Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

14 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:07:00 WinXP 124.86.155.205 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

00:22:00 WinXP 92.226.137.149 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:00:23:00 Win2K-f 118.6.160.170 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

00:27:00 WinXP 82.60.139.234 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
TORINO, PIEMONTE, IT. n/a 445 pcap raw alerts
ruleset ftp
22 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

00:40:00 WinXP 92.4.42.245 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 12 of 33 0b0c6a7b64
[Firefox: 2 hits: 06-30 to 07-28] none[none] none:none
none|none none none

00:41:00 WinXP 121.87.44.87 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:270 hits: 01-05 to 08-13] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:00:44:00 Win2K-f 72.184.76.239 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

00:50:00 WinXP 87.20.68.80 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. 213.239.192.125:5001 DE:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:145 hits: 05-22 to 08-13] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

00:51:00 Win2K-f 122.30.162.106 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 24 of 36 932d6ecf95
NEW none[none] none:none
none|none none none

T:00:52:00 WinXP 221.191.224.201 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

01:15:00 Win2K-f 125.237.0.115 (XTRA.CO.NZ):
TELECOM XTRA,
NZ. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

01:19:00 WinXP 118.236.144.131 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:01:27:00 Win2K-f 217.43.202.204 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

01:34:00 Win2K-f 87.15.62.41 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PADOVA, VENETO, IT. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 18 of 36 8a09343c6c
NEW none[none] none:none
none|none none none

01:35:00 WinXP 61.218.193.226 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
89 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
57ce4acac2
[Firefox:110 hits: 06-17 to 08-13] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:41:00 Win2K-f 217.71.202.69 (03313.AEROMAX.ES):
INTERNET SERVICE PROVIDER,
ES. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 28 of 36 2802f20ca4
NEW none[none] none:none
none|none none none

01:45:00 WinXP 213.45.172.128 (POOL21345.INTERBUSINESS.IT):
TELECOM ITALIA S.P.A,
TORINO, PIEMONTE, IT. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:01:45:00 Win2K-f 122.27.16.225 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 31 of 33 b333d29ff7
[Firefox: 7 hits: 06-29 to 08-13] none[none] none:none
none|none none none

01:50:00 Win2K-f 116.125.31.226 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.99.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 32 168aab35a3
[Firefox:87 hits: 06-17 to 08-12]
61426996c3
[Firefox: 7 hits: 06-20 to 07-26] none[4]
61426996c3[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

01:52:00 WinXP 123.225.67.99 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

01:53:00 WinXP 122.130.223.214 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

02:04:00 Win2K-f 217.43.202.204 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:02:14:00 Win2K-f 24.82.101.167 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. 72.10.172.218:7763 CA:fuck.urpal43sourpalhuh.com 135 pcap raw alerts
ruleset irc
http
241 lines Yeah : 1.8
profile none summary
tarball 21 of 30
22 of 36 6f48587848
NEW
77d4ff8a3d
NEW 0bc04966dd [0]
none [none] none:none
none:none
none|none
none|none none
none trace
none

T:02:19:00 WinXP 122.130.223.214 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

02:21:00 WinXP 81.137.216.248 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
LONDON, ENGLAND, UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:02:25:00 Win2K-f 66.14.107.10 (GTE.NET):
GENUITY DSL,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

02:26:00 Win2K-f 220.102.207.159 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:02:35:00 WinXP 58.226.107.218 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.125:80
US:198.78.220.124:80
US:204.160.104.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 24 of 33
32 of 33 074325ecbc
[Firefox: 8 hits: 07-02 to 08-07]
2a66fc87fa
[Firefox: 9 hits: 07-02 to 08-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:36:00 WinXP 86.129.232.243 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:323 hits: 12-31 to 08-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

02:37:00 Win2K-f 68.147.48.79 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:38:00 WinXP 122.132.168.242 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

02:39:00 Win2K-f 222.146.93.86 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

02:40:00 Win2K-f 121.3.137.91 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 be33f552bb
NEW none[none] none:none
none|none none none

T:02:48:00 WinXP 81.137.216.248 (BTOPENWORLD.COM):
SINGLE STATIC IP ADDRESSES,
LONDON, ENGLAND, UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
64 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:03:12:00 WinXP 122.132.25.242 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

03:15:00 WinXP 122.26.45.26 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 33 of 36 77a2a5f86e
NEW none[none] none:none
none|none none none

T:03:22:00 Win2K-f 203.112.59.178 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

03:24:00 WinXP 78.148.86.163 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:03:29:00 Win2K-f 92.17.54.101 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 32 of 36 ffa71a2414
NEW none[none] none:none
none|none none none

03:30:00 Win2K-f 122.132.25.242 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

03:39:00 Win2K-f 78.57.85.20 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. n/a US:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 36 20913ce97d
NEW none[none] none:none
none|none none none

T:03:44:00 Win2K-f 118.8.1.164 (-):
. 67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 13 of 33 4a6ba0f5ba
[Firefox: 5 hits: 06-28 to 08-13] none[none] none:none
none|none none none

03:46:00 WinXP 79.138.209.69 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:flanders.be.eu.undernet.org
SE:qis.md.us.dal.net
BE:london.uk.eu.undernet.org
:brussels.be.eu.undernet.org
SE:vancouver.dal.net
SE:ozbytes.dal.net
SE:ced.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:03:46:00 WinXP 79.138.209.69 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

03:50:00 WinXP 218.224.152.166 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:270 hits: 01-05 to 08-13] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

03:51:00 Win2K-f 92.3.250.162 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 17713b53db
NEW none[none] none:none
none|none none none

03:58:00 WinXP 68.183.227.25 (DSLEXTREME.COM):
DSL EXTREME,
SAN JOSE, CALIFORNIA, US. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f290b990cc
NEW none[none] none:none
none|none none none

T:03:58:00 WinXP 68.183.227.25 (DSLEXTREME.COM):
DSL EXTREME,
SAN JOSE, CALIFORNIA, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 f290b990cc
NEW none[none] none:none
none|none none none

04:16:00 WinXP 41.214.160.191 (-):
. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 33 of 33 a483ba8aa1
[Firefox:15 hits: 07-09 to 08-09] none[none] none:none
none|none none none

04:17:00 Win2K-f 122.21.224.210 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:04:18:00 WinXP 41.214.160.191 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
4 lines Yeah : 1.3
profile none summary
tarball 33 of 33 a483ba8aa1
[Firefox:15 hits: 07-09 to 08-09] none[none] none:none
none|none none none

T:04:20:00 WinXP 88.134.64.56 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 31 of 33 b4a43d2c1c
[Firefox: 3 hits: 06-30 to 08-06] none[none] none:none
none|none none none

04:31:00 Win2K-f 80.228.7.150 (EWETEL.NET):
EWETEL-DIALINNET,
DE. (DIAL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

04:36:00 Win2K-f 123.225.49.47 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 8 of 33 b2fae7acd0
[Firefox: 5 hits: 06-28 to 07-01] none[none] none:none
none|none none none

04:41:00 WinXP 115.131.12.82 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 15 of 36 f5e257ce96
[Firefox: 3 hits: 08-01 to 08-04] none[none] none:none
none|none none none

05:04:00 Win2K-f 125.197.222.52 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:20 hits: 08-02 to 08-13] none[none] none:none
none|none none none

T:05:04:00 WinXP 124.87.81.179 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

05:07:00 Win2K-f 124.61.35.102 (-):
POWERCOM,
KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:204.160.104.126:80
US:207.123.42.126:80
US:207.123.46.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 0 of 33
32 of 33 4c3df24b32
[Firefox:142 hits: 06-17 to 08-13]
58408136a4
[Firefox:10 hits: 06-28 to 08-09] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

05:24:00 WinXP 118.0.85.61 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 25 of 36 46cc8cd943
NEW none[none] none:none
none|none none none

T:05:26:00 WinXP 81.30.152.134 (-):
SKYBELLL,
AZ. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 25 of 36 55f4cd7f81
NEW none[none] none:none
none|none none none

05:26:00 Win2K-f 125.215.98.144 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:05:28:00 Win2K-f 120.74.202.231 (-):
. n/a CA:done.blacktiehsbdcs.com 445 pcap raw alerts
ruleset ftp
irc
http
36 lines Yeah : 1.3
profile none summary
tarball 35 of 36
14 of 36 6655ed5fd7
NEW
ff06f98413
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:05:32:00 Win2K-f 221.190.54.160 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

05:35:00 Win2K-f 122.25.47.38 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d9109d2fec
[Firefox: 2 hits: 08-09 to 08-10] none[none] none:none
none|none none none

05:39:00 WinXP 125.215.127.154 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 32 of 36 743c9d8c26
NEW none[none] none:none
none|none none none

05:43:00 WinXP 88.111.175.12 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:05:45:00 Win2K-f 60.236.148.143 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 24 of 36 da7e62b29d
[Firefox: 5 hits: 08-01 to 08-12] none[none] none:none
none|none none none

T:05:51:00 Win2K-f 217.201.100.47 (-):
TELECOM ITALIA MOBILE,
IT. n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball 27 of 36 fc323cb276
NEW none[none] none:none
none|none none none

T:05:52:00 WinXP 24.109.208.130 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:11 hits: 07-28 to 08-13] none[none] none:none
none|none none none

05:54:00 Win2K-f 60.33.90.107 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
46 lines Yeah : 1.8
profile none summary
tarball 15 of 36 aa9f83dd09
NEW none[none] none:none
none|none none none

05:55:00 Win2K-f 123.254.5.182 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
31 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

05:57:00 WinXP 122.146.240.26 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:06:03:00 Win2K-f 118.0.85.61 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 25 of 36 46cc8cd943
NEW none[none] none:none
none|none none none

T:06:04:00 WinXP 81.195.170.194 (-):
OOO JURIDICHESKAJA KOMPANIJA GRUPPA NEZAVISIMIH KONSULTANTOV,
MOSCOW, MOSKVA, RU. (100Mbps) 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 16 of 36 12931b5821
NEW none[none] none:none
none|none none none

T:06:07:00 WinXP 122.29.117.203 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:06:10:00 WinXP 121.82.141.192 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 17 of 33 64477225c9
[Firefox: 7 hits: 06-28 to 08-13] none[none] none:none
none|none none none

06:14:00 WinXP 122.24.137.250 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
YOKOHAMA, KANAGAWA, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

06:18:00 WinXP 122.29.117.203 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

06:19:00 WinXP 123.217.224.95 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

06:24:00 Win2K-f 211.215.75.249 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.44.126:80
US:207.123.46.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 8a75955033
[Firefox:18 hits: 06-20 to 08-08]
9276c8b36b
[Firefox:18 hits: 06-20 to 08-08] none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

06:25:00 WinXP 190.138.116.135 (NET.AR):
TELECOM ARGENTINA S.A,
AR. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
US:adult-empire.com
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:11 hits: 07-28 to 08-13] none[none] none:none
none|none none none

T:06:34:00 WinXP 84.3.244.101 (T-ONLINE.HU):
HUNGARIAN TELECOM,
BUDAPEST, BUDAPEST, HU. n/a HK:proxim.ircgalaxy.pl
RU:moscow-advokat.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 ffbfabccb0
NEW none[none] none:none
none|none none none

06:39:00 WinXP 130.13.39.237 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:323 hits: 12-31 to 08-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:06:44:00 WinXP 123.254.5.182 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:06:45:00 Win2K-f 125.215.98.144 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:06:45:00 WinXP 124.84.177.21 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

06:50:00 Win2K-f 92.9.58.149 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 31 of 33 f4a8c4177e
[Firefox: 8 hits: 06-28 to 08-12] none[none] none:none
none|none none none

T:06:53:00 Win2K-f 118.237.47.138 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 18 of 36 46216c5e35
NEW none[none] none:none
none|none none none

T:07:05:00 WinXP 221.126.252.112 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:13 hits: 08-02 to 08-13] none[none] none:none
none|none none none

07:09:00 WinXP 69.208.0.54 (AMERITECH.NET):
RBACK3.AKRNOH,
CANTON, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
a08f3b74a4
[Firefox:454 hits: 06-18 to 08-13]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

07:13:00 Win2K-f 202.67.17.57 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

07:17:00 WinXP 202.163.176.47 (TCNET.NE.JP):
TONAMI TRANSPORTATION CO. LTD,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:07:21:00 WinXP 125.2.32.182 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

07:24:00 WinXP 76.244.79.140 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a RU:moscow-advokat.ru
RU:irc.tsk.ru
:los-angeles.ca.us.undernet.org
:washington.dc.us.undernet.org
AT:graz.at.eu.undernet.org
:gaspode.zanet.org.za
US:lia.zanet.net
:caen.fr.eu.undernet.org
NL:london.uk.eu.undernet.org
:flanders.be.eu.undernet.org
:brussels.be.eu.undernet.org
:irc.kar.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
[Firefox:13 hits: 01-01 to 08-11] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

T:07:26:00 WinXP 124.100.194.39 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:07:28:00 WinXP 61.203.20.11 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:07:34:00 WinXP 122.16.149.218 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:07:38:00 Win2K-f 210.151.136.101 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

07:42:00 WinXP 118.109.72.240 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 34 of 36 196cf05bfc
NEW none[none] none:none
none|none none none

T:07:51:00 WinXP 24.105.227.179 (SPEAKEASY.NET):
US. n/a 135 pcap raw alerts
ruleset other
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:59:00 WinXP 118.1.37.58 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 22 of 36 e48fdda0af
NEW none[none] none:none
none|none none none

08:01:00 Win2K-f 118.236.255.251 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

08:09:00 WinXP 61.219.208.75 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.23:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
57ce4acac2
[Firefox:110 hits: 06-17 to 08-13]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[4]
57ce4acac2[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

08:10:00 WinXP 210.151.136.101 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

08:12:00 WinXP 122.133.238.67 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.8
profile none summary
tarball 21 of 36 3e613f57c0
[Firefox: 2 hits: 08-04 to 08-04] none[none] none:none
none|none none none

08:15:00 Win2K-f 78.97.26.164 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:08:15:00 Win2K-f 98.141.161.175 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:18:00 WinXP 93.163.56.52 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a GB:new.egg.com
DE:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
24 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:212 hits: 01-01 to 08-13] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:08:18:00 WinXP 118.109.72.240 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 31 of 33 a666364b88
[Firefox: 4 hits: 06-28 to 08-13] none[none] none:none
none|none none none

08:19:00 Win2K-f 170.51.84.120 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 19 of 32 382279b44f
[Firefox:145 hits: 05-22 to 08-13] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

08:24:00 WinXP 190.136.151.7 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a UA:citi-bank.ru
DE:kidos-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:57 hits: 01-14 to 08-13] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

08:35:00 Win2K-f 196.208.31.216 (DIAL-UP.NET):
AFRINIC,
ZA. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.137:80
US:208.111.148.152:80 135 pcap raw alerts
ruleset other
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:08:41:00 Win2K-f 118.9.149.193 (-):
. n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

08:50:00 WinXP 213.242.234.213 (-):
PPTP CONNECTIONS,
EKATERINBURG, SVERDLOVSKAYA OBLAST', RU. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

08:52:00 WinXP 122.16.149.218 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:08:52:00 WinXP 78.146.56.56 (-):
OPAL TELECOM DSL,
LONDON, ENGLAND, UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 3f8d1c3246
[Firefox: 8 hits: 06-28 to 08-12] none[none] none:none
none|none none none

08:52:00 WinXP 216.79.214.88 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
SLIDELL, LOUISIANA, US. n/a EU:siliconfireware.ru
US:searchportal.information.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
US:208.73.210.32:80
DE:212.227.111.29:80 445 pcap raw alerts
ruleset http
http
http
23 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:462 hits: 01-01 to 08-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

08:54:00 Win2K-f 123.254.8.61 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
[Firefox: 6 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:08:58:00 Win2K-f 122.17.67.97 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

09:01:00 Win2K-f 125.2.32.182 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

09:03:00 WinXP 89.44.23.133 (-):
SC EXPANSION NET SRL,
RO. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
GB:new.egg.com
CA:www.bmo.com
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:462 hits: 01-01 to 08-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

09:15:00 WinXP 78.48.16.197 (HANSENET.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
44 lines Yeah : 1.8
profile none summary
tarball 29 of 36 8d8d5ceddd
NEW none[none] none:none
none|none none none

09:15:00 WinXP 122.17.54.186 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 22 of 36 07ebc59154
[Firefox: 3 hits: 08-04 to 08-12] none[none] none:none
none|none none none

09:31:00 Win2K-f 213.130.4.132 (FARLEP.NET):
FARLEP-INTERNET ISP,
ODESSA, ODES'KA OBLAST, UA. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 19 of 36 299f4329fe
NEW none[none] none:none
none|none none none

T:09:33:00 WinXP 58.88.70.208 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 779f46c6f0
[Firefox: 3 hits: 08-02 to 08-09] none[none] none:none
none|none none none

09:41:00 Win2K-f 211.21.230.12 (CATEYE.COM.TW):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.125:80 135 pcap raw alerts
ruleset http
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
57ce4acac2
[Firefox:110 hits: 06-17 to 08-13]
b5919931fe
[Firefox:306 hits: 06-20 to 08-13] none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:09:43:00 WinXP 149.225.80.189 (UU.NET):
VERIZON DEUTSCHLAND GMBH,
KAMP-LINTFORT, NORDRHEIN-WESTFALEN, DE. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 36 of 36 efdd2fd96a
NEW none[none] none:none
none|none none none

09:59:00 WinXP 58.188.193.190 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 17 of 33 64477225c9
[Firefox: 7 hits: 06-28 to 08-13] none[none] none:none
none|none none none

10:07:00 Win2K-f 85.180.166.85 (ALICEDSL.DE):
HANSENET-ADSL,
FRANKFURT, HESSEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:10:07:00 WinXP 118.108.148.93 (-):
. 210.245.211.11:65520 194.67.23.20:25 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:lolika.cn
RU:mxs.mail.ru
US:gmail-smtp-in.l.google.com
US:gsmtp183.google.com
US:in1.smtp.messagingengine.com
US:mail7.digitalwaves.co.nz
HK:210.245.211.11:65520
US:66.111.4.74:25 445 pcap raw alerts
ruleset irc
http
831 lines Yeah : 0.8
profile none summary
tarball 16 of 35
16 of 36
17 of 35
26 of 36
15 of 36 292767a7ab
NEW
2ac543f1a1
NEW
5ab0a45f63
[Firefox:87 hits: 07-24 to 08-13]
6416a6b4b9
NEW
6f09929002
NEW none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

10:11:00 WinXP 222.144.206.221 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

10:26:00 WinXP 88.14.189.170 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MADRID, MADRID, ES. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 91d75fc99e
NEW none[4] none:none
PolyEnE| none trace

T:10:26:00 WinXP 88.14.189.170 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MADRID, MADRID, ES. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 33 91d75fc99e
NEW none[4] none:none
PolyEnE| none trace

T:10:30:00 Win2K-f 60.254.212.28 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 24 of 36 2a933f091d
[Firefox: 3 hits: 08-04 to 08-13] none[none] none:none
none|none none none

T:10:31:00 Win2K-f 118.19.156.139 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
IL:194.90.224.86:80 445 pcap raw alerts
ruleset ftp
irc
http
174 lines Yeah : 1.8
profile none summary
tarball 19 of 35
34 of 36
17 of 35
26 of 36 37f41fd8ab
[Firefox:72 hits: 07-24 to 08-13]
504ca2961e
[Firefox: 2 hits: 08-13 to 08-13]
5ab0a45f63
[Firefox:87 hits: 07-24 to 08-13]
6416a6b4b9
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

10:33:00 WinXP 118.237.127.29 (-):
. n/a HK:ircd.zief.pl
:wpad 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 0.8
profile none summary
tarball 31 of 32 27b945de66
[Firefox:12 hits: 06-20 to 08-11] none[4] none:none
none|none none trace

T:10:37:00 WinXP 80.80.49.14 (COMPING.HR):
PORTUS,
HR. n/a 445 pcap raw alerts
ruleset ftp
16 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

10:42:00 WinXP 59.146.37.243 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

10:56:00 Win2K-f 92.228.15.82 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

10:57:00 Win2K-f 91.67.148.217 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 33 399a88233f
[Firefox: 8 hits: 06-28 to 08-12] none[none] none:none
none|none none none

T:11:04:00 Win2K-f 217.251.244.25 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com 445 pcap raw alerts
ruleset ftp
irc
http
162 lines Yeah : 1.8
profile none summary
tarball 33 of 36
17 of 35
26 of 36 2c8b5b4576
NEW
5ab0a45f63
[Firefox:87 hits: 07-24 to 08-13]
6416a6b4b9
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

11:15:00 Win2K-f 122.17.67.97 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

11:18:00 WinXP 220.105.154.136 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

11:26:00 WinXP 172.131.236.163 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
139 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
[Firefox:713 hits: 06-18 to 08-13] 73f1082158 [1] ASM:Graph
Armadillo| lines=81 trace

11:27:00 Win2K-f 122.135.104.122 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:11:33:00 Win2K-f 78.52.232.121 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:dl.loloplanet.com 445 pcap raw alerts
ruleset ftp
irc
http
324 lines Yeah : 1.3
profile none summary
tarball 17 of 35
26 of 36
30 of 33 5ab0a45f63
[Firefox:87 hits: 07-24 to 08-13]
6416a6b4b9
NEW
b9b41e58f3
[Firefox: 2 hits: 07-02 to 08-04] none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

11:37:00 Win2K-f 118.19.156.139 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
http
300 lines Yeah : 1.8
profile none summary
tarball 19 of 35
34 of 36
17 of 35
26 of 36 37f41fd8ab
[Firefox:72 hits: 07-24 to 08-13]
504ca2961e
[Firefox: 2 hits: 08-13 to 08-13]
5ab0a45f63
[Firefox:87 hits: 07-24 to 08-13]
6416a6b4b9
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:11:46:00 Win2K-f 98.141.160.7 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

11:48:00 WinXP 122.135.192.112 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.8
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:20 hits: 08-02 to 08-13] none[none] none:none
none|none none none

T:11:50:00 Win2K-f 124.100.28.184 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:11:50:00 WinXP 41.214.162.15 (-):
. 194.54.90.246:80 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:11 hits: 07-28 to 08-13] none[none] none:none
none|none none none

11:51:00 Win2K-f 41.214.162.15 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
7 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:55:00 WinXP 97.93.74.56 (-):
. n/a 135 pcap raw alerts
ruleset other
792 lines Yeah : 1.3
profile none summary
tarball 4 of 36 321f839dba
NEW none[none] none:none
none|none none none

11:57:00 WinXP 85.181.134.242 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:12:00:00 Win2K-f 90.153.116.148 (TELEOS-WEB.DE):
TELEOS GMBH&CO.KG,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 12 of 33 ac164e8362
[Firefox: 8 hits: 06-28 to 07-01] none[none] none:none
none|none none none

T:12:02:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

12:02:00 WinXP 189.29.110.192 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO JOSé DOS CAMPOS, SãO PAULO, BR. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:85 hits: 01-03 to 08-12] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:15:00 WinXP 85.152.121.117 (CM-85-152-106-10.TELECABLE.ES):
TELECABLE,
ES. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 68a76c215f
NEW none[none] none:none
none|none none none

12:34:00 Win2K-f 133.205.237.128 (MESH.AD.JP):
JAPAN NETWORK INFORMATION CENTER,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:12:44:00 Win2K-f 86.134.10.88 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

12:50:00 WinXP 210.3.135.36 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
99 lines Yeah : 1.3
profile none summary
tarball 31 of 33
27 of 32 79a515c871
[Firefox: 3 hits: 06-19 to 07-22]
b71c74380c
[Firefox: 3 hits: 06-19 to 07-22] none[4]
none [4] none:none
none:none
PolyEnE|
PolyEnE| none
none trace
trace

T:12:52:00 WinXP 71.98.5.31 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PORTAGE, WISCONSIN, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80 135 pcap raw alerts
ruleset http
126 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36
0 of 33 04d3700af1
[Firefox: 2 hits: 08-08 to 08-10]
6b338df2df
[Firefox: 2 hits: 08-08 to 08-10]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

12:55:00 Win2K-f 217.248.109.157 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

12:59:00 Win2K-f 63.16.70.22 (UU.NET):
UUNET TECHNOLOGIES INC,
ROANOKE, VIRGINIA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
180 lines Yeah : 1.3
profile none summary
tarball 31 of 33
28 of 32
0 of 32 4d80398b09
[Firefox: 2 hits: 06-28 to 08-06]
9bc67c754e
[Firefox: 2 hits: 06-28 to 08-06]
b5919931fe
[Firefox:306 hits: 06-20 to 08-13] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

12:59:00 Win2K-f 71.108.25.72 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LONG BEACH, CALIFORNIA, US. (DSL) n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 33
0 of 32
31 of 33 277034540e
[Firefox: 3 hits: 07-12 to 08-06]
b5919931fe
[Firefox:306 hits: 06-20 to 08-13]
ea43badccf
[Firefox: 3 hits: 07-12 to 08-06] none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

T:13:08:00 Win2K-f 207.5.166.118 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.126:80
US:207.123.37.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:13:00 Win2K-f 170.51.134.96 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 64.85.160.111:5001 DE:cookie.roltf.ws
DE:213.239.192.125:5001
US:64.85.160.111:5001 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:145 hits: 05-22 to 08-13] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

13:25:00 WinXP 80.4.33.44 (NTL.COM):
HERSHAM,
GRIMSBY, ENGLAND, UK. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 dd02947289
[Firefox: 3 hits: 02-23 to 05-31] 62b3e97bda [0] ASM:Graph
PolyEnE| lines=68 trace

13:31:00 WinXP 159.134.156.55 (EIRCOM.NET):
EIRCOM GROUP PLC,
TRALEE, KERRY, IE. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 27 of 33 b402048f34
[Firefox: 3 hits: 07-05 to 07-26] none[none] none:none
none|none none none

13:47:00 Win2K-f 24.83.88.9 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
a08f3b74a4
[Firefox:454 hits: 06-18 to 08-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:52:00 WinXP 75.177.169.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:323 hits: 12-31 to 08-13] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:14:05:00 WinXP 98.140.228.28 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:07:00 Win2K-f 60.237.177.205 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 15 of 36 b101b8882c
[Firefox:20 hits: 08-02 to 08-13] none[none] none:none
none|none none none

14:15:00 WinXP 85.178.73.48 (ALICEDSL.DE):
HANSENET-ADSL,
BERLIN, BERLIN, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 21 of 36 1c9d8c35b4
NEW none[none] none:none
none|none none none

14:15:00 Win2K-f 24.84.232.228 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
KAMLOOPS, BRITISH COLUMBIA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:22:00 WinXP 71.97.7.235 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
IRVING, TEXAS, US. n/a 135 pcap raw alerts
ruleset other
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:26:00 Win2K-f 118.8.251.248 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

14:27:00 WinXP 70.45.85.250 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
SAN JUAN, PUERTO RICO, PR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:951 hits: 12-31 to 08-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:27:00 WinXP 70.45.85.250 (ONELINKPR.NET):
SAN JUAN CABLE LLC,
SAN JUAN, PUERTO RICO, PR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:951 hits: 12-31 to 08-13] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

14:36:00 WinXP 119.72.20.249 (-):
. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
US:lia.zanet.net
SE:vancouver.dal.net
SE:viking.dal.net
SE:broadway.ny.us.dal.net 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:14:37:00 WinXP 119.72.20.249 (-):
. n/a RU:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org
:los-angeles.ca.us.undernet.org
NL:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
SE:broadway.ny.us.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

14:37:00 WinXP 78.51.74.217 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 30 of 36 0335abce73
NEW none[none] none:none
none|none none none

T:14:54:00 Win2K-f 220.105.154.136 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:14:54:00 Win2K-f 122.221.170.214 (UCOM.NE.JP):
UCOM CORP,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 21 of 33 ffbcbff716
NEW none[none] none:none
none|none none none

T:14:55:00 WinXP 216.180.4.210 (HIWAAY.NET):
HIWAAY NETWORK OPERATIONS,
HUNTSVILLE, ALABAMA, US. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

14:59:00 Win2K-f 24.31.224.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KANSAS CITY, MISSOURI, US. n/a 135 pcap raw alerts
ruleset other
258 lines Yeah : 1.3
profile none summary
tarball 32 of 36 2bc347d52d
[Firefox: 2 hits: 08-04 to 08-09] none[none] none:none
none|none none none

15:01:00 WinXP 124.241.148.64 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:205.128.79.125:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
b7082104e4
[Firefox:83 hits: 06-18 to 08-13] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:15:03:00 Win2K-f 123.254.8.61 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 35 of 36 bfdd1696a0
[Firefox: 6 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:15:13:00 WinXP 4.187.121.126 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FAIR LAWN, NEW JERSEY, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
153 lines Yeah : 1.3
profile none summary
tarball 32 of 36 6e72d6e93e
[Firefox: 2 hits: 08-12 to 08-12] none[none] none:none
none|none none none

T:15:28:00 Win2K-f 122.24.88.242 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 32 of 36 d9109d2fec
[Firefox: 2 hits: 08-09 to 08-10] none[none] none:none
none|none none none

15:31:00 Win2K-f 70.184.208.91 (COX.NET):
COX COMMUNICATIONS,
COUNCIL BLUFFS, IOWA, US. n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
US:208.111.153.215:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 35 of 36
0 of 32
32 of 36 6d0afb2b54
NEW
b5919931fe
[Firefox:306 hits: 06-20 to 08-13]
fbd87f4eaa
NEW none[none]
b5919931fe[1]
none [none] none:none
ASM:Graph
none:none
none|none
ASProtect|
none|none none
lines=90
none none
trace
none

15:32:00 WinXP 71.136.17.68 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 33 73ce2b74da
[Firefox: 5 hits: 06-18 to 08-08]
79c01ec060
[Firefox:16 hits: 06-18 to 08-10]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] 73ce2b74da [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

15:37:00 WinXP 170.51.142.85 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. 213.239.192.125:5001 US:cookie.roltf.ws 445 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball 19 of 32 382279b44f
[Firefox:145 hits: 05-22 to 08-13] 049e62d55b [0] ASM:Graph
Armadillo| lines=192 trace

T:15:59:00 WinXP 88.111.236.237 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

16:00:00 WinXP 80.191.125.139 (-):
ISLAMIC AZAD UNIVERISTY REGION ONE,
SHIRAZ, FARS, IR. n/a 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:05:00 Win2K-f 24.79.73.112 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
HK:proxim.ircgalaxy.pl
US:download.microsoft.com
HK:210.245.211.11:65520
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 35 of 36
33 of 36 3dfd5de2fd
NEW
99d22266b2
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

16:13:00 WinXP 206.171.179.241 (LEMOORENET.COM):
LEMOORE NET,
LEMOORE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:205.128.73.126:80
US:205.128.79.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
a08f3b74a4
[Firefox:454 hits: 06-18 to 08-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:18:00 WinXP 122.25.46.76 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

16:19:00 WinXP 125.192.219.111 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

16:24:00 Win2K-f 130.13.47.41 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 0 of 32 b5919931fe
[Firefox:306 hits: 06-20 to 08-13] b5919931fe [1] ASM:Graph
ASProtect| lines=90 trace

16:43:00 WinXP 122.134.47.112 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:16:47:00 Win2K-f 92.2.198.121 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 12 of 33 0b0c6a7b64
[Firefox: 2 hits: 06-30 to 07-28] none[none] none:none
none|none none none

16:54:00 WinXP 67.121.157.84 (PACBELL.NET):
VALLEY TRANS AUTH,
SAN FRANCISCO, CALIFORNIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
228 lines Yeah : 1.3
profile none summary
tarball 20 of 32 131351dd21
[Firefox:10 hits: 05-22 to 08-12] none[4] none:none
none|none none trace

T:17:05:00 Win2K-f 60.250.79.193 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:12:00 Win2K-f 217.219.108.136 (-):
FASSA UNIVERSITY OF MEDICAL SCIENCES,
SHIRAZ, FARS, IR. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
19 lines Yeah : 1.3
profile none summary
tarball 34 of 36 d76bc20585
NEW none[none] none:none
none|none none none

T:17:15:00 WinXP 119.72.63.152 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 1.8
profile none summary
tarball 34 of 36 f90c4a048e
[Firefox: 2 hits: 08-09 to 08-12] none[none] none:none
none|none none none

T:17:16:00 Win2K-f 75.119.37.79 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
275 lines Yeah : 1.3
profile none summary
tarball 30 of 33 13cfd63045
[Firefox: 3 hits: 06-30 to 08-12] none[none] none:none
none|none none none

17:24:00 Win2K-f 75.16.229.70 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
a08f3b74a4
[Firefox:454 hits: 06-18 to 08-13]
b5919931fe
[Firefox:306 hits: 06-20 to 08-13] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

17:25:00 WinXP 72.228.223.139 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
:www.proxy-socks.net
:wpad
RU:www.bbin.ru
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
3 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:462 hits: 01-01 to 08-13] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:17:37:00 WinXP 75.82.147.241 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:205.128.79.124:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:41:00 Win2K-f 4.84.121.155 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:43:00 WinXP 216.221.200.179 (BBTEL.COM):
BRANDENBURG TELEPHONE COMPANY,
ELIZABETHTOWN, KENTUCKY, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 35 of 36 a042355120
NEW none[none] none:none
none|none none none

17:47:00 WinXP 122.26.19.38 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
56 lines Yeah : 1.8
profile none summary
tarball 25 of 36 e66b7f4416
[Firefox: 2 hits: 08-09 to 08-10] none[none] none:none
none|none none none

17:49:00 WinXP 121.87.23.52 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

17:50:00 WinXP 124.97.153.93 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:17:50:00 WinXP 118.8.198.29 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

17:53:00 Win2K-f 118.105.171.72 (-):
. n/a 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

17:58:00 Win2K-f 125.215.119.90 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

17:58:00 WinXP 119.11.82.159 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 41ffc194ca
NEW none[none] none:none
none|none none none

T:18:03:00 WinXP 60.46.85.16 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
ABIKO, CHIBA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:270 hits: 01-05 to 08-13] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

18:09:00 WinXP 119.72.31.216 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
70 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2a933f091d
[Firefox: 3 hits: 08-04 to 08-13] none[none] none:none
none|none none none

T:18:13:00 Win2K-f 98.140.228.28 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:18:00 Win2K-f 203.136.212.132 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:18:25:00 Win2K-f 202.70.211.127 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

18:27:00 WinXP 202.70.211.207 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
53 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:18:30:00 WinXP 4.136.180.102 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NASHVILLE, TENNESSEE, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
78 lines Yeah : 1.3
profile none summary
tarball 30 of 36 ac391c9d92
NEW none[none] none:none
none|none none none

T:18:38:00 Win2K-f 219.164.42.77 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 4afcb71ac9
NEW none[none] none:none
none|none none none

18:47:00 WinXP 130.13.204.96 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 87.119.200.245:6667 CH:irc.qifort.rr.nu 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.3
profile none summary
tarball 23 of 36 3de9abec19
[Firefox:12 hits: 08-02 to 08-09] none[none] none:none
none|none none none

18:51:00 Win2K-f 88.111.236.237 (AS9105.COM):
TISCALI UK LTD,
STOKE ON TRENT, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

18:52:00 WinXP 60.237.123.239 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

18:54:00 Win2K-f 123.217.126.186 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 35 f9a0fc79b3
[Firefox: 2 hits: 07-29 to 08-04] none[none] none:none
none|none none none

19:08:00 WinXP 76.200.150.190 (SBCGLOBAL.NET):
BRAS44.PLTNCA,
US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:85 hits: 01-08 to 08-13] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

19:11:00 Win2K-f 4.236.126.248 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOKLYN, NEW YORK, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
3 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:19:13:00 WinXP 66.68.234.138 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BROWNSVILLE, TEXAS, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 6e9e655f3c
[Firefox:10 hits: 02-26 to 07-05] fddd4e56b0 [0] ASM:Graph
PolyEnE| lines=68 trace

19:15:00 Win2K-f 211.13.10.5 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:19:25:00 Win2K-f 125.195.43.118 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:19:27:00 WinXP 60.237.229.153 (MESH.AD.JP):
NEC CORPORATION,
KYOTO, KYOTO, JP. n/a 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

19:38:00 WinXP 221.184.63.49 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 22 of 36 e48fdda0af
NEW none[none] none:none
none|none none none

T:19:42:00 WinXP 67.150.8.213 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 32 of 32 92c8e458d8
[Firefox: 4 hits: 02-24 to 08-10] 4ba645ac3a [0] ASM:Graph
none|none lines=62 trace

19:44:00 Win2K-f 64.183.209.202 (RR.COM):
ROAD RUNNER HOLDCO LLC,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:207.123.42.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
b7082104e4
[Firefox:83 hits: 06-18 to 08-13] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:19:44:00 WinXP 203.112.50.239 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 30 of 32 c9825e1fd3
[Firefox: 3 hits: 06-28 to 06-28] none[none] none:none
none|none none none

19:46:00 WinXP 218.249.149.203 (IAPCM.AC.CN):
BEIJING TELETRON TELECOM ENGINEERING CO. LTD,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:207.123.42.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 79c01ec060
[Firefox:16 hits: 06-18 to 08-10]
a08f3b74a4
[Firefox:454 hits: 06-18 to 08-13] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:50:00 Win2K-f 60.237.123.239 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

19:53:00 WinXP 200.100.75.156 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 36 of 36 e253fef35b
NEW none[none] none:none
none|none none none

T:19:54:00 WinXP 200.100.75.156 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 e253fef35b
NEW none[none] none:none
none|none none none

T:19:59:00 Win2K-f 71.79.67.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:03:00 WinXP 70.167.146.38 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 35 of 36
0 of 33
32 of 36 6d0afb2b54
NEW
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13]
fbd87f4eaa
NEW none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

20:05:00 Win2K-f 125.200.234.197 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

20:06:00 WinXP 114.120.92.32 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 32 a3f358bd55
[Firefox: 9 hits: 06-10 to 08-11] none[4] none:none
PolyEnE| none trace

20:10:00 WinXP 74.67.68.250 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ONEONTA, NEW YORK, US. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:20:11:00 WinXP 119.11.41.108 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.8
profile none summary
tarball 15 of 36 20068576aa
NEW none[none] none:none
none|none none none

T:20:14:00 WinXP 60.43.99.252 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

20:17:00 WinXP 68.183.227.101 (DSLEXTREME.COM):
DSL EXTREME,
SAN JOSE, CALIFORNIA, US. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 f290b990cc
NEW none[none] none:none
none|none none none

20:36:00 WinXP 221.171.73.251 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:20:38:00 WinXP 118.236.88.170 (-):
. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 33 of 36 27b37f5223
NEW none[none] none:none
none|none none none

20:40:00 Win2K-f 118.108.20.66 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:20:42:00 Win2K-f 123.254.4.192 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
33 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:20:46:00 Win2K-f 118.6.100.19 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

21:02:00 WinXP 125.215.75.48 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

21:04:00 Win2K-f 118.236.88.170 (-):
. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 33 of 36 27b37f5223
NEW none[none] none:none
none|none none none

21:09:00 WinXP 219.115.232.228 (ZAQ.NE.JP):
KEIHAN CABLE TELEVISION CO. LTD,
JP. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:207.123.42.126:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
[Firefox:11 hits: 06-19 to 08-07]
53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13] 07fabc79ef [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

21:17:00 Win2K-f 69.216.100.174 (AMERITECH.NET):
PPPOX POOL - RBACK5 SFLDMI,
DETROIT, MICHIGAN, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
b5919931fe
[Firefox:306 hits: 06-20 to 08-13]
b7082104e4
[Firefox:83 hits: 06-18 to 08-13] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

T:21:21:00 Win2K-f 63.24.155.250 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

21:34:00 Win2K-f 60.254.233.79 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 34 of 36 2ec33b7d75
NEW none[none] none:none
none|none none none

21:38:00 Win2K-f 123.254.9.235 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:21:42:00 Win2K-f 124.84.159.184 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 23 of 36 5372d8531d
NEW none[none] none:none
none|none none none

21:43:00 WinXP 58.230.192.37 (-):
THRUNET-INFRA-SEOUL03,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.73.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 32
30 of 32
0 of 33 3dffacd270
[Firefox: 6 hits: 06-20 to 08-12]
d5bf17f14e
[Firefox: 6 hits: 06-20 to 08-12]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] 3dffacd270 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=82
none
lines=92 trace
trace
trace

T:21:50:00 WinXP 122.16.3.16 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 34 of 36 e00d7a3df5
NEW none[none] none:none
none|none none none

T:21:58:00 Win2K-f 77.20.109.129 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 29 of 36 82c155322b
[Firefox: 2 hits: 08-01 to 08-02] none[none] none:none
none|none none none

22:02:00 WinXP 219.110.154.201 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:270 hits: 01-05 to 08-13] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:22:08:00 WinXP 4.184.56.80 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.43:80 135 pcap raw alerts
ruleset http
117 lines Yeah : 1.3
profile none summary
tarball 35 of 36
32 of 36 4a81639580
[Firefox: 2 hits: 08-12 to 08-12]
6e72d6e93e
[Firefox: 2 hits: 08-12 to 08-12] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

22:17:00 Win2K-f 60.43.99.252 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:22:19:00 WinXP 75.7.16.97 (SBCGLOBAL.NET):
RBACK5.PLTNCA,
SAN JOSE, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1392 hits: 06-17 to 08-13]
73f1082158
[Firefox:713 hits: 06-18 to 08-13]
e07c29c4ae
[Firefox:239 hits: 06-19 to 08-13] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:22:33:00 Win2K-f 24.79.215.40 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:40:00 Win2K-f 122.52.17.201 (PLDT.NET):
IPG,
PH. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:198.78.201.126:80
US:204.160.104.126:80
US:207.123.47.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
126 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33 16874933ea
[Firefox:31 hits: 06-18 to 08-13]
76ee340669
[Firefox:32 hits: 06-18 to 08-13] 16874933ea [1]
none [4] ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

22:42:00 Win2K-f 61.254.122.18 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:204.160.104.126:80
US:207.123.47.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:87 hits: 06-17 to 08-12]
4c3df24b32
[Firefox:142 hits: 06-17 to 08-13] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:44:00 WinXP 217.248.117.19 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:22:50:00 WinXP 118.108.20.66 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:22:50:00 Win2K-f 122.134.221.119 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

22:53:00 WinXP 61.94.216.78 (TELKOM.NET.ID):
PT. TELEKOMUNIKASI INDONESIA,
MEDAN, SUMATERA UTARA, ID. n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:55:00 Win2K-f 217.248.117.19 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) 67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:452 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:23:00:00 WinXP 114.120.98.253 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:439 hits: 12-31 to 08-13] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:23:07:00 Win2K-f 118.236.155.215 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

23:13:00 WinXP 217.250.178.73 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
20 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

23:16:00 WinXP 114.120.92.18 (-):
. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:11 hits: 07-28 to 08-13] none[none] none:none
none|none none none

23:16:00 WinXP 61.34.136.32 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:204.160.126.126:80
HK:210.245.211.11:65520
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
133 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 9d1c8d89a4
NEW
b57dbae4a3
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:18:00 WinXP 222.146.78.29 (KOMAKI-ONSEN.CO.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

23:24:00 Win2K-f 118.110.100.120 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.8
profile none summary
tarball 15 of 36 2ad2551fda
NEW none[none] none:none
none|none none none

T:23:26:00 Win2K-f 203.112.55.94 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:362 hits: 06-27 to 08-13] none[none] none:none
none|none none none

23:32:00 WinXP 203.112.55.94 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:23:34:00 WinXP 118.110.100.120 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 15 of 36 2ad2551fda
NEW none[none] none:none
none|none none none

23:54:00 WinXP 125.192.189.31 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:449 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:23:55:00 WinXP 125.58.85.7 (-):
. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
93 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 4c3df24b32
[Firefox:142 hits: 06-17 to 08-13]
dbce870f48
[Firefox: 6 hits: 07-03 to 08-04] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

T:23:58:00 WinXP 79.138.134.88 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 4190f16548
NEW none[none] none:none
none|none none none