00 WinXP 122.135.194.212 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 33 of 36 c890fc20ea
NEW none[none] none:none
none|none none none

T:15:55:00 Win2K-f 170.51.99.66 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:58:00 WinXP 76.176.176.103 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SAN DIEGO, CALIFORNIA, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:82 hits: 01-03 to 08-09] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

16:08:00 WinXP 203.206.9.175 (IINET.NET.AU):
IINET LIMITED,
MELBOURNE, VICTORIA, AU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:308 hits: 12-31 to 08-10] 048df78048 [0] ASM:Graph
none|none lines=61 trace

16:10:00 WinXP 69.107.174.37 (PACBELL.NET):
3CIM INC,
SAN JOSE, CALIFORNIA, US. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80
US:207.123.47.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 34 of 36
29 of 33 1f59c01aef
[Firefox: 2 hits: 08-01 to 08-08]
dc92683d9a
[Firefox: 8 hits: 06-19 to 08-08] none[none]
dc92683d9a[1] none:none
ASM:Graph
none|none
Armadillo| none
lines=82 none
trace

16:11:00 Win2K-f 24.64.19.76 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:20:00 WinXP 4.177.222.148 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
120 lines Yeah : 1.3
profile none summary
tarball 8 of 36 fbd5c596d8
NEW none[none] none:none
none|none none none

16:31:00 WinXP 119.11.110.159 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:16:33:00 Win2K-f 96.14.169.195 (-):
. n/a 135 pcap raw alerts
ruleset other
478 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 36 644b2a1105
[Firefox: 3 hits: 08-01 to 08-08]
9c9ab20965
[Firefox: 3 hits: 08-01 to 08-08] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:36:00 Win2K-f 125.215.103.172 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

16:40:00 WinXP 118.237.39.135 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 27b945de66
[Firefox:11 hits: 06-20 to 07-19] none[4] none:none
none|none none trace

16:46:00 Win2K-f 119.11.102.83 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 33 of 36 dd62d21505
NEW none[none] none:none
none|none none none

T:16:48:00 WinXP 125.197.21.7 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
58 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:16:51:00 Win2K-f 124.85.212.57 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

16:57:00 Win2K-f 118.8.14.102 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

17:06:00 Win2K-f 60.37.128.107 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c3c3cae354
[Firefox: 3 hits: 08-10 to 08-10] none[none] none:none
none|none none none

T:17:11:00 Win2K-f 122.133.5.230 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:17:14:00 Win2K-f 58.191.171.36 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 36 a532426897
NEW none[none] none:none
none|none none none

17:15:00 WinXP 66.245.221.199 (DSLEXTREME.COM):
DSL EXTREME,
SAN JOSE, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

17:20:00 WinXP 200.112.250.98 (CMET.NET):
CMET SACI,
SANTIAGO, REGION METROPOLITANA, CL. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox: 8 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:17:21:00 Win2K-f 70.183.185.211 (COX.NET):
COX COMMUNICATIONS,
BATON ROUGE, LOUISIANA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:23:00 Win2K-f 123.224.189.147 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 24 of 36 e2560a4fab
NEW none[none] none:none
none|none none none

T:17:24:00 WinXP 98.25.106.173 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:308 hits: 12-31 to 08-10] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:17:31:00 Win2K-f 76.177.220.127 (RR.COM):
ROAD RUNNER HOLDCO LLC,
YULEE, FLORIDA, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:35:00 Win2K-f 122.27.20.122 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:17:39:00 WinXP 118.7.100.155 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
85 lines Yeah : 1.8
profile none summary
tarball 15 of 36 86d0b73e6a
[Firefox: 2 hits: 08-07 to 08-10] none[none] none:none
none|none none none

17:42:00 WinXP 170.51.99.116 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:17:44:00 Win2K-f 221.191.88.85 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 ac37844088
NEW none[none] none:none
none|none none none

17:46:00 WinXP 119.228.180.135 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:255 hits: 01-05 to 08-10] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:17:57:00 Win2K-f 61.19.127.90 (CDPM1.COM):
CAT TELECOM PUBLIC COMPANY LTD,
TH. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:07:00 WinXP 200.165.248.226 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 32 a3f358bd55
[Firefox: 8 hits: 06-10 to 08-08] none[4] none:none
PolyEnE| none trace

T:18:10:00 WinXP 170.51.134.94 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:16:00 WinXP 98.141.179.92 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:940 hits: 12-31 to 08-10] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

18:18:00 WinXP 118.236.117.209 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

18:20:00 Win2K-f 221.191.88.85 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 ac37844088
NEW none[none] none:none
none|none none none

18:23:00 Win2K-f 220.104.134.243 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 25 of 36 e7b039b6f5
NEW none[none] none:none
none|none none none

18:25:00 Win2K-f 222.148.151.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

18:30:00 WinXP 12.217.51.124 (MCHSI.COM):
AT&T WORLDNET SERVICES,
BROOKINGS, SOUTH DAKOTA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:53 hits: 01-14 to 08-10] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:18:34:00 Win2K-f 118.8.111.212 (-):
. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4fa4fc482c
NEW none[none] none:none
none|none none none

T:18:39:00 WinXP 118.236.117.209 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:18:42:00 Win2K-f 124.87.233.91 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:18:46:00 WinXP 222.148.151.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

18:56:00 Win2K-f 125.195.97.61 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 5 hits: 08-02 to 08-10] none[none] none:none
none|none none none

19:01:00 WinXP 202.219.252.211 (INFOWEB.NE.JP):
INFOWEB,
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 13 of 33 7e8babc6f9
[Firefox: 3 hits: 06-27 to 08-10] none[none] none:none
none|none none none

19:01:00 WinXP 4.153.200.189 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BIRMINGHAM, ALABAMA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:02:00 WinXP 118.109.38.88 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 15 of 36 07bb94631b
NEW none[none] none:none
none|none none none

T:19:02:00 WinXP 118.7.148.232 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

19:06:00 WinXP 61.203.28.77 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
66 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

19:10:00 Win2K-f 118.108.66.200 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 f7d82105ba
NEW none[none] none:none
none|none none none

19:27:00 WinXP 170.51.84.244 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

19:47:00 WinXP 76.244.78.250 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a RU:moscow-advokat.ru
RU:irc.tsk.ru
US:lia.zanet.net
:washington.dc.us.undernet.org
HR:london.uk.eu.undernet.org
:flanders.be.eu.undernet.org
:irc.kar.net
:los-angeles.ca.us.undernet.org 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 492957db81
[Firefox:12 hits: 01-01 to 08-10] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

19:55:00 Win2K-f 122.133.5.230 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:20:00:00 WinXP 211.123.233.208 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:20:03:00 WinXP 97.94.119.25 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:04:00 WinXP 118.105.146.112 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 33 of 35 dd0b6249c4
[Firefox: 2 hits: 08-02 to 08-07] none[none] none:none
none|none none none

T:20:11:00 WinXP 123.224.202.248 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

20:12:00 Win2K-f 130.13.114.228 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 18 of 36 72545efc4f
[Firefox: 6 hits: 08-08 to 08-08] none[none] none:none
none|none none none

T:20:14:00 Win2K-f 189.51.226.4 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:20:25:00 Win2K-f 124.96.163.7 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:41:00 Win2K-f 92.3.163.192 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 21 of 36 e72624fb94
[Firefox: 4 hits: 08-05 to 08-07] none[none] none:none
none|none none none

20:48:00 Win2K-f 125.215.108.142 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:20:51:00 Win2K-f 123.220.76.218 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 118e365bd9
NEW none[none] none:none
none|none none none

20:59:00 WinXP 124.102.67.94 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:21:01:00 WinXP 122.132.172.49 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:21:11:00 Win2K-f 222.236.119.34 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.47.126:80
HK:210.245.211.11:65520
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 32 1509c8d024
[Firefox:17 hits: 06-17 to 08-08]
f23b040440
[Firefox: 8 hits: 06-22 to 08-08] none[4]
f23b040440[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:21:15:00 WinXP 123.224.86.205 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

21:19:00 Win2K-f 61.222.2.212 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80
US:199.93.53.126:80
US:206.33.43.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
57ce4acac2
[Firefox:106 hits: 06-17 to 08-10] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:26:00 Win2K-f 118.111.34.107 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox: 5 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:21:32:00 WinXP 70.68.173.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c39b9415c3
NEW none[none] none:none
none|none none none

21:35:00 Win2K-f 222.145.189.200 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

21:40:00 WinXP 121.114.149.231 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

21:42:00 WinXP 220.96.52.141 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 67.149.121.39:12351 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.8
profile none summary
tarball 34 of 36 4fa4fc482c
NEW none[none] none:none
none|none none none

T:21:50:00 Win2K-f 125.102.38.55 (UCOM.NE.JP):
G-OS0025N,
JP. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

21:50:00 WinXP 118.105.153.173 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 33 of 35 dd0b6249c4
[Firefox: 2 hits: 08-02 to 08-07] none[none] none:none
none|none none none

21:54:00 Win2K-f 221.171.136.231 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 21 of 36 c4e2f8b58f
NEW none[none] none:none
none|none none none

22:00:00 WinXP 99.129.196.17 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:81 hits: 01-08 to 08-10] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:22:01:00 Win2K-f 125.58.68.245 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:03:00 Win2K-f 64.219.76.219 (SWBELL.NET):
PPPOX POOL - RBACK14 HSTNTX,
HOUSTON, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.254:80
US:208.111.153.215:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:04:00 WinXP 205.163.99.2 (NETSCOPE.NET):
MIKROTEC INTERNET SERVICES INC,
LEXINGTON, KENTUCKY, US. n/a 135 pcap raw alerts
ruleset other
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:07:00 WinXP 218.249.149.203 (IAPCM.AC.CN):
BEIJING TELETRON TELECOM ENGINEERING CO. LTD,
BEIJING, BEIJING, CN. 67.43.236.98:5190 CA:xx.sqlteam.info
CA:alwayssam.com
CA:zonetech.info
US:130.107.241.93:9908 135 pcap raw alerts
ruleset irc
http
336 lines Yeah : 1.8
profile none summary
tarball 14 of 36
14 of 36
15 of 36
14 of 36
21 of 35 11768b975d
[Firefox: 4 hits: 08-06 to 08-09]
9b09258622
[Firefox: 6 hits: 08-05 to 08-09]
b6e55274d0
[Firefox: 5 hits: 08-05 to 08-09]
cd0d825f7a
[Firefox: 5 hits: 08-05 to 08-09]
d81fee6185
NEW none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

22:08:00 Win2K-f 125.192.227.44 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 8cecfbe51c
NEW none[none] none:none
none|none none none

T:22:13:00 Win2K-f 170.51.121.249 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:22:22:00 Win2K-f 70.248.127.208 (SWBELL.NET):
PPPOX POOL - BRAS14 RCSNTX,
DALLAS, TEXAS, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
a08f3b74a4
[Firefox:433 hits: 06-18 to 08-10] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:24:00 WinXP 203.136.79.197 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:22:29:00 WinXP 151.118.184.72 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
126 lines Yeah : 1.3
profile none summary
tarball 32 of 33
29 of 32
0 of 33 7f66e51c85
[Firefox: 7 hits: 07-11 to 08-06]
9d12fe9d3b
[Firefox: 8 hits: 07-11 to 08-06]
e07c29c4ae
[Firefox:216 hits: 06-19 to 08-10] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:22:30:00 Win2K-f 203.112.60.250 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

T:22:34:00 Win2K-f 119.11.112.23 (-):
. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 33 of 36 dd62d21505
NEW none[none] none:none
none|none none none

T:22:38:00 WinXP 82.197.135.48 (-):
LNC-PRIMACALL-DSL,
BERLIN, BERLIN, DE. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 1.8
profile none summary
tarball 29 of 35 f752131714
NEW none[none] none:none
none|none none none

22:47:00 WinXP 122.16.115.224 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 15 of 36 d2f3fc39f6
NEW none[none] none:none
none|none none none

22:53:00 WinXP 87.12.150.245 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:118 hits: 05-22 to 08-10] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

22:55:00 Win2K-f 119.92.223.47 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 2 of 36
33 of 33 37d1f7f575
NEW
76ee340669
[Firefox:29 hits: 06-18 to 08-09] none[none]
none [4] none:none
none:none
none|none
PolyEnE| none
none none
trace

T:22:58:00 Win2K-f 116.126.250.101 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 32 0c3d1ec2df
NEW
8de905030e
NEW
b5919931fe
[Firefox:286 hits: 06-20 to 08-10] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

23:13:00 Win2K-f 219.248.228.18 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
131 lines Yeah : 1.3
profile none summary
tarball 27 of 32
31 of 33
0 of 32 00392af02f
[Firefox: 2 hits: 07-03 to 07-03]
325971e23c
[Firefox: 2 hits: 07-03 to 07-03]
b5919931fe
[Firefox:286 hits: 06-20 to 08-10] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

23:13:00 WinXP 203.54.36.222 (TMNS.NET.AU):
TELSTRAINTERNET5,
MELBOURNE, VICTORIA, AU. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:199.93.44.124:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
177 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1310 hits: 06-17 to 08-10]
73f1082158
[Firefox:662 hits: 06-18 to 08-10] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:20:00 WinXP 217.42.143.192 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:354 hits: 06-27 to 08-10] none[none] none:none
none|none none none

23:24:00 WinXP 125.173.23.163 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:320 hits: 06-27 to 08-10] none[none] none:none
none|none none none

23:27:00 Win2K-f 58.88.51.228 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:358 hits: 06-27 to 08-10] none[none] none:none
none|none none none

23:37:00 WinXP 221.126.227.237 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 7 hits: 08-01 to 08-10] none[none] none:none
none|none none none

23:38:00 Win2K-f 221.126.254.196 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 28 of 36 043e258c65
NEW none[none] none:none
none|none none none

T:23:39:00 WinXP 123.221.217.250 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 31 of 33 aa346f4557
[Firefox: 5 hits: 06-27 to 08-10] none[none] none:none
none|none none none

23:44:00 Win2K-f 221.127.73.195 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 15 of 36 8f63f0d2a2
[Firefox: 7 hits: 08-01 to 08-10] none[none] none:none
none|none none none

23:46:00 WinXP 79.112.224.158 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a RU:moscow-advokat.ru
:flanders.be.eu.undernet.org
SE:ced.dal.net
AT:graz.at.eu.undernet.org
SE:vancouver.dal.net
NO:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
US:lia.zanet.net
SE:qis.md.us.dal.net
:gaspode.zanet.org.za
SE:coins.dal.net
:washington.dc.us.undernet.org
SE:viking.dal.net
NL:diemen.nl.eu.undernet.org
SE:ozbytes.dal.net
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 33 of 33 f0b49cdcfc
[Firefox: 4 hits: 07-04 to 07-19] none[none] none:none
none|none none none