Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

13 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:12:00 Win2K-f 118.236.111.7 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:00:15:00 Win2K-f 118.4.64.46 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:00:20:00 WinXP 124.98.250.33 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

00:45:00 Win2K-f 122.146.242.84 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.231:80
US:208.111.153.236:80 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:00:49:00 Win2K-f 217.248.117.66 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:00:51:00 WinXP 121.73.35.108 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
WELLINGTON, WELLINGTON, NZ. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.16:80 135 pcap raw alerts
ruleset http
361 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 33 7f89b38665
[Firefox: 3 hits: 08-02 to 08-12]
a51a50404e
[Firefox: 3 hits: 08-02 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

01:07:00 Win2K-f 119.72.72.68 (-):
. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 22 of 33 869081411d
[Firefox:12 hits: 06-27 to 08-12] none[none] none:none
none|none none none

01:09:00 WinXP 82.241.109.191 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

01:14:00 WinXP 86.146.153.21 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:01:23:00 WinXP 79.112.225.166 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 f0b49cdcfc
[Firefox: 6 hits: 07-04 to 08-11] none[none] none:none
none|none none none

01:35:00 WinXP 82.65.20.108 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 68a1859771
NEW none[none] none:none
none|none none none

T:01:35:00 WinXP 82.65.20.108 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 68a1859771
NEW none[none] none:none
none|none none none

01:35:00 WinXP 122.30.188.236 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:01:38:00 WinXP 211.109.20.210 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 32 of 33
9 of 36
0 of 33 2a66fc87fa
[Firefox: 8 hits: 07-02 to 08-07]
d044548e5e
NEW
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

01:39:00 Win2K-f 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. n/a 135 pcap raw alerts
ruleset other
204 lines Yeah : 1.3
profile none summary
tarball 32 of 33 fe22b8315f
[Firefox: 6 hits: 06-19 to 08-05] none[4] none:none
StarForce| none trace

T:01:45:00 Win2K-f 60.254.226.191 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2a933f091d
NEW none[none] none:none
none|none none none

01:47:00 WinXP 118.8.242.165 (-):
. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 7710220cac
[Firefox: 3 hits: 08-01 to 08-09] none[none] none:none
none|none none none

T:01:55:00 WinXP 70.61.191.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GROVE CITY, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
US:208.111.153.231:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:01:00 Win2K-f 118.240.0.56 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:02:04:00 Win2K-f 4.156.99.28 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BOSTON, MASSACHUSETTS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:12:00 Win2K-f 81.9.137.150 (CM-81-9-136-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

02:15:00 Win2K-f 221.250.96.145 (UCOM.NE.JP):
G-HG0002N,
JP. (100Mbps) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

02:23:00 Win2K-f 218.211.83.32 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:25:00 WinXP 125.215.65.177 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:80
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 92c9904775
NEW none[none] none:none
none|none none none

T:02:26:00 Win2K-f 119.11.74.38 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 36 a1c4322921
NEW none[none] none:none
none|none none none

02:30:00 WinXP 58.91.101.113 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 f14e24a495
NEW none[none] none:none
none|none none none

T:02:31:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
57ce4acac2
[Firefox:108 hits: 06-17 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:02:34:00 Win2K-f 217.94.202.206 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
SINDELFINGEN, BADEN-WURTTEMBERG, DE. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 33 1ba3d9d3e8
[Firefox: 8 hits: 06-29 to 08-12] none[none] none:none
none|none none none

T:02:39:00 WinXP 119.72.80.136 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 29 of 36 893057e9ba
NEW none[none] none:none
none|none none none

T:02:43:00 WinXP 221.126.255.21 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:12 hits: 08-02 to 08-12] none[none] none:none
none|none none none

T:02:44:00 Win2K-f 220.208.155.49 (CORALNET.OR.JP):
TONAMI TRANSPORTATION CO. LTD,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

02:50:00 WinXP 217.245.103.127 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
BERLIN, BERLIN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:84 hits: 01-08 to 08-12] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

02:52:00 Win2K-f 220.107.141.106 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 15 of 33 a793802e3c
[Firefox:10 hits: 06-28 to 08-10] none[none] none:none
none|none none none

03:04:00 WinXP 83.26.227.175 (TPNET.PL):
NEOSTRADA PLUS,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 28 of 29 330eaa2da2
[Firefox:15 hits: 01-28 to 07-30] none[3] none:none
ASPack| none trace

T:03:04:00 Win2K-f 119.72.67.81 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 34 of 36 52afd3cd28
NEW none[none] none:none
none|none none none

03:05:00 Win2K-f 119.72.67.81 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 7b8eda43b2
NEW none[none] none:none
none|none none none

T:03:08:00 WinXP 81.137.216.248 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
LONDON, ENGLAND, UK. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

03:14:00 Win2K-f 81.9.137.150 (CM-81-9-136-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

03:16:00 WinXP 118.241.235.48 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

03:22:00 WinXP 118.236.54.29 (-):
. 67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 17 of 33 9eeace63d5
[Firefox: 2 hits: 06-30 to 08-12] none[none] none:none
none|none none none

T:03:25:00 WinXP 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:03:30:00 Win2K-f 217.219.131.49 (-):
INFORMATION TECHNOLOGY COMPANY (ITC),
IR. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

03:31:00 WinXP 118.7.110.187 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 15 of 36 86d0b73e6a
[Firefox: 4 hits: 08-07 to 08-12] none[none] none:none
none|none none none

T:03:31:00 Win2K-f 115.131.30.100 (-):
. n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 1.3
profile none summary
tarball 33 of 36 dd62d21505
[Firefox: 3 hits: 08-11 to 08-11] none[none] none:none
none|none none none

T:03:34:00 WinXP 151.33.178.203 (14-151.IOL.IT):
ITALIA ONLINE S.P.A,
IT. 64.85.160.111:5001 DE:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:03:41:00 WinXP 91.66.176.93 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
66 lines Yeah : 1.8
profile none summary
tarball 20 of 36 c49a4d2a6d
NEW none[none] none:none
none|none none none

03:42:00 WinXP 125.100.49.181 (UCOM.NE.JP):
IML,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:03:47:00 Win2K-f 118.236.147.132 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

03:49:00 WinXP 221.170.64.106 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:16 hits: 08-02 to 08-12] none[none] none:none
none|none none none

03:51:00 Win2K-f 211.108.147.161 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:141 hits: 06-17 to 08-12]
53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

03:56:00 Win2K-f 123.224.124.248 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

03:56:00 WinXP 119.72.70.102 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 29 of 33 9ddd6c5e47
[Firefox: 9 hits: 06-29 to 08-12] none[none] none:none
none|none none none

04:00:00 Win2K-f 118.111.30.193 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:04:05:00 Win2K-f 118.111.30.193 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

04:05:00 Win2K-f 125.195.102.150 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.43.236.66:8080 CA:xx.ka3ek.com
CA:alwayssam.com
CA:zonetech.info
CA:ns.enterhere.biz
CN:a.ahdjejgf.com
CA:ns.ircstyle.net
NL:acidisa.com
US:130.107.174.88:21477 445 pcap raw alerts
ruleset ftp
irc
http
54 lines Yeah : 1.8
profile none summary
tarball 16 of 36
16 of 36
14 of 36
33 of 34
18 of 36 56871fe57c
NEW
78e31db533
NEW
9b09258622
[Firefox: 7 hits: 08-05 to 08-11]
b3a5c1dce0
NEW
d5a5e9f7a9
NEW none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

04:07:00 WinXP 122.24.204.156 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:04:11:00 WinXP 118.1.49.248 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 35 of 36 de42c45975
NEW none[none] none:none
none|none none none

04:16:00 WinXP 125.175.48.97 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 20 of 33 d284c3c3f6
[Firefox: 3 hits: 06-30 to 08-04] none[none] none:none
none|none none none

T:04:31:00 Win2K-f 78.151.149.229 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 778acb5418
[Firefox: 2 hits: 07-30 to 08-04] none[none] none:none
none|none none none

T:04:33:00 Win2K-f 78.48.48.128 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

04:36:00 Win2K-f 60.40.167.170 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

04:40:00 Win2K-f 222.144.178.123 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

04:42:00 WinXP 222.145.132.167 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 29 of 31 be6d817241
[Firefox: 2 hits: 07-01 to 07-01] none[none] none:none
none|none none none

04:45:00 WinXP 79.76.226.221 (AS9105.COM):
TELINCO,
UK. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 34 of 36 b89d93b3b7
NEW none[none] none:none
none|none none none

04:54:00 Win2K-f 122.16.150.46 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:04:54:00 Win2K-f 60.239.212.163 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 f7888d61a1
NEW none[none] none:none
none|none none none

05:09:00 Win2K-f 119.72.35.146 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 29 of 33 9ddd6c5e47
[Firefox: 9 hits: 06-29 to 08-12] none[none] none:none
none|none none none

T:05:13:00 WinXP 209.253.123.209 (TOS.NET):
MDI ACCESS,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

05:13:00 WinXP 118.0.106.86 (-):
. 67.149.121.39:12351 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 34 of 36 fd7526a245
NEW none[none] none:none
none|none none none

05:18:00 WinXP 85.180.160.6 (ALICEDSL.DE):
HANSENET-ADSL,
FRANKFURT, HESSEN, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
68 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:05:18:00 Win2K-f 222.145.132.167 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 29 of 31 be6d817241
[Firefox: 2 hits: 07-01 to 07-01] none[none] none:none
none|none none none

T:05:19:00 WinXP 122.133.85.97 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:05:22:00 Win2K-f 122.18.236.40 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4f23acec8c
NEW none[none] none:none
none|none none none

05:26:00 WinXP 91.141.109.189 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

05:32:00 Win2K-f 41.214.190.135 (-):
. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

05:32:00 WinXP 122.29.158.73 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

05:33:00 Win2K-f 60.44.151.205 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 b333d29ff7
[Firefox: 6 hits: 06-29 to 08-12] none[none] none:none
none|none none none

T:05:34:00 WinXP 220.209.196.223 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:268 hits: 01-05 to 08-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:05:48:00 WinXP 61.118.113.57 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 17 of 36 816fc609ca
NEW none[none] none:none
none|none none none

T:05:48:00 Win2K-f 118.19.104.105 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 504ca2961e
NEW none[none] none:none
none|none none none

05:56:00 Win2K-f 60.239.212.163 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 25 of 33 80205569e9
[Firefox: 3 hits: 06-27 to 08-04] none[none] none:none
none|none none none

05:57:00 Win2K-f 170.51.200.25 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:06:00:00 Win2K-f 125.100.49.181 (UCOM.NE.JP):
IML,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:06:02:00 WinXP 118.236.114.35 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 28 of 35 c6e725eba5
NEW none[none] none:none
none|none none none

06:03:00 WinXP 82.207.4.155 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK IN LVIV,
LVIV, L'VIVS'KA OBLAST', UA. (DIAL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 175fdfbe27
NEW none[none] none:none
none|none none none

06:08:00 WinXP 125.192.164.64 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:06:14:00 WinXP 4.248.252.120 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FRONT ROYAL, VIRGINIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:205.128.79.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:06:19:00 WinXP 61.224.91.14 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:18 hits: 07-13 to 08-11] none[none] none:none
none|none none none

06:23:00 Win2K-f 170.51.160.48 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:06:30:00 WinXP 212.181.188.87 (TELIA.COM):
TELIA NETWORK SERVICES BACKBONE,
KRISTIANSTAD, SKANE, SE. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:50:00 Win2K-f 118.236.125.120 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 27ad99bc05
NEW none[none] none:none
none|none none none

06:56:00 WinXP 221.190.5.227 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:00:00 Win2K-f 170.51.221.175 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

07:03:00 WinXP 210.79.133.181 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:472 hits: 01-01 to 08-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

07:16:00 Win2K-f 122.17.132.184 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:17:00 Win2K-f 118.240.42.190 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:19:00 WinXP 119.72.43.110 (-):
. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:07:25:00 Win2K-f 170.51.160.48 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 US:cookie.roltf.ws
DE:213.239.192.125:5001 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

07:26:00 Win2K-f 118.19.104.105 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 9750d49a0f
[Firefox: 4 hits: 06-27 to 08-06] none[none] none:none
none|none none none

T:07:35:00 Win2K-f 218.211.83.32 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:36:00 WinXP 122.30.0.110 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:07:37:00 Win2K-f 218.36.66.120 (KRLINE.NET):
KRLINE INTERNET SERVICE INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:199.93.53.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 34 of 36
33 of 35 545b3dcf9f
NEW
d42555030f
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:07:38:00 Win2K-f 125.197.217.102 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:41:00 Win2K-f 118.236.125.120 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 27ad99bc05
NEW none[none] none:none
none|none none none

T:07:47:00 WinXP 80.142.107.96 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BONN, NORDRHEIN-WESTFALEN, DE. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:07:48:00 WinXP 125.215.73.134 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:48:00 WinXP 69.109.153.52 (PACBELL.NET):
AT&T INTERNET SERVICES,
SAN DIEGO, CALIFORNIA, US. (100Mbps) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33
0 of 33 b12e5dfed0
[Firefox: 4 hits: 06-21 to 07-21]
dc92683d9a
[Firefox: 9 hits: 06-19 to 08-11]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
dc92683d9a[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

07:49:00 WinXP 122.132.175.38 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
30 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:54:00 WinXP 210.147.140.164 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
MAKINO, SHIGA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

07:59:00 Win2K-f 61.222.2.212 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
57ce4acac2
[Firefox:108 hits: 06-17 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

08:09:00 Win2K-f 125.207.237.145 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

08:15:00 Win2K-f 222.148.192.227 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:08:17:00 Win2K-f 125.175.51.67 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 33 of 36 5f5489a364
NEW none[none] none:none
none|none none none

T:08:22:00 WinXP 67.241.149.253 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:949 hits: 12-31 to 08-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:08:23:00 Win2K-f 60.42.110.15 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:08:27:00 Win2K-f 119.72.77.29 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 15 of 36 eed6a50223
[Firefox: 3 hits: 08-04 to 08-09] none[none] none:none
none|none none none

08:43:00 Win2K-f 86.131.8.110 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 24 of 33 4ce67d30a6
[Firefox: 2 hits: 06-29 to 08-07] none[none] none:none
none|none none none

08:47:00 WinXP 86.155.23.191 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
SWANSEA, WALES, UK. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:472 hits: 01-01 to 08-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

08:51:00 WinXP 75.9.209.148 (SBCGLOBAL.NET):
PPPOX POOL - RBACK6.CRCHTX,
US. (DSL) n/a EU:siliconfireware.ru
GB:new.egg.com
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
29 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:457 hits: 01-01 to 08-12] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:08:51:00 Win2K-f 118.236.55.235 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 17 of 33 9eeace63d5
[Firefox: 2 hits: 06-30 to 08-12] none[none] none:none
none|none none none

T:09:00:00 WinXP 62.11.202.215 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
CAGLIARI, SARDEGNA, IT. (DIAL) n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 445 pcap raw alerts
ruleset http
http
http
11 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:209 hits: 01-01 to 08-12] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:09:05:00 WinXP 220.107.141.106 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 15 of 33 a793802e3c
[Firefox:10 hits: 06-28 to 08-10] none[none] none:none
none|none none none

T:09:06:00 Win2K-f 219.71.235.221 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset http
189 lines Yeah : 1.3
profile none summary
tarball 33 of 35
30 of 35
0 of 32 017226a316
NEW
9b03689ec5
NEW
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:09:07:00 Win2K-f 71.131.139.132 (SBCGLOBAL.NET):
DOMINO'S PIZZA,
PLANO, TEXAS, US. (100Mbps) n/a US:w3bs.chat-shqip.org
US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:192.221.99.124:80
US:204.160.126.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset irc
http
93 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
a08f3b74a4
[Firefox:449 hits: 06-18 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:09:07:00 WinXP 92.41.167.39 (IKBCC.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl
DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
RU:www.masterbank.ru
US:204.13.161.51:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 33 of 36 edae47cb60
NEW none[none] none:none
none|none none none

09:11:00 Win2K-f 125.215.127.236 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

09:18:00 WinXP 4.88.5.63 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHADBOURN, NORTH CAROLINA, US. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

09:18:00 Win2K-f 125.215.73.134 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

09:20:00 WinXP 219.162.189.19 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
FUKUOKA, FUKUOKA, JP. n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 23 of 36 34862983cd
[Firefox: 2 hits: 08-10 to 08-12] none[none] none:none
none|none none none

T:09:32:00 WinXP 67.1.47.230 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
EUGENE, OREGON, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
146 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 0617ab2cf7
NEW
b33f1ae548
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

09:34:00 WinXP 118.109.106.131 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:16 hits: 08-02 to 08-12] none[none] none:none
none|none none none

09:38:00 Win2K-f 217.252.182.63 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
BIELEFELD, NORDRHEIN-WESTFALEN, DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 20 of 36 f51db5fb95
NEW none[none] none:none
none|none none none

09:45:00 WinXP 58.190.14.219 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 17 of 33 64477225c9
[Firefox: 6 hits: 06-28 to 08-10] none[none] none:none
none|none none none

T:09:47:00 WinXP 122.26.189.57 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

09:55:00 WinXP 217.144.222.175 (NET.PL):
INTERNET SOLUTIONS ISP,
TARNOW, MALOPOLSKIE, PL. n/a 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

09:56:00 Win2K-f 217.201.26.118 (-):
TELECOM ITALIA MOBILE,
IT. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
21 lines Yeah : 1.3
profile none summary
tarball 34 of 36 77313ca88c
NEW none[none] none:none
none|none none none

10:09:00 Win2K-f 219.255.6.118 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
32 of 33
0 of 32 0a2b1894da
NEW
414b95a784
NEW
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

10:10:00 WinXP 93.163.56.52 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a EU:siliconfireware.ru
:wpad
GB:welcome3.smile.co.uk
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:209 hits: 01-01 to 08-12] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:10:13:00 Win2K-f 125.197.109.27 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

10:14:00 WinXP 64.108.158.80 (-):
DIAL POOL TNT1.LGTPMI,
LANSING, MICHIGAN, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad 445 pcap raw alerts
ruleset http
http
http
http
38 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:457 hits: 01-01 to 08-12] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

10:23:00 Win2K-f 202.219.252.165 (INFOWEB.NE.JP):
INFOWEB,
TOKYO, TOKYO, JP. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 13 of 33 7e8babc6f9
[Firefox: 5 hits: 06-27 to 08-12] none[none] none:none
none|none none none

10:29:00 Win2K-f 125.197.212.171 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:16 hits: 08-02 to 08-12] none[none] none:none
none|none none none

10:30:00 WinXP 208.188.17.33 (SWBELL.NET):
AS101 RCSNTX DIAL POOL,
DALLAS, TEXAS, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:10:31:00 Win2K-f 125.215.127.236 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:10:36:00 Win2K-f 118.109.93.112 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 a666364b88
[Firefox: 3 hits: 06-28 to 08-12] none[none] none:none
none|none none none

T:10:40:00 WinXP 114.120.16.215 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:434 hits: 12-31 to 08-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

10:47:00 WinXP 189.2.223.178 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:48:00 WinXP 189.2.223.178 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a RU:moscow-advokat.ru
FR:utenti.lycos.it
EU:gaz-prom.ru
:vx9.users.freebsd.at
:brussels.be.eu.undernet.org
:irc.kar.net
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
US:lia.zanet.net
:washington.dc.us.undernet.org
AT:graz.at.eu.undernet.org
BE:london.uk.eu.undernet.org
RU:irc.tsk.ru
:gaspode.zanet.org.za
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 36 of 36 1439b216ed
NEW none[none] none:none
none|none none none

10:49:00 Win2K-f 80.132.250.188 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 12 of 33 9a32965bc8
[Firefox:13 hits: 06-28 to 08-04] none[none] none:none
none|none none none

T:10:49:00 WinXP 88.134.57.101 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
58 lines Yeah : 1.8
profile none summary
tarball 25 of 36 e2bd2ba599
NEW none[none] none:none
none|none none none

11:03:00 WinXP 61.94.71.175 (TELKOM.NET.ID):
PT TELKOM INDONESIA,
ID. n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:457 hits: 01-01 to 08-12] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

11:13:00 WinXP 85.180.154.222 (ALICEDSL.DE):
HANSENET-ADSL,
FRANKFURT, HESSEN, DE. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

11:19:00 WinXP 65.68.19.187 (-):
POPLAR PCS,
JONESBORO, ARKANSAS, US. (100Mbps) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
28 of 32
0 of 33 3f0a5b2ebe
[Firefox:11 hits: 06-18 to 08-11]
c6bfb5f0f2
[Firefox:11 hits: 06-18 to 08-11]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
c6bfb5f0f2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
PolyEnE|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

11:34:00 WinXP 86.97.199.138 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
SHARJAH, ASH SHARIQAH, AE. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
31 lines Yeah : 1.3
profile none summary
tarball 25 of 36 eb7b07b431
NEW none[none] none:none
none|none none none

11:35:00 Win2K-f 122.18.232.212 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 13 of 33 4a6ba0f5ba
[Firefox: 4 hits: 06-28 to 08-05] none[none] none:none
none|none none none

11:46:00 Win2K-f 86.168.221.45 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:11:50:00 Win2K-f 170.51.83.135 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:52:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:chat-shqip.org
HK:proxima.ircgalaxy.pl
US:w3bs.chat-shqip.org
US:205.128.73.126:80
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
a08f3b74a4
[Firefox:449 hits: 06-18 to 08-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:55:00 WinXP 63.24.190.95 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:56:00 WinXP 83.93.239.180 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
VEJLE, VEJLE, DK. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f5a40500f2
[Firefox: 3 hits: 06-27 to 07-30] none[none] none:none
none|none none none

11:57:00 WinXP 83.93.239.180 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
VEJLE, VEJLE, DK. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
SE:qis.md.us.dal.net
US:lia.zanet.net
:flanders.be.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f5a40500f2
[Firefox: 3 hits: 06-27 to 07-30] none[none] none:none
none|none none none

T:12:12:00 WinXP 80.223.12.170 (INET.FI):
BROADBAND ACCESS POOL,
HELSINKI, ETELA-SUOMEN LAANI, FI. (DSL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 22999be88c
[Firefox:12 hits: 04-05 to 08-05] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

T:12:15:00 WinXP 88.134.110.225 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 4 hits: 07-01 to 08-02] none[none] none:none
none|none none none

T:12:21:00 Win2K-f 24.163.104.188 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:25:00 WinXP 92.228.71.242 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

12:28:00 WinXP 70.61.108.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

12:30:00 WinXP 116.41.102.110 (-):
LG POWERCOMM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33
0 of 33 4ab2ecbc0f
[Firefox: 5 hits: 06-29 to 08-12]
65eb2e3aee
[Firefox: 5 hits: 06-29 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:12:38:00 Win2K-f 62.133.129.96 (OSTNET.PL):
OKREGOWA SPOLDZIELNIA TELEFONICZNA W TYCZYNIE,
PL. (DIAL) n/a 445 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

12:42:00 Win2K-f 67.0.73.9 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
MASON CITY, IOWA, US. n/a 135 pcap raw alerts
ruleset other
22 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:44:00 Win2K-f 92.8.239.226 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 32 of 33 eab50c3dea
[Firefox:10 hits: 06-28 to 08-04] none[none] none:none
none|none none none

12:45:00 WinXP 88.134.64.75 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:12:46:00 WinXP 213.174.255.153 (INFOTECH.AT):
DIALIN HAAG AM HAUSRUCK,
AT. (100Mbps) 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 20 of 36 24d291f8f2
NEW none[none] none:none
none|none none none

T:12:49:00 WinXP 125.198.22.93 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
61 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:16 hits: 08-02 to 08-12] none[none] none:none
none|none none none

T:12:58:00 WinXP 217.157.116.26 (PPP.CYBERCITY.DK):
CYBERCITY DIAL-UP PORTS,
ØLSTYKKE, FREDERIKSBORG, DK. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:12:58:00 WinXP 200.100.53.65 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 93afd0b12c
[Firefox: 2 hits: 08-06 to 08-08] none[none] none:none
none|none none none

13:08:00 Win2K-f 63.17.223.150 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:10:00 WinXP 88.134.110.225 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 4 hits: 07-01 to 08-02] none[none] none:none
none|none none none

T:13:20:00 WinXP 78.150.182.59 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 22 of 36 a621498c51
NEW none[none] none:none
none|none none none

T:13:31:00 Win2K-f 91.66.92.77 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 4 hits: 07-01 to 08-02] none[none] none:none
none|none none none

13:34:00 WinXP 92.8.239.226 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:80
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 eab50c3dea
[Firefox:10 hits: 06-28 to 08-04] none[none] none:none
none|none none none

13:38:00 Win2K-f 82.25.35.190 (NTL.COM):
NTLI,
UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

13:38:00 Win2K-f 4.228.183.97 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
OMAHA, NEBRASKA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

13:56:00 WinXP 172.132.23.240 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
118 lines Yeah : 1.3
profile none summary
tarball 35 of 36
31 of 33 8ba06fb2f5
NEW
fb93090880
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:14:03:00 Win2K-f 200.165.197.179 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 1.3
profile none summary
tarball 33 of 36 33d1fcc1cb
NEW none[none] none:none
none|none none none

14:04:00 WinXP 118.7.144.146 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
30 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

14:13:00 Win2K-f 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
a08f3b74a4
[Firefox:449 hits: 06-18 to 08-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:18:00 Win2K-f 124.86.89.190 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

14:19:00 Win2K-f 217.202.119.67 (-):
TELECOM ITALIA MOBILE,
IT. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
18 lines Yeah : 1.3
profile none summary
tarball 34 of 36 8f994428e5
NEW none[none] none:none
none|none none none

14:25:00 WinXP 68.127.242.117 (PACBELL.NET):
PPPOX POOL - RBACK4.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:205.128.73.126:80
US:207.123.42.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
a08f3b74a4
[Firefox:449 hits: 06-18 to 08-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:31:00 WinXP 217.184.74.52 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
CHEMNITZ, SACHSEN, DE. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:209 hits: 01-01 to 08-12] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

14:38:00 Win2K-f 125.215.97.240 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

14:45:00 WinXP 71.65.24.37 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:268 hits: 01-05 to 08-12] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:14:52:00 Win2K-f 99.151.124.28 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:14:54:00 Win2K-f 92.10.143.248 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 32 of 33 eab50c3dea
[Firefox:10 hits: 06-28 to 08-04] none[none] none:none
none|none none none

T:14:56:00 WinXP 4.88.7.22 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHADBOURN, NORTH CAROLINA, US. (DIAL) 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:14:58:00 WinXP 59.190.34.7 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 64a2cc1200
[Firefox: 2 hits: 08-07 to 08-12] none[none] none:none
none|none none none

T:15:11:00 WinXP 222.149.199.254 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 33 of 33 3b2958417b
[Firefox: 7 hits: 07-09 to 08-12] none[none] none:none
none|none none none

15:16:00 WinXP 84.187.234.151 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
MöNCHENGLADBACH, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:15:39:00 WinXP 70.67.255.137 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 a1ee732656
NEW none[none] none:none
none|none none none

15:44:00 Win2K-f 190.176.150.118 (-):
. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

15:52:00 WinXP 222.149.199.254 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:15:56:00 WinXP 125.215.97.240 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

15:59:00 Win2K-f 122.146.227.3 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80
US:208.111.148.43:80 135 pcap raw alerts
ruleset other
382 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 49f8b27cca
[Firefox: 2 hits: 06-24 to 07-27]
e414dccc52
[Firefox: 2 hits: 06-24 to 07-27] 49f8b27cca [1]
none [4] ASM:Graph
none:none
Armadillo|
ASProtect| lines=82
none trace
trace

15:59:00 WinXP 217.184.83.233 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. n/a 445 pcap raw alerts
ruleset http
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

16:02:00 WinXP 125.192.44.15 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:16:09:00 WinXP 76.182.2.6 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
:www.proxy-socks.net 445 pcap raw alerts
ruleset http
http
http
http
32 lines Yeah : 0.8
profile none summary
tarball 0 of 36
29 of 29 5076dccc2e
NEW
a12cab51ef
[Firefox:457 hits: 01-01 to 08-12] none[none]
40f7f463c4[0] none:none
ASM:Graph
none|none
ASPack| none
lines=281
embedded dns none
trace

16:23:00 Win2K-f 144.134.229.96 (TMNS.NET.AU):
TELSTRAINTERNET27,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:24:00 WinXP 61.209.66.73 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

16:28:00 WinXP 190.137.165.143 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:56 hits: 01-14 to 08-12] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:16:38:00 Win2K-f 98.105.95.59 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
193 lines Yeah : 1.3
profile none summary
tarball 31 of 32
29 of 33
0 of 32 5378ab9d2d
[Firefox: 4 hits: 06-28 to 08-02]
60a6e7e23c
[Firefox: 4 hits: 06-28 to 08-02]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

16:44:00 Win2K-f 122.2.252.189 (PLDT.NET):
IPG,
BAGUIO, BAGUIO, PH. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 135 pcap raw alerts
ruleset other
238 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 33 319dddbd87
NEW
bcabcc7cc3
[Firefox: 2 hits: 07-09 to 07-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

16:44:00 WinXP 130.13.35.213 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:16:46:00 WinXP 4.225.202.117 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:949 hits: 12-31 to 08-12] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:46:00 Win2K-f 116.123.154.137 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
US:192.221.110.126:80
US:206.33.45.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
irc
932 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
31 of 33
24 of 33
0 of 32
30 of 36 37f41fd8ab
[Firefox:70 hits: 07-24 to 08-12]
5ab0a45f63
[Firefox:85 hits: 07-24 to 08-12]
6e2eaa0359
[Firefox: 4 hits: 07-10 to 08-09]
740e3bffe0
[Firefox: 5 hits: 06-25 to 08-09]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12]
cfb20158d1
NEW none[none]
none [none]
none [none]
none [none]
b5919931fe[1]
none [none] none:none
none:none
none:none
none:none
ASM:Graph
none:none
none|none
none|none
none|none
none|none
ASProtect|
none|none none
none
none
none
lines=90
none none
none
none
none
trace
none

T:16:53:00 Win2K-f 93.81.105.57 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 210.245.211.11:65520 IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
HK:proxim.ircgalaxy.pl
IL:wr.mcboo.com
IL:194.90.224.86:80 445 pcap raw alerts
ruleset irc
http
195 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35
30 of 36 37f41fd8ab
[Firefox:70 hits: 07-24 to 08-12]
5ab0a45f63
[Firefox:85 hits: 07-24 to 08-12]
cfb20158d1
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

16:57:00 WinXP 4.159.56.90 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:317 hits: 12-31 to 08-12] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:16:57:00 Win2K-f 122.26.160.169 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

17:07:00 Win2K-f 170.51.118.185 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 35 5246e634df
[Firefox: 2 hits: 07-26 to 08-12] none[none] none:none
none|none none none

17:07:00 WinXP 24.80.98.70 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
2 of 32 607b60ad51
[Firefox:15 hits: 06-20 to 08-10]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12]
e5c7bce70e
[Firefox:15 hits: 06-20 to 08-10] none[4]
e07c29c4ae[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

T:17:09:00 Win2K-f 122.18.50.24 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 32 of 36 aafbc81b2f
NEW none[none] none:none
none|none none none

T:17:12:00 WinXP 172.135.39.221 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
196 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:12:00 WinXP 79.31.197.161 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:124 hits: 01-01 to 08-09] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

17:12:00 Win2K-f 208.84.201.228 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:204.160.104.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:28:00 Win2K-f 4.152.252.55 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
COLUMBIA, SOUTH CAROLINA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

17:47:00 WinXP 70.65.17.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RED DEER, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:50:00 WinXP 12.210.18.202 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
PECATONICA, ILLINOIS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:new.egg.com
:wpad
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
http
29 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:457 hits: 01-01 to 08-12] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

17:57:00 Win2K-f 211.129.121.188 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 32 of 36 9e62ec2cc6
NEW none[none] none:none
none|none none none

18:00:00 WinXP 60.45.156.254 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 23 of 36 11acb880a8
NEW none[none] none:none
none|none none none

18:16:00 Win2K-f 170.51.212.223 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:18:18:00 WinXP 85.152.88.55 (CM-85-152-88-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 35 of 35 dbbc586732
[Firefox: 9 hits: 07-28 to 08-08] none[none] none:none
none|none none none

18:18:00 WinXP 85.152.88.55 (CM-85-152-88-10.TELECABLE.ES):
TELECABLE,
GIJON, ASTURIAS, ES. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox: 9 hits: 07-28 to 08-08] none[none] none:none
none|none none none

18:21:00 WinXP 125.193.56.174 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 28 of 33 a9c8d121f2
[Firefox:16 hits: 06-28 to 08-12] none[none] none:none
none|none none none

T:18:26:00 Win2K-f 221.187.78.9 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
SEOUL, KYONGGI-DO, KR. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 22 of 36 44d1e93462
NEW none[none] none:none
none|none none none

18:37:00 Win2K-f 24.80.170.73 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:15 hits: 06-20 to 08-10]
e5c7bce70e
[Firefox:15 hits: 06-20 to 08-10] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:38:00 Win2K-f 76.77.231.48 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:45:00 WinXP 218.223.221.32 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:160 hits: 01-01 to 08-12] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:18:45:00 WinXP 218.223.221.32 (CTT.NE.JP):
CABLE TELEVISION TOYAMA INCORPORETED,
TOKYO, TOKYO, JP. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:160 hits: 01-01 to 08-12] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:18:55:00 WinXP 125.198.75.5 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

18:57:00 WinXP 189.51.251.40 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 43a4d39706
NEW none[none] none:none
none|none none none

18:57:00 WinXP 189.48.174.116 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:viking.dal.net
SE:broadway.ny.us.dal.net
:lulea.se.eu.undernet.org
SE:ced.dal.net
:flanders.be.eu.undernet.org
SE:ozbytes.dal.net
SE:coins.dal.net
:brussels.be.eu.undernet.org
:gaspode.zanet.org.za
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
RU:194.6.222.11:6667
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 33 85ef47d231
NEW none[none] none:none
none|none none none

18:59:00 Win2K-f 96.15.5.90 (-):
. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.79.126:80
US:207.123.46.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 6d86a1ff5a
[Firefox:31 hits: 06-25 to 08-11]
7f6e032fc0
[Firefox:31 hits: 06-25 to 08-11] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:08:00 WinXP 75.16.39.196 (SBCGLOBAL.NET):
RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:472 hits: 01-01 to 08-12] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:19:17:00 WinXP 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:199.93.44.124:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
a08f3b74a4
[Firefox:449 hits: 06-18 to 08-12] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:18:00 Win2K-f 119.72.86.51 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2a933f091d
NEW none[none] none:none
none|none none none

19:19:00 Win2K-f 60.237.223.210 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

19:20:00 WinXP 118.236.155.10 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

19:32:00 Win2K-f 118.241.75.108 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

19:32:00 WinXP 218.168.69.5 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 33 7f6ea12654
[Firefox:18 hits: 07-13 to 08-11] none[none] none:none
none|none none none

T:19:32:00 Win2K-f 200.100.40.8 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset irc
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:36:00 Win2K-f 24.79.84.41 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80
US:205.128.79.124:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
135 lines Yeah : 1.3
profile none summary
tarball 33 of 36
34 of 36 7fb837f4e8
NEW
b4b6a2a4df
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:37:00 WinXP 83.110.99.178 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
SHARJAH, ASH SHARIQAH, AE. n/a RU:moscow-advokat.ru
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:434 hits: 12-31 to 08-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:19:41:00 Win2K-f 118.236.155.10 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:19:47:00 WinXP 61.219.104.180 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAINAN, KAO-HSIUNG, TW. 63.173.172.98:6667
US:63.173.172.98:6667 135 pcap raw alerts
ruleset irc
887 lines Yeah : 1.8
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:20 hits: 07-13 to 08-01] none[none] none:none
none|none none none

T:19:49:00 WinXP 190.31.165.59 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:57:00 Win2K-f 217.114.231.46 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 69.42.216.90:9890 :f.unicat.org 445 pcap raw alerts
ruleset ftp
irc
107 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

19:58:00 WinXP 121.113.51.116 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 30 of 36 7140ff24e6
[Firefox: 2 hits: 08-02 to 08-12] none[none] none:none
none|none none none

19:58:00 WinXP 125.198.75.5 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
89 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

20:04:00 WinXP 203.217.123.6 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
BEIJING, BEIJING, CN. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:04:00 WinXP 190.173.132.131 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 26 of 36 18d92193f9
NEW none[none] none:none
none|none none none

20:05:00 Win2K-f 122.52.66.187 (PLDT.NET):
IPG,
PH. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:06:00 WinXP 77.54.62.117 (REV.VODAFONE.PT):
GPRS POOLS,
PT. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:06:00 WinXP 118.160.21.8 (-):
. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:08:00 Win2K-f 118.160.21.8 (-):
. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:10:00 Win2K-f 122.123.9.164 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:11:00 Win2K-f 190.182.40.150 (METROTEL.NET.CO):
METROTEL REDES S.A,
CO. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:11:00 WinXP 92.84.0.60 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:15:00 Win2K-f 190.173.132.131 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:18:00 WinXP 122.123.9.164 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

20:19:00 Win2K-f 92.84.0.60 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:24:00 WinXP 89.223.216.15 (-):
VODAFONE HUNGARY LTD,
HU. 69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 13 of 31 e8d4d8cde1
[Firefox:397 hits: 03-31 to 08-11] fda109a6fd [0] ASM:Graph
ASProtect| lines=583
embedded dns trace

T:20:29:00 Win2K-f 92.125.237.129 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:30:00 Win2K-f 201.221.114.13 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:36:00 WinXP 118.15.159.233 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:20:39:00 Win2K-f 190.54.147.201 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:45:00 WinXP 190.54.147.201 (CHILESAT.NET):
TELMEX SERVICIOS EMPRESARIALES S.A,
CL. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:07:00 Win2K-f 220.57.120.4 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:08:00 Win2K-f 122.52.75.194 (PLDT.NET):
IPG,
PH. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:192.221.99.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33 16874933ea
[Firefox:30 hits: 06-18 to 08-11]
76ee340669
[Firefox:31 hits: 06-18 to 08-11] 16874933ea [1]
none [4] ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

T:21:16:00 Win2K-f 213.55.73.219 (TELECOM.NET.ET):
ETHIOPIAN TELECOMMUNICATION CORPORATION,
ET. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:21:35:00 WinXP 220.219.34.99 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 16 of 36 e2dc3421f5
NEW none[none] none:none
none|none none none

21:37:00 Win2K-f 123.218.238.179 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 24 of 36 620caac1b7
NEW none[none] none:none
none|none none none

21:44:00 WinXP 75.80.91.146 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:198.78.201.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
b7082104e4
[Firefox:82 hits: 06-18 to 08-12] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

22:05:00 WinXP 125.2.35.42 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:22:14:00 Win2K-f 58.236.245.145 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:15:00 Win2K-f 118.6.105.250 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

22:18:00 WinXP 66.57.180.53 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
e07c29c4ae
[Firefox:228 hits: 06-19 to 08-12] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

22:19:00 Win2K-f 117.55.68.100 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:23:00 WinXP 151.33.179.146 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
TORINO, PIEMONTE, IT. (DIAL) 64.85.160.111:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

22:24:00 Win2K-f 78.54.168.24 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:22:27:00 Win2K-f 123.218.238.179 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 24 of 36 620caac1b7
NEW none[none] none:none
none|none none none

22:33:00 WinXP 70.69.136.171 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
ABBOTSFORD, BRITISH COLUMBIA, CA. (DSL) 72.10.172.218:8492 CA:jiets.soidudrf.com 135 pcap raw alerts
ruleset irc
854 lines Yeah : 1.8
profile none summary
tarball 29 of 32 d74613e216
[Firefox: 2 hits: 06-15 to 07-08] d74613e216 [1] ASM:Graph
ASProtect| lines=45 trace

T:22:42:00 Win2K-f 122.2.166.244 (PLDT.NET):
IPG,
PH. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:48:00 WinXP 122.29.12.139 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 20 of 33 d284c3c3f6
[Firefox: 3 hits: 06-30 to 08-04] none[none] none:none
none|none none none

T:22:51:00 Win2K-f 4.158.231.181 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MAPLE GROVE, MINNESOTA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1367 hits: 06-17 to 08-12]
73f1082158
[Firefox:697 hits: 06-18 to 08-12]
b5919931fe
[Firefox:296 hits: 06-20 to 08-12] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

22:51:00 WinXP 212.183.68.235 (TELEKOM.AT):
HIGHWAY CUSTOMERS,
VIENNA, WIEN, AT. (DSL) 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:136 hits: 05-22 to 08-12] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:22:56:00 WinXP 122.134.7.198 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:22:57:00 Win2K-f 82.208.100.77 (MTS-NN.RU):
NETWORK FOR DIALUP SERVICES,
RU. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:23:01:00 Win2K-f 80.161.181.55 (50A1B40A.FLATRATE.DK):
DANSK KABEL TV KABEL MODEM,
ODENSE, FYN, DK. 67.149.121.39:12351 HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
31 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:03:00 WinXP 213.242.229.164 (-):
PPTP CONNECTIONS,
SOCHI, KRASNODARSKIY KRAY, RU. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:417 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:23:06:00 Win2K-f 121.93.180.143 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 15 of 36 24f270a1e9
NEW none[none] none:none
none|none none none

T:23:13:00 WinXP 119.72.33.144 (-):
. n/a RU:moscow-advokat.ru
SE:vancouver.dal.net
:lulea.se.eu.undernet.org
SE:qis.md.us.dal.net
:caen.fr.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:broadway.ny.us.dal.net
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:viking.dal.net
:washington.dc.us.undernet.org
SE:coins.dal.net
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
SE:ozbytes.dal.net
SE:ced.dal.net
US:lia.zanet.net
NL:london.uk.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:434 hits: 12-31 to 08-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

23:13:00 WinXP 119.72.33.144 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:434 hits: 12-31 to 08-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

23:13:00 WinXP 122.133.201.239 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

23:14:00 Win2K-f 124.86.145.216 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:420 hits: 06-27 to 08-12] none[none] none:none
none|none none none

T:23:14:00 WinXP 114.120.63.93 (-):
. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
:gaspode.zanet.org.za
SE:qis.md.us.dal.net
NL:diemen.nl.eu.undernet.org
:washington.dc.us.undernet.org
US:lia.zanet.net
SE:ced.dal.net
:caen.fr.eu.undernet.org
:brussels.be.eu.undernet.org
NL:london.uk.eu.undernet.org
SE:broadway.ny.us.dal.net
:lulea.se.eu.undernet.org
:flanders.be.eu.undernet.org
:los-angeles.ca.us.undernet.org
SE:coins.dal.net
SE:ozbytes.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:434 hits: 12-31 to 08-12] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

23:27:00 Win2K-f 121.93.180.143 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 15 of 36 24f270a1e9
NEW none[none] none:none
none|none none none

23:28:00 WinXP 118.19.107.227 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 34 of 36 504ca2961e
NEW none[none] none:none
none|none none none

23:37:00 WinXP 122.29.104.63 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:347 hits: 06-27 to 08-12] none[none] none:none
none|none none none

23:38:00 Win2K-f 118.6.173.98 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 25 of 36 e7b039b6f5
[Firefox: 2 hits: 08-11 to 08-12] none[none] none:none
none|none none none

23:44:00 WinXP 172.165.117.107 (AOL.COM):
AMERICA ONLINE,
US. n/a NL:0x80.online-software.org
NL:0x80.martiansong.com
:0xff.memzero.info
:0x80.my-secure.name
NL:0x80.goingformars.com
NL:0x80.my1x1.com
NL:194.109.11.65:1023
NL:194.109.11.65:6556 135 pcap raw alerts
ruleset other
255 lines Yeah : 1.3
profile none summary
tarball 32 of 32 15d4d85dc0
[Firefox: 3 hits: 06-10 to 08-07] none[4] none:none
StarForce| none trace

23:51:00 Win2K-f 123.218.144.130 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 f7249dcbd7
[Firefox: 2 hits: 08-12 to 08-12] none[none] none:none
none|none none none

23:58:00 Win2K-f 219.71.235.221 (NVWTV.COM.TW):
HOSHIN GIGAMEDIA CENTER INC,
TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.42.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
189 lines Yeah : 1.3
profile none summary
tarball 33 of 35
0 of 36
30 of 35 017226a316
NEW
4574e61bf9
NEW
9b03689ec5
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none