Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 August 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:05:00 WinXP 208.105.186.90 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
00:07:00 Win2K-f 60.43.111.238 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 35 41ec9d69c8
[Firefox: 3 hits: 08-04 to 08-10] 		none[none] none:none
 none|none none none
T:00:07:00 Win2K-f 119.72.60.192 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 9ddd6c5e47
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
00:13:00 Win2K-f 60.40.99.94 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
00:15:00 WinXP 125.192.123.245 (MESH.AD.JP):
NEC CORPORATION,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:00:17:00 WinXP 124.86.124.212 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:00:18:00 WinXP 118.15.122.20 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:00:29:00 Win2K-f 70.60.8.179 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EDISON, OHIO, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:00:30:00 WinXP 82.141.77.236 (KOTINET.COM):
POHJANMAAN PPO OY,
YLIVIESKA, OULUN LAANI, FI. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		18 of 36 e4d3794f7a
[Firefox: 6 hits: 08-04 to 08-11] 		none[none] none:none
 none|none none none
T:00:34:00 Win2K-f 221.127.73.195 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
54 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 8f63f0d2a2
[Firefox: 9 hits: 08-01 to 08-11] 		none[none] none:none
 none|none none none
00:34:00 Win2K-f 70.183.185.211 (COX.NET):
COX COMMUNICATIONS,
BATON ROUGE, LOUISIANA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:207.123.42.126:80
US:4.23.60.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
00:35:00 Win2K-f 125.197.46.53 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36 f7d82105ba
NEW 		none[none] none:none
 none|none none none
00:38:00 Win2K-f 217.94.222.172 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 1ba3d9d3e8
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
T:00:39:00 Win2K-f 123.254.34.212 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
00:40:00 WinXP 83.135.86.78 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
MARL, NORDRHEIN-WESTFALEN, DE. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 37cd59759e
[Firefox: 3 hits: 08-01 to 08-11] 		none[none] none:none
 none|none none none
T:00:42:00 WinXP 86.142.154.169 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 131351dd21
[Firefox: 8 hits: 05-22 to 07-14] 		none[4] none:none
 none|none none trace
T:00:44:00 Win2K-f 118.105.153.173 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 4c718f0d24
[Firefox: 5 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
T:00:50:00 Win2K-f 80.134.100.237 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
HANNOVER, NIEDERSACHSEN, DE. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 35 cae05c0015
NEW 		none[none] none:none
 none|none none none
T:00:57:00 WinXP 91.67.148.78 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:02:00 WinXP 59.190.123.46 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 521f40daa7
NEW 		none[none] none:none
 none|none none none
T:01:06:00 Win2K-f 119.11.97.246 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
01:08:00 WinXP 71.79.67.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:206.33.43.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
01:18:00 WinXP 122.133.2.115 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:18:00 WinXP 118.236.98.47 (-):
. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:22:00 WinXP 79.11.132.231 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
55 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
01:26:00 WinXP 125.173.3.191 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:27:00 Win2K-f 91.67.117.68 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
01:33:00 Win2K-f 60.45.126.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:38:00 WinXP 88.254.101.137 (TTNET.NET.TR):
TT ADSL-ALCATEL DYNAMIC_ULUS,
ANKARA, ANKARA, TR. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
49 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
01:40:00 Win2K-f 122.135.52.38 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
01:42:00 Win2K-f 122.22.8.199 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:01:46:00 Win2K-f 221.191.228.38 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 b333d29ff7
[Firefox: 5 hits: 06-29 to 07-01] 		none[none] none:none
 none|none none none
T:01:48:00 WinXP 78.51.107.70 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
02:08:00 WinXP 122.132.21.61 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:02:10:00 WinXP 218.228.180.114 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		other
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
02:16:00 Win2K-f 221.189.16.49 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:02:20:00 WinXP 220.221.126.13 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TAKAOKA, TOYAMA, JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:263 hits: 01-05 to 08-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:02:21:00 Win2K-f 122.132.21.61 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:02:28:00 WinXP 92.114.175.80 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 dae77d66f3
[Firefox: 9 hits: 07-08 to 08-05] 		none[none] none:none
 none|none none none
T:02:34:00 Win2K-f 116.120.245.136 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:206.33.43.126:80
US:207.123.46.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
86 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
29 of 32		 73f1082158
[Firefox:677 hits: 06-18 to 08-11]
9d677c3f70
[Firefox: 6 hits: 06-20 to 08-04] 		73f1082158 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
02:41:00 Win2K-f 221.127.116.39 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
02:49:00 WinXP 117.102.154.49 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 33 c5a2efda72
[Firefox: 2 hits: 06-28 to 06-28] 		none[none] none:none
 none|none none none
T:02:49:00 WinXP 60.45.126.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
02:52:00 Win2K-f 91.67.148.78 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:02:57:00 Win2K-f 91.64.11.211 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 36 2238890214
NEW 		none[none] none:none
 none|none none none
T:03:07:00 WinXP 222.144.72.130 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
47 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
03:09:00 WinXP 118.108.79.162 (-):
. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 35 3783c700a9
NEW 		none[none] none:none
 none|none none none
T:03:16:00 Win2K-f 118.1.254.218 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 86d0b73e6a
[Firefox: 3 hits: 08-07 to 08-11] 		none[none] none:none
 none|none none none
03:18:00 WinXP 122.18.115.74 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 3f787c87ef
NEW 		none[none] none:none
 none|none none none
T:03:24:00 Win2K-f 80.219.106.135 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
http
306 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
31 of 33
28 of 36		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
d7c5eee185
[Firefox: 2 hits: 06-30 to 08-10]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
03:26:00 Win2K-f 125.215.102.194 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
03:31:00 Win2K-f 84.13.210.185 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
LONDON, ENGLAND, UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
03:33:00 WinXP 4.153.206.91 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BIRMINGHAM, ALABAMA, US. (DIAL) 		n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:ced.dal.net
AT:graz.at.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:viking.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:431 hits: 12-31 to 08-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:03:39:00 Win2K-f 210.3.222.199 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
03:42:00 Win2K-f 221.127.38.236 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:03:49:00 Win2K-f 203.136.193.55 (MESH.AD.JP):
NEC CORPORATION,
OSAKA, OSAKA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:03:49:00 WinXP 221.189.56.110 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
58 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
03:50:00 WinXP 122.123.143.69 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:263 hits: 01-05 to 08-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:03:53:00 WinXP 125.215.102.194 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:04:07:00 Win2K-f 123.216.209.238 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		210.245.211.11:65520 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
US:chat-shqip.org
IL:wr.mcboo.com 		445 pcap raw alerts
ruleset 		ftp
irc
http
185 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
20 of 36
28 of 36		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
6d61f09df1
NEW
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
04:07:00 Win2K-f 118.8.32.144 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:09:00 WinXP 118.9.240.25 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:04:15:00 WinXP 219.160.154.95 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
67 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
04:29:00 WinXP 122.26.26.235 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
04:29:00 WinXP 221.171.4.1 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 36 596e449762
NEW 		none[none] none:none
 none|none none none
T:04:33:00 WinXP 221.127.38.236 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
46 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:04:37:00 Win2K-f 92.0.216.58 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com 		445 pcap raw alerts
ruleset 		irc
http
8 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 35
17 of 35		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
04:38:00 WinXP 125.195.58.86 (MESH.AD.JP):
NEC CORPORATION,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
46 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
04:38:00 Win2K-f 60.35.52.87 (PLALA.OR.JP):
PLALA NETWORKS INC,
JAFFNA, NORTH EASTERN, LK. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36 7140ff24e6
NEW 		none[none] none:none
 none|none none none
04:39:00 WinXP 4.173.86.112 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.108:80
US:208.111.148.69:80 		135 pcap raw alerts
ruleset 		other
192 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
04:40:00 WinXP 202.70.250.96 (ONINET.NE.JP):
OKAYAMA NETWORK INC,
OKAYAMA, OKAYAMA, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
50 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
04:46:00 Win2K-f 218.42.121.114 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
TOKYO, TOKYO, JP. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
04:50:00 WinXP 84.59.198.54 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) 		64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:04:57:00 Win2K-f 76.189.17.249 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WESTLAKE, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:04:59:00 Win2K-f 80.134.112.188 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
HANNOVER, NIEDERSACHSEN, DE. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
IL:dl.loloplanet.com
IL:194.90.224.82:80 		445 pcap raw alerts
ruleset 		ftp
irc
http
225 lines 		Yeah : 1.8
profile 		none summary
tarball 		17 of 35
32 of 35
28 of 36		 5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
cae05c0015
NEW
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:05:00:00 WinXP 118.236.147.169 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:05:06:00 WinXP 118.105.191.156 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 35 dd0b6249c4
[Firefox: 4 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
05:07:00 Win2K-f 213.76.154.12 (LANNET.PL):
LANNET S.C. W. KOMALA Z. LOMPERTA,
WARSAW, MAZOWIECKIE, PL. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 b3af806ef0
NEW 		none[none] none:none
 none|none none none
05:18:00 WinXP 124.86.145.32 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
05:18:00 Win2K-f 91.66.175.252 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:05:19:00 Win2K-f 118.236.115.165 (-):
. 		210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
:www.speed-runner.com
IL:194.90.224.82:80 		445 pcap raw alerts
ruleset 		irc
http
http
http
414 lines 		Yeah : 1.3
profile 		none summary
tarball 		8 of 33
19 of 35
17 of 35
21 of 33
0 of 33
27 of 33
28 of 36		 1ac39aea6b
[Firefox: 3 hits: 06-28 to 07-29]
37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
7b1de9d82d
[Firefox: 3 hits: 06-28 to 07-29]
820bef376c
[Firefox: 3 hits: 06-28 to 07-29]
d6fbe37100
[Firefox: 3 hits: 06-28 to 07-29]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none 		none
none
none
none
none
none
none
T:05:24:00 WinXP 117.99.59.162 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
irc
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 9b9e5dcb18
[Firefox: 2 hits: 08-08 to 08-09] 		none[none] none:none
 none|none none none
05:31:00 Win2K-f 196.208.94.45 (TELKOM-IPNET.CO.ZA):
AFRINIC,
CAPE TOWN, WESTERN CAPE, ZA. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:05:33:00 WinXP 118.237.58.72 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 36 60550289bd
NEW 		none[none] none:none
 none|none none none
T:05:38:00 Win2K-f 80.166.184.44 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
HELSINGøR, FREDERIKSBORG, DK. 		n/a  
IL:194.90.224.86:80 		445 pcap raw alerts
ruleset 		http
http
http
5 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
05:38:00 WinXP 118.105.191.156 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
49 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33 505238d7ef
[Firefox:19 hits: 06-28 to 08-11] 		none[none] none:none
 none|none none none
05:39:00 WinXP 4.185.210.119 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.148.115:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
32 of 36
0 of 33		 4a81639580
NEW
6e72d6e93e
NEW
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
05:42:00 WinXP 81.96.118.67 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
BEDFORD, ENGLAND, UK. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
05:42:00 Win2K-f 118.1.32.246 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 e80215f572
[Firefox: 3 hits: 08-02 to 08-10] 		none[none] none:none
 none|none none none
T:05:52:00 WinXP 60.40.217.213 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 36 34862983cd
NEW 		none[none] none:none
 none|none none none
06:03:00 Win2K-f 124.87.163.94 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
06:07:00 WinXP 123.218.173.153 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 f7249dcbd7
NEW 		none[none] none:none
 none|none none none
06:10:00 Win2K-f 122.133.182.19 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 36 b5a2d54399
[Firefox: 2 hits: 08-06 to 08-09] 		none[none] none:none
 none|none none none
06:19:00 Win2K-f 125.2.25.201 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:06:23:00 WinXP 80.104.205.205 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
VICENZA, VENETO, IT. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 36 da692d54b5
NEW 		none[none] none:none
 none|none none none
T:06:28:00 WinXP 122.25.4.206 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
06:34:00 WinXP 122.22.238.126 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:06:35:00 Win2K-f 217.87.82.82 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
HAMBURG, HAMBURG, DE. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
06:35:00 WinXP 123.254.6.225 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:06:36:00 Win2K-f 118.109.60.93 (-):
. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
06:39:00 WinXP 118.6.27.216 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:263 hits: 01-05 to 08-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:06:39:00 WinXP 193.248.5.244 (STATIC-IP.OLEANE.FR):
TELECOM,
MONTPELLIER, LANGUEDOC-ROUSSILLON, FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 bdb53fb863
[Firefox: 5 hits: 01-01 to 01-22] 		none[none] none:none
 none|none none none
06:39:00 WinXP 193.248.5.244 (STATIC-IP.OLEANE.FR):
TELECOM,
MONTPELLIER, LANGUEDOC-ROUSSILLON, FR. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 bdb53fb863
[Firefox: 5 hits: 01-01 to 01-22] 		none[none] none:none
 none|none none none
T:06:55:00 Win2K-f 122.135.50.227 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 702fe1335a
[Firefox: 4 hits: 06-28 to 06-30] 		none[none] none:none
 none|none none none
06:58:00 WinXP 70.61.108.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11]
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:07:00:00 WinXP 218.221.45.137 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 94a6b635e8
[Firefox: 2 hits: 08-02 to 08-10] 		none[none] none:none
 none|none none none
T:07:05:00 WinXP 221.126.125.77 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
66 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33 ec3d13cabe
[Firefox: 9 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:07:05:00 Win2K-f 122.24.163.143 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
62 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 35 41ec9d69c8
[Firefox: 3 hits: 08-04 to 08-10] 		none[none] none:none
 none|none none none
07:07:00 WinXP 4.160.84.212 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
07:07:00 WinXP 118.236.39.204 (-):
. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
44 lines 		Yeah : 1.8
profile 		none summary
tarball 		17 of 33 9eeace63d5
NEW 		none[none] none:none
 none|none none none
07:11:00 Win2K-f 124.102.93.245 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 be5a2a15e6
NEW 		none[none] none:none
 none|none none none
07:12:00 Win2K-f 221.127.20.198 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 		n/a   445 pcap raw alerts
ruleset 		ftp
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 36 043e258c65
[Firefox: 2 hits: 08-11 to 08-11] 		none[none] none:none
 none|none none none
T:07:14:00 WinXP 61.229.212.236 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 f3ff4c74d1
NEW 		none[none] none:none
 none|none none none
T:07:19:00 Win2K-f 217.248.120.168 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:07:20:00 WinXP 83.236.68.218 (QSC.DE):
QSC AG DYNAMIC IP ADDRESSES,
DE. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
[Firefox:159 hits: 01-01 to 08-09] 		462a7be171 [0] ASM:Graph
 PolyEnE| lines=73 trace
07:22:00 WinXP 83.236.68.218 (QSC.DE):
QSC AG DYNAMIC IP ADDRESSES,
DE. 		n/a UA:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 36 dea5e3615b
NEW 		none[none] none:none
 none|none none none
T:07:26:00 WinXP 4.233.167.49 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SALEM, NEW HAMPSHIRE, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:313 hits: 12-31 to 08-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:07:27:00 WinXP 78.52.95.69 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
59 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 5e95752a0d
NEW 		none[none] none:none
 none|none none none
T:07:27:00 Win2K-f 125.215.124.238 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
46 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:07:31:00 WinXP 63.27.220.32 (UU.NET):
UUNET TECHNOLOGIES INC,
DEKALB, ILLINOIS, US. 		n/a   445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:42:00 Win2K-f 125.203.133.228 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
77 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 86cfe08836
NEW 		none[none] none:none
 none|none none none
07:48:00 Win2K-f 213.137.113.61 (ADSL1-010.PTT.YU):
JP PTTS SRBIJA,
CS. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
07:49:00 WinXP 117.99.1.231 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
[Firefox:84 hits: 01-03 to 08-11] 		d9e9662db1 [0] ASM:Graph
 PolyEnE| lines=68 trace
07:54:00 WinXP 118.6.254.127 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:07:56:00 WinXP 81.96.118.67 (NTL.COM):
NTL INFRASTRUCTURE - BELFAST,
BEDFORD, ENGLAND, UK. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
74 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
07:59:00 Win2K-f 122.26.232.166 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 4fa4fc482c
[Firefox: 2 hits: 08-11 to 08-11] 		none[none] none:none
 none|none none none
08:00:00 WinXP 91.65.230.152 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 36 c49a4d2a6d
NEW 		none[none] none:none
 none|none none none
T:08:04:00 WinXP 70.168.9.104 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
28 of 33		 da00a8e7a1
[Firefox: 4 hits: 08-05 to 08-11]
f685f8e027
[Firefox: 8 hits: 06-18 to 08-11] 		none[none]
f685f8e027[1] 		none:none
ASM:Graph
 none|none
Armadillo| 		none
lines=82 		none
trace
T:08:09:00 Win2K-f 71.119.22.206 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:11:00 WinXP 125.175.166.122 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36 7f3976236c
NEW 		none[none] none:none
 none|none none none
T:08:12:00 Win2K-f 91.65.133.59 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 33 399a88233f
[Firefox: 7 hits: 06-28 to 08-09] 		none[none] none:none
 none|none none none
08:12:00 WinXP 125.175.166.122 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36 7f3976236c
NEW 		none[none] none:none
 none|none none none
T:08:13:00 WinXP 207.144.168.179 (SPIRITTELECOM.COM):
CHESTER TELEPHONE COMPANY,
CHESTER, SOUTH CAROLINA, US. (DIAL) 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 342558e090
NEW 		none[none] none:none
 none|none none none
08:30:00 Win2K-f 118.6.21.34 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:08:32:00 WinXP 118.6.21.34 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:08:34:00 WinXP 125.197.227.150 (MESH.AD.JP):
NEC CORPORATION,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
71 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
08:35:00 WinXP 170.51.166.196 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:08:38:00 Win2K-f 125.0.95.160 (INFOWEB.NE.JP):
FUJITSU LIMITED,
TOKYO, TOKYO, JP. (DIAL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		13 of 33 7e8babc6f9
[Firefox: 4 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:08:43:00 Win2K-f 118.0.133.75 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
62 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 7121ff442c
NEW 		none[none] none:none
 none|none none none
08:44:00 Win2K-f 122.17.177.124 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 36 005226ccd5
[Firefox: 4 hits: 08-09 to 08-10] 		none[none] none:none
 none|none none none
08:46:00 WinXP 118.108.60.216 (-):
. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 36 671acdf0c9
[Firefox: 2 hits: 08-10 to 08-10] 		none[none] none:none
 none|none none none
08:47:00 WinXP 92.10.169.110 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 32 03f912899b
[Firefox:83 hits: 01-08 to 08-11] 		83893bd25d [0] ASM:Graph
 none|none lines=65 trace
T:08:51:00 WinXP 219.160.21.190 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 de6813786d
NEW 		none[none] none:none
 none|none none none
T:08:54:00 WinXP 66.57.180.53 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:205.128.66.124:80
US:207.123.46.126:80 		135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:08:56:00 Win2K-f 221.187.206.174 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
08:57:00 WinXP 122.18.187.237 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33 10439d86a5
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
09:12:00 WinXP 119.72.58.142 (-):
. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 33 9ddd6c5e47
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
09:17:00 Win2K-f 83.233.162.82 (-):
BREDBAND2 - HAFSLUND,
SE. 		n/a   445 pcap raw alerts
ruleset 		other
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:21:00 WinXP 119.72.28.34 (-):
. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 33 869081411d
[Firefox:11 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
09:23:00 Win2K-f 118.8.35.124 (-):
. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
09:24:00 Win2K-f 4.174.180.89 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CAMDEN, NEW JERSEY, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80
US:208.111.148.137:80 		135 pcap raw alerts
ruleset 		http
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:09:30:00 WinXP 82.53.23.222 (POOL8253.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CAGLIARI, SARDEGNA, IT. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 4f3df56c30
[Firefox:13 hits: 06-28 to 08-10] 		none[none] none:none
 none|none none none
T:09:31:00 Win2K-f 217.78.229.3 (-):
LANNET COMMUNICATIONS SA,
GR. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		14 of 36 59ab6ea712
NEW 		none[none] none:none
 none|none none none
09:45:00 WinXP 124.101.241.253 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:09:47:00 WinXP 203.112.48.187 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
09:49:00 Win2K-f 216.211.249.55 (NORWOODLIGHT.COM):
NORWOOD LIGHT BROADBAND,
NORWOOD, MASSACHUSETTS, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:09:50:00 Win2K-f 123.225.206.142 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:09:57:00 Win2K-f 121.73.51.128 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.44.126:80
US:205.128.79.126:80 		135 pcap raw alerts
ruleset 		other
348 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 36
34 of 36		 7f89b38665
[Firefox: 2 hits: 08-02 to 08-07]
a51a50404e
[Firefox: 2 hits: 08-02 to 08-07] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
10:02:00 WinXP 118.241.233.135 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:263 hits: 01-05 to 08-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
10:05:00 Win2K-f 125.195.63.198 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 36 da7e62b29d
[Firefox: 3 hits: 08-01 to 08-07] 		none[none] none:none
 none|none none none
10:07:00 WinXP 124.241.184.171 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.79.126:80
US:207.123.37.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
10:10:00 Win2K-f 122.29.82.175 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 36 07ebc59154
[Firefox: 2 hits: 08-04 to 08-04] 		none[none] none:none
 none|none none none
T:10:13:00 WinXP 68.114.152.54 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. 		194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 36 a219ed3aeb
[Firefox:11 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
T:10:17:00 Win2K-f 118.7.71.127 (-):
. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:10:18:00 WinXP 82.250.202.182 (PROXAD.NET):
PROXAD / FREE SAS,
NANTES, PAYS DE LA LOIRE, FR. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
:wpad
RU:alfabank.ru
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
http
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29
0 of 36		 a12cab51ef
[Firefox:451 hits: 01-01 to 08-10]
b5669a8988
NEW 		40f7f463c4 [0]
none [none] 		ASM:Graph
none:none
 ASPack|
none|none 		lines=281
embedded dns
none 		trace
none
T:10:18:00 WinXP 78.151.113.34 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33 3f8d1c3246
[Firefox: 7 hits: 06-28 to 08-09] 		none[none] none:none
 none|none none none
T:10:22:00 WinXP 78.54.100.189 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
44 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:10:25:00 WinXP 79.12.115.29 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:10:35:00 WinXP 124.101.241.253 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
66 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:10:37:00 Win2K-f 124.87.166.162 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:10:42:00 Win2K-f 98.105.123.249 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
10:51:00 Win2K-f 221.191.204.53 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		irc
ftp
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:53:00 Win2K-f 125.195.63.198 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 36 da7e62b29d
[Firefox: 3 hits: 08-01 to 08-07] 		none[none] none:none
 none|none none none
T:10:54:00 WinXP 88.109.205.54 (AS9105.COM):
TISCALI UK LTD,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:263 hits: 01-05 to 08-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
T:11:02:00 WinXP 211.135.144.64 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
MATSUTO SHI, CHIBA, JP. 		67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
RU:www.hasi4ever.com
HK:210.245.211.11:65520
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36 f7d82105ba
NEW 		none[none] none:none
 none|none none none
11:04:00 WinXP 80.128.240.13 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
FRANKFURT, HESSEN, DE. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 c4e8599add
NEW 		none[none] none:none
 none|none none none
T:11:09:00 Win2K-f 92.228.78.203 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 ed1fbff848
NEW 		none[none] none:none
 none|none none none
11:16:00 WinXP 98.135.209.154 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:11:17:00 Win2K-f 92.228.25.147 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:11:17:00 WinXP 84.238.77.170 (-):
DYNAMIC CUSTOMER IP'S,
ÅRHUS, ARHUS, DK. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
68 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 36 15ff6cdd4b
NEW 		none[none] none:none
 none|none none none
T:11:18:00 WinXP 202.132.152.169 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:34:00 Win2K-f 123.225.165.61 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 f7249dcbd7
NEW 		none[none] none:none
 none|none none none
11:41:00 Win2K-f 118.0.133.75 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
11:46:00 WinXP 75.119.37.79 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		other
273 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 13cfd63045
[Firefox: 2 hits: 06-30 to 07-04] 		none[none] none:none
 none|none none none
T:11:48:00 Win2K-f 78.51.248.221 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 36 c61cfbe64d
NEW 		none[none] none:none
 none|none none none
12:03:00 WinXP 222.148.194.196 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
12:07:00 Win2K-f 70.182.64.37 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:206.33.45.125:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
12:08:00 Win2K-f 88.134.171.204 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:12:22:00 WinXP 170.51.166.196 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:12:32:00 WinXP 66.169.87.61 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
12:33:00 WinXP 116.127.8.48 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 32
30 of 32
0 of 33		 3dffacd270
[Firefox: 5 hits: 06-20 to 07-23]
d5bf17f14e
[Firefox: 5 hits: 06-20 to 07-23]
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		3dffacd270 [1]
none [4]
e07c29c4ae[1] 		ASM:Graph
none:none
ASM:Graph
 Armadillo|
tElock|
FSG| 		lines=82
none
lines=92 		trace
trace
trace
T:12:34:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80 		135 pcap raw alerts
ruleset 		http
91 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
57ce4acac2
[Firefox:107 hits: 06-17 to 08-11]
b5919931fe
[Firefox:292 hits: 06-20 to 08-11] 		none[4]
57ce4acac2[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:12:38:00 WinXP 4.185.210.119 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WASHINGTON, DISTRICT OF COLUMBIA, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
141 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
32 of 36
0 of 33		 4a81639580
NEW
6e72d6e93e
NEW
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
12:41:00 WinXP 88.111.137.3 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 a3b8299fb6
NEW 		none[none] none:none
 none|none none none
12:44:00 WinXP 118.109.86.186 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
44 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
12:54:00 Win2K-f 60.254.212.209 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.8
profile 		none summary
tarball 		21 of 36 55842ad1d2
NEW 		none[none] none:none
 none|none none none
12:57:00 WinXP 64.75.158.8 (TURQUOISE.NET):
HAWAII ONLINE,
US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.126:80
US:8.12.202.125:80 		135 pcap raw alerts
ruleset 		other
152 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:01:00 WinXP 220.107.194.142 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
13:06:00 Win2K-f 118.241.78.226 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
13:10:00 WinXP 92.17.75.76 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
63 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 35 00dd9f9a73
[Firefox: 2 hits: 08-06 to 08-07] 		none[none] none:none
 none|none none none
13:16:00 Win2K-f 122.18.187.237 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 10439d86a5
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
13:30:00 WinXP 84.238.77.170 (-):
DYNAMIC CUSTOMER IP'S,
ÅRHUS, ARHUS, DK. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:80
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 1.8
profile 		none summary
tarball 		33 of 36 15ff6cdd4b
NEW 		none[none] none:none
 none|none none none
13:31:00 WinXP 91.85.174.230 (ECLIPSE.NET.UK):
ECLIPSE NETWORKING LIMITED,
UK. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:13:33:00 Win2K-f 217.94.234.47 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. (DIAL) 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 1ba3d9d3e8
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
13:43:00 Win2K-f 78.148.188.47 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:13:52:00 Win2K-f 78.148.248.214 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:13:52:00 WinXP 170.51.140.220 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 		445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
14:00:00 Win2K-f 88.134.240.185 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:14:13:00 WinXP 211.135.144.64 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
MATSUTO SHI, CHIBA, JP. 		67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36 f7d82105ba
NEW 		none[none] none:none
 none|none none none
14:28:00 Win2K-f 217.94.204.10 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 1ba3d9d3e8
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
14:28:00 WinXP 213.94.132.157 (EIRCOM.NET):
EIRCOM LTD,
DUBLIN, DUBLIN, IE. 		n/a   135 pcap raw alerts
ruleset 		other
219 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 32 131351dd21
[Firefox: 8 hits: 05-22 to 07-14] 		none[4] none:none
 none|none none trace
T:14:35:00 Win2K-f 118.0.198.182 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
14:41:00 Win2K-f 207.5.166.118 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:14:42:00 Win2K-f 92.17.132.64 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 f4a8c4177e
[Firefox: 7 hits: 06-28 to 08-10] 		none[none] none:none
 none|none none none
T:14:47:00 Win2K-f 91.141.111.89 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:14:53:00 Win2K-f 220.104.8.183 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:14:55:00 Win2K-f 69.239.122.13 (PACBELL.NET):
DANIEL D CLAXTON,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:208.111.148.54:80
US:208.111.148.69:80
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
15:02:00 WinXP 122.26.232.166 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 4fa4fc482c
[Firefox: 2 hits: 08-11 to 08-11] 		none[none] none:none
 none|none none none
T:15:05:00 WinXP 69.132.0.68 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:451 hits: 01-01 to 08-10] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
15:09:00 WinXP 98.24.90.201 (-):
. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
32 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:451 hits: 01-01 to 08-10] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
15:11:00 WinXP 220.107.194.142 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
15:20:00 Win2K-f 216.203.250.162 (ALGX.NET):
XO COMMUNICATIONS,
SCOTTSDALE, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		http
157 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11]
b5919931fe
[Firefox:292 hits: 06-20 to 08-11] 		none[4]
a08f3b74a4[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
15:29:00 WinXP 218.15.222.251 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:30:00 WinXP 124.86.13.162 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		16 of 35 c21b3d2e40
NEW 		none[none] none:none
 none|none none none
15:39:00 Win2K-f 170.51.87.22 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:15:42:00 Win2K-f 122.135.50.21 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
T:15:50:00 Win2K-f 118.15.163.4 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 20ef97231e
[Firefox: 3 hits: 06-30 to 08-02] 		none[none] none:none
 none|none none none
15:56:00 Win2K-f 75.34.29.2 (SBCGLOBAL.NET):
PPPOX POOL - RBACK20.CHCGIL,
CHICAGO, ILLINOIS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11]
b5919931fe
[Firefox:292 hits: 06-20 to 08-11] 		none[4]
73f1082158[1]
b5919931fe[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
ASProtect| 		none
lines=81
lines=90 		trace
trace
trace
T:16:00:00 WinXP 217.94.204.10 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
STUTTGART, BADEN-WURTTEMBERG, DE. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33 1ba3d9d3e8
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
16:00:00 WinXP 118.108.189.103 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
16:03:00 WinXP 66.169.87.61 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
16:09:00 Win2K-f 220.221.204.253 (PLALA.OR.JP):
NTT COMMUNICATIONS CORPORATION,
JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
16:16:00 WinXP 66.68.207.124 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MCALLEN, TEXAS, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 		445 pcap raw alerts
ruleset 		http
http
http
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 36
0 of 36
29 of 29
0 of 36		 203d716789
NEW
62f4b50d64
NEW
a12cab51ef
[Firefox:451 hits: 01-01 to 08-10]
d83b373cfd
NEW 		none[none]
none [none]
40f7f463c4[0]
none [none] 		none:none
none:none
ASM:Graph
none:none
 none|none
none|none
ASPack|
none|none 		none
none
lines=281
embedded dns
none 		none
none
trace
none
16:21:00 Win2K-f 125.4.246.154 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. 		n/a   135 pcap raw alerts
ruleset 		other
380 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 cf28b2abb8
NEW 		none[none] none:none
 none|none none none
16:22:00 Win2K-f 219.122.169.75 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 64a2cc1200
NEW 		none[none] none:none
 none|none none none
16:22:00 WinXP 122.16.165.226 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
34 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
16:38:00 WinXP 200.216.127.9 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:946 hits: 12-31 to 08-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
16:42:00 WinXP 70.113.51.112 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AUSTIN, TEXAS, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11]
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
T:16:47:00 WinXP 122.25.93.168 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
16:52:00 Win2K-f 217.219.108.140 (-):
FASSA UNIVERSITY OF MEDICAL SCIENCES,
SHIRAZ, FARS, IR. 		n/a   445 pcap raw alerts
ruleset 		ftp
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:55:00 WinXP 77.20.215.180 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 bfec7d0b0b
[Firefox: 5 hits: 08-06 to 08-09] 		none[none] none:none
 none|none none none
16:57:00 WinXP 98.141.178.91 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:946 hits: 12-31 to 08-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:58:00 WinXP 98.141.178.91 (-):
. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:946 hits: 12-31 to 08-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:16:58:00 WinXP 125.215.114.35 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:80 		445 pcap raw alerts
ruleset 		ftp
irc
49 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36 39b2dc948b
NEW 		none[none] none:none
 none|none none none
17:09:00 WinXP 118.8.176.36 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		33 of 33 3b2958417b
[Firefox: 6 hits: 07-09 to 08-11] 		none[none] none:none
 none|none none none
17:11:00 Win2K-f 122.27.22.1 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
17:17:00 WinXP 69.134.234.37 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:54 hits: 01-14 to 08-11] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
T:17:18:00 WinXP 69.134.234.37 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 		194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
[Firefox:54 hits: 01-14 to 08-11] 		8a00217866 [0] ASM:Graph
 PolyEnE| lines=57 trace
17:25:00 Win2K-f 75.4.247.240 (SBCGLOBAL.NET):
RBACK34B.IRVNCA,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
b7082104e4
[Firefox:81 hits: 06-18 to 08-11] 		none[4]
none [4] 		none:none
none:none
 tElock|
tElock| 		none
none 		trace
trace
17:30:00 WinXP 124.86.13.162 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 35 21efc9f727
NEW 		none[none] none:none
 none|none none none
T:17:34:00 WinXP 221.227.196.8 (163DATA.COM.CN):
CHINANET JIANGSU PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:313 hits: 12-31 to 08-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
17:35:00 WinXP 92.2.250.43 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 36 734439a119
NEW 		none[none] none:none
 none|none none none
17:38:00 Win2K-f 121.84.25.20 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 8b9218a0c8
NEW 		none[none] none:none
 none|none none none
17:49:00 Win2K-f 76.202.13.64 (SBCGLOBAL.NET):
PPPOX POOL - BRAS10.HSTNTX,
US. (DSL) 		n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
17:51:00 WinXP 67.10.216.90 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SUGAR LAND, TEXAS, US. 		n/a RU:moscow-advokat.ru
US:lia.zanet.net
:washington.dc.us.undernet.org
SE:viking.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:431 hits: 12-31 to 08-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
17:54:00 WinXP 118.8.255.24 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
52 lines 		Yeah : 1.8
profile 		none summary
tarball 		23 of 35 b13b669243
[Firefox: 2 hits: 07-29 to 08-06] 		none[none] none:none
 none|none none none
17:57:00 WinXP 75.26.158.137 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:470 hits: 01-01 to 08-10] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
18:04:00 Win2K-f 119.72.56.106 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 9ddd6c5e47
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
T:18:05:00 WinXP 118.21.115.83 (-):
. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 36 f51db5fb95
NEW 		none[none] none:none
 none|none none none
18:06:00 WinXP 12.218.182.145 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
COLUMBUS, GEORGIA, US. 		n/a RU:moscow-advokat.ru
EU:gaz-prom.ru
US:lia.zanet.net
NL:london.uk.eu.undernet.org
:gaspode.zanet.org.za
:irc.kar.net
:flanders.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
RU:irc.tsk.ru
:brussels.be.eu.undernet.org
AT:graz.at.eu.undernet.org
:caen.fr.eu.undernet.org
:washington.dc.us.undernet.org 		445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 d175bad0e6
[Firefox: 4 hits: 04-05 to 07-29] 		dfb15f5463 [0] ASM:Graph
 tElock| lines=81
embedded dns 		trace
T:18:06:00 WinXP 12.218.182.145 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
COLUMBUS, GEORGIA, US. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
18:12:00 WinXP 60.254.240.76 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 9ddd6c5e47
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
18:14:00 WinXP 121.84.46.126 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		24 of 36 1c6cb9071e
NEW 		none[none] none:none
 none|none none none
T:18:18:00 Win2K-f 121.84.46.126 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 		67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 36 1c6cb9071e
NEW 		none[none] none:none
 none|none none none
T:18:18:00 WinXP 123.254.17.237 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
68 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
18:19:00 Win2K-f 58.0.63.224 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 36 24f270a1e9
NEW 		none[none] none:none
 none|none none none
18:22:00 WinXP 122.130.129.73 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33 a9c8d121f2
[Firefox:14 hits: 06-28 to 08-10] 		none[none] none:none
 none|none none none
18:24:00 WinXP 122.30.140.158 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 de42c45975
NEW 		none[none] none:none
 none|none none none
T:18:33:00 WinXP 118.8.234.9 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:470 hits: 01-01 to 08-10] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
18:39:00 Win2K-f 118.236.99.107 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
18:41:00 Win2K-f 122.18.152.197 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		25 of 36 e7b039b6f5
NEW 		none[none] none:none
 none|none none none
18:42:00 Win2K-f 119.72.28.21 (-):
. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 33 9ddd6c5e47
[Firefox: 4 hits: 06-29 to 08-10] 		none[none] none:none
 none|none none none
18:50:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.42:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11]
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
18:59:00 WinXP 4.136.156.78 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LINDEN, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		135 pcap raw alerts
ruleset 		http
128 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
32 of 36
0 of 33		 0b365762ee
NEW
732b917369
NEW
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[none]
none [none]
e07c29c4ae[1] 		none:none
none:none
ASM:Graph
 none|none
none|none
FSG| 		none
none
lines=92 		none
none
trace
19:00:00 WinXP 222.148.185.107 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:19:02:00 WinXP 170.51.214.97 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		64.85.160.111:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35 5246e634df
NEW 		none[none] none:none
 none|none none none
T:19:05:00 Win2K-f 125.215.118.59 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
19:06:00 WinXP 60.45.93.68 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 ac37844088
[Firefox: 2 hits: 08-11 to 08-11] 		none[none] none:none
 none|none none none
T:19:11:00 WinXP 189.48.173.18 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 		n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:gaspode.zanet.org.za
SE:qis.md.us.dal.net
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org
:brussels.be.eu.undernet.org
SE:ced.dal.net
AT:graz.at.eu.undernet.org
US:lia.zanet.net
RU:194.6.222.11:6667
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 f55e8fb28a
NEW 		none[none] none:none
 none|none none none
T:19:16:00 Win2K-f 122.18.152.197 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a   445 pcap raw alerts
ruleset 		other
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:18:00 WinXP 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.41.126:80 		135 pcap raw alerts
ruleset 		http
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11]
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11] 		none[4]
73f1082158[1]
e07c29c4ae[1] 		none:none
ASM:Graph
ASM:Graph
 tElock|
Armadillo|
FSG| 		none
lines=81
lines=92 		trace
trace
trace
19:23:00 WinXP 96.51.42.208 (-):
. 		72.10.172.218:7382 CA:done.blacktiehsbdcs.com
CA:italian.swiifatecihno.com
:preek.oihduhdd.net
CA:72.10.169.26:3938
CA:72.10.172.218:7382 		135 pcap raw alerts
ruleset 		other
628 lines 		Yeah : 1.8
profile 		none summary
tarball 		35 of 36 57b907a474
NEW 		none[none] none:none
 none|none none none
19:27:00 WinXP 125.197.138.159 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
19:37:00 WinXP 220.221.115.197 (PLALA.OR.JP):
NTT COMMUNICATIONS CORPORATION,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:19:40:00 Win2K-f 125.192.222.135 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:19:43:00 Win2K-f 12.219.244.12 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
RIDGECREST, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
19:47:00 WinXP 4.255.32.252 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
OREGON, US. (DIAL) 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
19:48:00 WinXP 61.94.216.28 (TELKOM.NET.ID):
PT. TELEKOMUNIKASI INDONESIA,
MEDAN, SUMATERA UTARA, ID. 		n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:195.200.213.52:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:451 hits: 01-01 to 08-10] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
19:51:00 Win2K-f 96.10.114.12 (-):
. 		n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80
HK:210.245.211.11:80 		135 pcap raw alerts
ruleset 		other
449 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36
33 of 36		 644b2a1105
[Firefox: 4 hits: 08-01 to 08-11]
9c9ab20965
[Firefox: 4 hits: 08-01 to 08-11] 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:19:54:00 WinXP 123.224.199.62 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
50 lines 		Yeah : 1.8
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
19:54:00 Win2K-f 123.224.199.62 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:19:56:00 WinXP 170.51.144.44 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		213.239.192.125:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001 		445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
T:19:56:00 WinXP 60.33.33.237 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
70 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33 287b27516c
[Firefox: 2 hits: 06-29 to 07-01] 		none[none] none:none
 none|none none none
T:20:05:00 Win2K-f 122.130.129.73 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 33 a9c8d121f2
[Firefox:14 hits: 06-28 to 08-10] 		none[none] none:none
 none|none none none
20:19:00 Win2K-f 221.187.205.174 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:80
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
20:21:00 WinXP 58.93.112.60 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:20:33:00 WinXP 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
8 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
20:38:00 WinXP 208.61.173.61 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
JACKSONVILLE, FLORIDA, US. (DSL) 		n/a EU:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
[Firefox:208 hits: 01-01 to 08-11] 		9bbdd086c5 [0] ASM:Graph
 ASPack| lines=186
embedded dns 		trace
20:45:00 Win2K-f 203.112.62.177 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
20:47:00 WinXP 98.25.119.250 (-):
. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:431 hits: 12-31 to 08-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:20:50:00 Win2K-f 170.51.178.114 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 32 382279b44f
[Firefox:129 hits: 05-22 to 08-11] 		049e62d55b [0] ASM:Graph
 Armadillo| lines=192 trace
20:51:00 Win2K-f 125.193.34.32 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
T:20:51:00 WinXP 122.29.195.21 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		24 of 36 0442c9adf7
NEW 		none[none] none:none
 none|none none none
20:54:00 WinXP 118.105.145.197 (-):
. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33 505238d7ef
[Firefox:19 hits: 06-28 to 08-11] 		none[none] none:none
 none|none none none
20:56:00 WinXP 122.132.175.38 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
20:58:00 WinXP 118.109.74.196 (-):
. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
T:20:59:00 WinXP 122.29.244.166 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
55 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36 ebc5c07d27
NEW 		none[none] none:none
 none|none none none
T:21:04:00 WinXP 124.155.91.205 (ASAHI-NET.OR.JP):
ASAHI-NET-CIDR-BLK,
JP. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 8ae058b2d0
[Firefox: 8 hits: 05-01 to 07-29] 		e6a9383b75 [0] ASM:Graph
 none|none lines=59 trace
21:16:00 Win2K-f 124.97.146.89 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
21:23:00 WinXP 65.248.187.209 (HARTCOM.NET):
HART TELECOM,
HARTWELL, GEORGIA, US. 		n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
29 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:451 hits: 01-01 to 08-10] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
21:30:00 WinXP 24.210.243.206 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LIMA, OHIO, US. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:34:00 Win2K-f 118.108.41.146 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
21:36:00 WinXP 118.108.41.146 (-):
. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:21:42:00 WinXP 216.203.250.52 (ALGX.NET):
XO COMMUNICATIONS,
SCOTTSDALE, ARIZONA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80
US:208.111.148.54:80 		135 pcap raw alerts
ruleset 		other
119 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
21:46:00 WinXP 123.212.80.185 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
EU:dablyt.cn
IL:ksn.a1001186.wrs.mcboo.com
EU:www.upononjob.cn
EU:mulfika.cn
EU:opilired.cn
US:mazerattikrak.info
HK:210.245.211.11:65520
74.50.100.117:80 		135 pcap raw alerts
ruleset 		http
irc
1596 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
19 of 35
17 of 35
22 of 36
31 of 33
8 of 36
17 of 36
11 of 36
0 of 33
36 of 36
28 of 36		 168aab35a3
[Firefox:86 hits: 06-17 to 08-09]
37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
6276734470
NEW
667f0c59f3
[Firefox:12 hits: 07-04 to 08-06]
732662fa2a
NEW
7871c5d81a
NEW
7dc014c726
NEW
e07c29c4ae
[Firefox:219 hits: 06-19 to 08-11]
e4b5535cf1
[Firefox: 2 hits: 08-11 to 08-11]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[4]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
e07c29c4ae[1]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
 tElock|
none|none
none|none
none|none
none|none
none|none
none|none
none|none
FSG|
none|none
none|none 		none
none
none
none
none
none
none
none
lines=92
none
none 		trace
none
none
none
none
none
none
none
trace
none
none
21:50:00 WinXP 24.86.251.84 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		210.245.211.11:65520 208.72.168.148:4099 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
EU:dablyt.cn
EU:www.upononjob.cn
EU:mulfika.cn
EU:opilired.cn
EU:conusil.cn
IL:wr.mcboo.com
US:208.111.148.247:80
US:208.111.148.254:80 		135 pcap raw alerts
ruleset 		irc
http
http
http
http
681 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 36
19 of 35
32 of 33
17 of 35
22 of 36
28 of 32
28 of 36		 1b3c14e730
NEW
37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
435321cd07
NEW
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
6276734470
NEW
dbea9045a1
NEW
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none 		none
none
none
none
none
none
none
T:21:52:00 Win2K-f 24.137.124.128 (EASTLINK.CA):
EASTLINK,
DARTMOUTH, NOVA SCOTIA, CA. 		n/a US:microsoft.com
US:download.microsoft.com 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
a08f3b74a4
[Firefox:441 hits: 06-18 to 08-11] 		none[4]
a08f3b74a4[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:21:53:00 WinXP 85.181.87.171 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:313 hits: 12-31 to 08-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
21:54:00 Win2K-f 116.39.221.50 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. 		210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
US:192.221.110.125:80
IL:194.90.224.86:80 		135 pcap raw alerts
ruleset 		irc
http
891 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
31 of 33
17 of 35
31 of 33
0 of 32
28 of 36		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
4ab2ecbc0f
[Firefox: 4 hits: 06-29 to 08-02]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
65eb2e3aee
[Firefox: 4 hits: 06-29 to 08-02]
b5919931fe
[Firefox:292 hits: 06-20 to 08-11]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] 		none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
none|none
ASProtect|
none|none 		none
none
none
none
lines=90
none 		none
none
none
none
trace
none
21:55:00 Win2K-f 63.109.247.248 (NEWSKIES.NET):
BT LIMITED,
BEIRUT, BEYROUTH, LB. 		210.245.211.11:65520 US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:194.90.224.86:80
HK:210.245.211.11:65520
US:4.23.60.125:80 		135 pcap raw alerts
ruleset 		irc
http
219 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
33 of 33
32 of 36
17 of 35
28 of 36		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
55c3444f3e
NEW
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [4]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
 none|none
tElock|
none|none
none|none
none|none 		none
none
none
none
none 		none
trace
none
none
none
21:59:00 WinXP 62.204.241.194 (TTNET.CZ):
JAN VANICKY NETWORK,
CZ. 		n/a US:www.altavista.com
:www.google.com.au
:jbeegvia.ru
SE:www.kavkazcenter.com
US:www.worldbank.org
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:wpad
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
:okskyyn.ru
SE:kavkaz.tv
:pnlkria.ru
:kargai.ru
:kfwfceki.ru
RU:alfabank.ru
:nhuwxyuw.ru
:udluzuq.ru
:fiazpvnne.ru
US:prodexteam.net
:ppxuub.ru
GB:www.candidateverifier.com
:lvwgdhwlj.ru
:raxeqajrf.ru
:dhagunb.ru
NL:www.viruslist.com
:zpwmktjv.ru
:aadqca.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 17028f1eda
[Firefox:20 hits: 04-18 to 08-06] 		none[3] none:none
 tElock| none trace
22:01:00 WinXP 123.220.233.66 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
22:04:00 WinXP 122.24.86.179 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 6cbe99f0f2
NEW 		none[none] none:none
 none|none none none
22:21:00 Win2K-f 85.179.56.80 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
US:chat-shqip.org
HK:proxim.ircgalaxy.pl
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
http
303 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 35
17 of 35
10 of 33
28 of 36		 37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11]
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
22:27:00 WinXP 75.82.147.241 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80 		135 pcap raw alerts
ruleset 		http
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
22:27:00 WinXP 122.26.241.228 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
EU:dablyt.cn
IL:ksn.a1001186.wrs.mcboo.com
EU:www.upononjob.cn
EU:mulfika.cn
US:chat-shqip.org
IL:wr.mcboo.com
IL:dl.loloplanet.com
:www.speed-runner.com
US:w3bs.chat-shqip.org
US:67.149.121.39:13001
EU:78.129.166.52:80 		445 pcap raw alerts
ruleset 		ftp
irc
http
290 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
19 of 35
17 of 35
0 of 33
10 of 35
28 of 36		 10439d86a5
[Firefox: 4 hits: 06-29 to 08-10]
37f41fd8ab
[Firefox:60 hits: 07-24 to 08-11]
5ab0a45f63
[Firefox:74 hits: 07-24 to 08-11]
820bef376c
[Firefox: 3 hits: 06-28 to 07-29]
e50fadc406
NEW
ea3c84acac
[Firefox: 2 hits: 08-11 to 08-11] 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none 		none
none
none
none
none
none
T:22:29:00 Win2K-f 211.215.75.117 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. 		n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33
33 of 33		 4c3df24b32
[Firefox:140 hits: 06-17 to 08-10]
53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11] 		4c3df24b32 [1]
none [4] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=81
none 		trace
trace
22:30:00 WinXP 12.78.4.75 (ATT.NET):
AT&T WORLDNET SERVICES,
MIAMI, FLORIDA, US. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 32 735a809fc2
[Firefox: 2 hits: 06-10 to 06-17] 		none[3] none:none
 none|none none trace
22:42:00 Win2K-f 60.238.80.57 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 36 b101b8882c
[Firefox: 8 hits: 08-02 to 08-11] 		none[none] none:none
 none|none none none
T:22:44:00 WinXP 119.11.75.211 (-):
. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:22:45:00 Win2K-f 122.30.188.236 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
23:00:00 Win2K-f 123.254.34.220 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
23:00:00 WinXP 58.95.172.33 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 33 17739a55ad
[Firefox:328 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
23:05:00 Win2K-f 125.197.210.237 (MESH.AD.JP):
NEC CORPORATION,
JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33 a666364b88
[Firefox: 2 hits: 06-28 to 08-09] 		none[none] none:none
 none|none none none
T:23:14:00 WinXP 123.222.114.200 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 		67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 1.8
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:23:21:00 WinXP 69.114.121.66 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
MASSAPEQUA, NEW YORK, US. 		n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:204.160.126.126:80 		135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
[Firefox:1336 hits: 06-17 to 08-11]
73f1082158
[Firefox:677 hits: 06-18 to 08-11] 		none[4]
73f1082158[1] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
23:26:00 Win2K-f 85.181.131.90 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
T:23:27:00 Win2K-f 123.254.34.220 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a   445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 33 ca15c09536
[Firefox:372 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
23:32:00 Win2K-f 80.123.12.87 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. 		n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
28 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 33 d2c26e07fd
[Firefox:376 hits: 06-27 to 08-11] 		none[none] none:none
 none|none none none
23:39:00 WinXP 99.130.145.222 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:313 hits: 12-31 to 08-11] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
23:40:00 WinXP 119.72.41.0 (-):
. 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 f90c4a048e
NEW 		none[none] none:none
 none|none none none
T:23:47:00 WinXP 91.141.39.159 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 		67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.8
profile 		none summary
tarball 		19 of 32 0993a67cea
[Firefox: 5 hits: 06-30 to 08-11] 		none[none] none:none
 none|none none none
23:50:00 Win2K-f 202.70.68.158 (NTC.NET.NP):
NEPAL TELECOMMUNICATIONS CORPORATION,
KATHMANDU, BAGMATI, NP. 		n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 		445 pcap raw alerts
ruleset 		ftp
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 36 f3d78e514a
NEW 		none[none] none:none
 none|none none none
23:59:00 WinXP 78.52.229.33 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:80
US:67.149.121.39:12351
US:67.149.121.39:13001 		445 pcap raw alerts
ruleset 		ftp
21 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 36 d80bb86736
NEW 		none[none] none:none
 none|none none none