Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

15 August 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:13:00 WinXP 125.2.32.30 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:00:13:00 Win2K-f 118.7.223.84 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 33 of 36 ac37844088
[Firefox: 3 hits: 08-11 to 08-12] none[none] none:none
none|none none none

00:19:00 WinXP 122.19.63.30 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

00:28:00 WinXP 220.111.105.177 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:00:34:00 WinXP 118.8.163.172 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:00:34:00 WinXP 202.70.211.15 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
48 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:00:41:00 WinXP 220.211.51.198 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 34 of 36 74560ac1c2
[Firefox: 5 hits: 08-02 to 08-10] none[none] none:none
none|none none none

T:00:55:00 WinXP 62.133.129.226 (OSTNET.PL):
OKREGOWA SPOLDZIELNIA TELEFONICZNA W TYCZYNIE,
PL. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball none 4f7de21bc1
NEW none[none] none:none
none|none none none

01:15:00 WinXP 213.177.123.154 (MTS-NN.RU):
NETWORK FOR ADSL CLIENTS,
RU. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

01:33:00 WinXP 122.25.21.98 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball 23 of 35 b13b669243
[Firefox: 3 hits: 07-29 to 08-12] none[none] none:none
none|none none none

01:34:00 WinXP 118.8.163.172 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.8
profile none summary
tarball 8 of 33 b2fae7acd0
[Firefox: 6 hits: 06-28 to 08-14] none[none] none:none
none|none none none

T:01:44:00 WinXP 122.24.246.123 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.8
profile none summary
tarball none 015b4e0fc9
NEW none[none] none:none
none|none none none

T:01:59:00 Win2K-f 61.209.140.249 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
CHITOSE, HOKKAIDO, JP. (DIAL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2a933f091d
[Firefox: 5 hits: 08-04 to 08-14] none[none] none:none
none|none none none

02:10:00 Win2K-f 60.236.72.76 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

02:14:00 Win2K-f 122.132.10.191 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 25 of 33 80205569e9
[Firefox: 4 hits: 06-27 to 08-13] none[none] none:none
none|none none none

T:02:17:00 WinXP 60.254.243.236 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 29 of 33 9ddd6c5e47
[Firefox:11 hits: 06-29 to 08-13] none[none] none:none
none|none none none

T:02:27:00 Win2K-f 78.54.218.53 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

02:30:00 Win2K-f 125.2.32.30 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
29 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:02:34:00 Win2K-f 125.2.32.30 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:02:36:00 WinXP 118.21.114.203 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
21 lines Yeah : 0.8
profile none summary
tarball none 82b7e513bb
NEW none[none] none:none
none|none none none

02:41:00 Win2K-f 75.116.51.119 (-):
ALLTEL SIP CUSTOMERS - PHOENIX,
PHOENIX, ARIZONA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
99 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

02:45:00 WinXP 124.100.178.176 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

02:53:00 WinXP 118.108.36.31 (-):
. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:02:56:00 Win2K-f 210.147.181.183 (MESH.AD.JP):
C&C INTERNET SERVICE MESH(NEC CORPORATION),
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

02:58:00 WinXP 219.98.18.236 (SO-NET.NE.JP):
SO-NET SERVICE,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 34 of 36 94a6b635e8
[Firefox: 3 hits: 08-02 to 08-12] none[none] none:none
none|none none none

02:59:00 WinXP 76.169.138.218 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

02:59:00 Win2K-f 125.215.127.49 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

03:01:00 Win2K-f 91.141.41.13 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:03:07:00 Win2K-f 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.104.126:80
US:205.128.66.124:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:10:00 WinXP 58.236.245.145 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. n/a HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.152:80
US:208.111.148.174:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
87 lines Yeah : 1.3
profile none summary
tarball 0 of 33
none 4c3df24b32
[Firefox:145 hits: 06-17 to 08-14]
6a4845ca11
[Firefox: 7 hits: 06-27 to 08-05] 4c3df24b32 [1]
none [none] ASM:Graph
none:none
Armadillo|
none|none lines=81
none trace
none

03:15:00 WinXP 118.240.0.71 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:03:20:00 Win2K-f 88.134.65.12 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
58 lines Yeah : 1.8
profile none summary
tarball none c7760ab333
NEW none[none] none:none
none|none none none

T:03:22:00 WinXP 88.111.140.49 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:03:31:00 WinXP 123.254.1.55 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

03:48:00 WinXP 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:50:00 Win2K-f 92.4.230.132 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball none 678c91e65f
NEW none[none] none:none
none|none none none

03:56:00 WinXP 78.150.165.254 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

04:01:00 Win2K-f 203.97.123.139 (TELSTRACLEAR.NET):
TELSTRACLEAR CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14]
b7082104e4
[Firefox:86 hits: 06-18 to 08-14] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

T:04:01:00 Win2K-f 122.133.203.8 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:04:08:00 Win2K-f 122.135.27.137 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:04:09:00 WinXP 118.108.36.31 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

04:12:00 WinXP 80.191.115.191 (-):
REGIONAL LIBRARAY OF SCIENCE AND TECHNOLOGY,
SHIRAZ, FARS, IR. n/a EU:siliconfireware.ru
US:searchportal.information.com
GB:new.egg.com
:wpad
US:208.73.210.32:80
DE:212.227.111.29:80
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
2 lines Yeah : 0.8
profile none summary
tarball none 7337e0f9fe
NEW none[none] none:none
none|none none none

T:04:14:00 Win2K-f 125.207.241.11 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:04:15:00 WinXP 78.53.49.76 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
:parex-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none ea1dfb9dc5
NEW none[none] none:none
none|none none none

04:16:00 WinXP 78.53.49.76 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80
HK:210.245.211.11:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none ea1dfb9dc5
NEW none[none] none:none
none|none none none

04:20:00 Win2K-f 78.146.147.110 (-):
OPAL TELECOM DSL,
UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:04:21:00 WinXP 77.20.155.144 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 20 of 33 364d957b43
[Firefox: 2 hits: 06-30 to 08-02] none[none] none:none
none|none none none

T:04:24:00 Win2K-f 119.72.40.3 (-):
. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:194.90.224.86:80
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
http
175 lines Yeah : 1.8
profile none summary
tarball none
19 of 35
17 of 35
29 of 33 288f363f3a
NEW
37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
9ddd6c5e47
[Firefox:11 hits: 06-29 to 08-13] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

04:31:00 WinXP 219.249.4.121 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
irc
1159 lines Yeah : 1.8
profile none summary
tarball 31 of 33
none
19 of 35
17 of 35
0 of 33
33 of 35 168aab35a3
[Firefox:89 hits: 06-17 to 08-14]
288f363f3a
NEW
37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14]
f7738e7352
[Firefox: 3 hits: 07-25 to 08-02] none[4]
none [none]
none [none]
none [none]
e07c29c4ae[1]
none [none] none:none
none:none
none:none
none:none
ASM:Graph
none:none
tElock|
none|none
none|none
none|none
FSG|
none|none none
none
none
none
lines=92
none trace
none
none
none
trace
none

T:04:38:00 WinXP 61.46.141.57 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33
0 of 33 07fabc79ef
[Firefox:12 hits: 06-19 to 08-14]
53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] 07fabc79ef [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

T:04:41:00 Win2K-f 118.8.137.56 (-):
. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:04:41:00 WinXP 61.203.24.56 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
65 lines Yeah : 1.8
profile none summary
tarball 25 of 33 80205569e9
[Firefox: 4 hits: 06-27 to 08-13] none[none] none:none
none|none none none

04:42:00 Win2K-f 125.207.241.11 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

04:43:00 WinXP 88.111.140.49 (AS9105.COM):
TISCALI UK LTD,
MANCHESTER, ENGLAND, UK. (DSL) n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

04:43:00 Win2K-f 130.13.190.138 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.174:80
US:208.111.148.219:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset irc
126 lines Yeah : 1.8
profile none summary
tarball 32 of 33
29 of 32 7f66e51c85
[Firefox: 9 hits: 07-11 to 08-11]
9d12fe9d3b
[Firefox:10 hits: 07-11 to 08-11] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

04:45:00 WinXP 118.236.160.223 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

04:53:00 WinXP 89.114.55.119 (-):
SC FLAMURA I AND N LAN SRL,
RO. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.153.215:80
HK:210.245.211.11:80 135 pcap raw alerts
ruleset http
128 lines Yeah : 1.3
profile none summary
tarball 33 of 35
0 of 33
32 of 35 4113025530
[Firefox: 2 hits: 07-30 to 08-02]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14]
e3ca792d99
[Firefox: 2 hits: 07-30 to 08-02] none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

04:58:00 Win2K-f 211.176.161.36 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:198.78.220.126:80
US:205.128.73.126:80
US:205.128.79.124:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 9d571adc3c
[Firefox: 4 hits: 07-04 to 07-20]
a704164588
[Firefox: 6 hits: 07-04 to 07-20] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:05:01:00 Win2K-f 203.112.61.108 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:05:12:00 WinXP 118.8.103.127 (-):
. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:05:13:00 Win2K-f 79.223.222.103 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:05:16:00 WinXP 123.217.97.99 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:274 hits: 01-05 to 08-14] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

05:16:00 WinXP 71.101.60.42 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WINTER HAVEN, FLORIDA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:18:00 WinXP 122.134.137.155 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball none efccfe9739
NEW none[none] none:none
none|none none none

05:21:00 Win2K-f 80.218.164.32 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 445 pcap raw alerts
ruleset ftp
irc
http
204 lines Yeah : 1.8
profile none summary
tarball none
19 of 35
17 of 35
31 of 33 288f363f3a
NEW
37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
b4a43d2c1c
[Firefox: 4 hits: 06-30 to 08-14] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:05:28:00 WinXP 60.236.183.181 (MESH.AD.JP):
NEC CORPORATION,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
71 lines Yeah : 1.8
profile none summary
tarball 15 of 36 2ad2551fda
[Firefox: 2 hits: 08-14 to 08-14] none[none] none:none
none|none none none

05:37:00 Win2K-f 123.204.5.48 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
HK:210.245.211.11:65520
DE:85.114.141.207:80 445 pcap raw alerts
ruleset irc
http
12 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35 37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

05:37:00 Win2K-f 220.46.8.9 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
OSAKA, OSAKA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
[Firefox:12 hits: 06-19 to 08-14]
53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14] 07fabc79ef [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:05:40:00 WinXP 65.184.28.105 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:207.123.42.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:46:00 WinXP 85.204.196.190 (ANDRONET.RO):
SC IMAGE MEDIA COMMUNICATION SRL,
BUCHAREST, BUCURESTI, RO. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4190f16548
NEW none[none] none:none
none|none none none

T:05:46:00 Win2K-f 122.134.242.68 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:05:55:00 WinXP 119.11.73.184 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 1.8
profile none summary
tarball 24 of 36 2d48e6fd7e
NEW none[none] none:none
none|none none none

05:57:00 WinXP 78.146.196.164 (-):
OPAL TELECOM DSL,
UK. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 32 of 33 3f8d1c3246
[Firefox: 9 hits: 06-28 to 08-14] none[none] none:none
none|none none none

05:58:00 WinXP 58.95.172.188 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

06:03:00 WinXP 123.254.6.111 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:06:04:00 Win2K-f 118.0.107.219 (-):
. 210.245.211.11:65520 HK:proxima.ircgalaxy.pl
DE:dl2.teenpassage.com
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com 445 pcap raw alerts
ruleset ftp
irc
http
199 lines Yeah : 1.8
profile none summary
tarball none
19 of 35
17 of 35
34 of 36 288f363f3a
NEW
37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
fd7526a245
[Firefox: 2 hits: 08-10 to 08-13] none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

06:08:00 Win2K-f 91.66.34.134 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

06:11:00 WinXP 220.156.13.13 (HI-HO.NE.JP):
INTERNET INITIATIVE JAPAN INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:274 hits: 01-05 to 08-14] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

06:18:00 WinXP 58.232.145.152 (-):
THRUNET-INFRA-GANGWON05,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball none f29d7b9653
NEW none[none] none:none
none|none none none

06:19:00 Win2K-f 211.189.200.174 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none d83f7ef6b1
NEW none[none] none:none
none|none none none

06:21:00 Win2K-f 116.80.50.139 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball none 3efed4870c
NEW none[none] none:none
none|none none none

T:06:23:00 WinXP 124.60.67.87 (-):
POWERCOM,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 0350d9bd86
NEW none[none] none:none
none|none none none

T:06:24:00 Win2K-f 89.137.250.246 (-):
ASTRAL FOCSANI DOCSIS NETWORK,
RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none e362f1c062
NEW none[none] none:none
none|none none none

T:06:26:00 WinXP 221.124.70.50 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none b3ce57c019
NEW none[none] none:none
none|none none none

T:06:27:00 WinXP 211.208.109.37 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
NEW none[none] none:none
none|none none none

06:27:00 Win2K-f 119.149.118.95 (-):
. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball none 9d5d0ad83c
NEW none[none] none:none
none|none none none

T:06:29:00 Win2K-f 82.114.227.230 (-):
NEW GAMMA TELECOM LTD,
NICOSIA, NICOSIA, CY. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:06:32:00 Win2K-f 211.110.99.125 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 74c6c141d8
NEW none[none] none:none
none|none none none

T:06:37:00 WinXP 211.37.59.103 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 25 of 35 7377a34aeb
[Firefox: 7 hits: 07-27 to 08-01] none[none] none:none
none|none none none

06:39:00 WinXP 85.112.100.23 (DN.RU):
CENTAUR TELECOM IP ADDRESS BLOCK,
RU. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

06:44:00 WinXP 122.53.182.156 (PLDT.NET):
IPG,
PH. n/a 135 pcap raw alerts
ruleset other
180 lines Yeah : 1.3
profile none summary
tarball none c4042a9d37
NEW none[none] none:none
none|none none none

06:45:00 WinXP 77.20.209.182 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball none 197b4897ab
NEW none[none] none:none
none|none none none

06:47:00 Win2K-f 211.173.171.94 (-):
CJ CABLENET PUKINCHEON BROADCASTING CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none aea439b630
NEW none[none] none:none
none|none none none

T:06:52:00 Win2K-f 82.122.121.214 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

06:53:00 Win2K-f 121.53.14.133 (-):
DREAMX,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

T:06:57:00 WinXP 88.31.134.233 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 6b85e4ac22
NEW none[none] none:none
none|none none none

T:06:58:00 Win2K-f 58.235.11.223 (-):
THRUNET-INFRA-BUSAN15,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 26 of 35 50649fc087
[Firefox: 3 hits: 07-29 to 07-29] none[none] none:none
none|none none none

06:58:00 WinXP 83.201.242.70 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
LYON, RHONE-ALPES, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 25 of 36 bcae797d03
NEW none[none] none:none
none|none none none

06:59:00 Win2K-f 58.229.108.122 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

T:07:08:00 WinXP 121.53.14.133 (-):
DREAMX,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

T:07:08:00 WinXP 58.233.71.32 (-):
THRUNET-INFRA-SEOUL14,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none f1b627b451
NEW none[none] none:none
none|none none none

07:09:00 WinXP 122.42.15.102 (-):
POWERCOMM,
KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
125 lines Yeah : 1.3
profile none summary
tarball 30 of 32
0 of 33
30 of 33 2949152a24
[Firefox: 5 hits: 07-02 to 07-26]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14]
f1a10a0d85
[Firefox: 5 hits: 07-02 to 07-26] none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

T:07:15:00 WinXP 61.17.198.93 (VSNL.NET.IN):
VIDESH SANCHAR NIGAM LTD - INDIA,
PUNE, MAHARASHTRA, IN. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 1.3
profile none summary
tarball 26 of 35 50649fc087
[Firefox: 3 hits: 07-29 to 07-29] none[none] none:none
none|none none none

T:07:20:00 Win2K-f 172.163.229.197 (AOL.COM):
AMERICA ONLINE,
US. n/a 135 pcap raw alerts
ruleset other
197 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 6d86a1ff5a
[Firefox:32 hits: 06-25 to 08-13]
7f6e032fc0
[Firefox:32 hits: 06-25 to 08-13] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

07:27:00 Win2K-f 82.122.121.214 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

07:29:00 WinXP 219.249.110.119 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
70 lines Yeah : 1.3
profile none summary
tarball 29 of 36 74c6c141d8
NEW none[none] none:none
none|none none none

T:07:29:00 Win2K-f 219.249.110.119 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 74c6c141d8
NEW none[none] none:none
none|none none none

T:07:32:00 Win2K-f 221.124.92.172 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

07:34:00 Win2K-f 61.100.101.241 (KRLINE.NET):
KRNIC,
KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

07:48:00 Win2K-f 123.254.0.35 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball none bf34497bd8
NEW none[none] none:none
none|none none none

T:07:48:00 Win2K-f 122.27.16.167 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 31 of 33 b333d29ff7
[Firefox: 8 hits: 06-29 to 08-14] none[none] none:none
none|none none none

T:07:53:00 WinXP 219.248.46.157 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
NEW none[none] none:none
none|none none none

07:53:00 Win2K-f 89.137.146.2 (-):
ASTRAL MIERCUREA-CIUC DOCSIS NETWORK,
RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball none d142a982d2
NEW none[none] none:none
none|none none none

T:07:57:00 WinXP 118.240.119.71 (-):
. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:08:01:00 WinXP 200.127.42.47 (NET.AR):
PRIMA S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:15 hits: 07-28 to 08-14] none[none] none:none
none|none none none

08:03:00 Win2K-f 118.0.172.129 (-):
. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 23 of 33 7a321d0141
NEW none[none] none:none
none|none none none

08:08:00 Win2K-f 58.127.246.56 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 7377a34aeb
[Firefox: 7 hits: 07-27 to 08-01] none[none] none:none
none|none none none

08:17:00 Win2K-f 71.136.17.66 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 135 pcap raw alerts
ruleset http
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33
0 of 32 73ce2b74da
[Firefox: 6 hits: 06-18 to 08-14]
79c01ec060
[Firefox:18 hits: 06-18 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] 73ce2b74da [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

T:08:20:00 Win2K-f 208.105.172.35 (-):
. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:26:00 WinXP 218.239.208.153 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none d2bdc206b6
NEW none[none] none:none
none|none none none

T:08:27:00 WinXP 221.171.207.225 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:08:27:00 WinXP 218.239.208.153 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6668 HK:proxima.ircgalaxy.pl
HK:210.245.211.11:65520
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball none d2bdc206b6
NEW none[none] none:none
none|none none none

08:28:00 WinXP 83.233.40.48 (-):
BREDBAND2 - KISTA,
KISTA, STOCKHOLM, SE. n/a 445 pcap raw alerts
ruleset other
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

08:37:00 WinXP 85.23.33.119 (SUOMI.NET):
OULU TELEPHONE COMPANY,
OULU, OULUN LAANI, FI. n/a RU:moscow-advokat.ru
AT:graz.at.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:445 hits: 12-31 to 08-14] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

08:40:00 Win2K-f 221.244.134.59 (UCOM.NE.JP):
N-OS,
JP. (100Mbps) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:21 hits: 07-13 to 08-13] none[none] none:none
none|none none none

T:08:42:00 WinXP 88.100.70.18 (IOL.CZ):
XDSL NETWORK-ADSL,
PRAGUE, HLAVNI MESTO PRAHA, CZ. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

T:08:43:00 Win2K-f 125.195.106.45 (MESH.AD.JP):
NEC CORPORATION,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

08:44:00 WinXP 98.140.228.28 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

08:45:00 Win2K-f 88.186.44.130 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:105 hits: 07-13 to 08-02] none[none] none:none
none|none none none

T:09:08:00 Win2K-f 90.23.100.222 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
ROUEN, HAUTE-NORMANDIE, FR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball none af222ae6db
NEW none[none] none:none
none|none none none

09:11:00 Win2K-f 122.26.222.72 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:09:18:00 WinXP 98.141.160.48 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

09:22:00 Win2K-f 118.109.64.201 (-):
. n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 31 of 33 a666364b88
[Firefox: 5 hits: 06-28 to 08-14] none[none] none:none
none|none none none

09:28:00 Win2K-f 62.198.219.63 (DSL.TELIANET.DK):
TELIANET,
DK. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:30:00 WinXP 125.173.57.17 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. 67.149.121.39:12351 HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.8
profile none summary
tarball 13 of 33 070ee4dae5
NEW none[none] none:none
none|none none none

09:33:00 WinXP 122.29.72.128 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 30 of 36 005226ccd5
[Firefox: 5 hits: 08-09 to 08-12] none[none] none:none
none|none none none

09:35:00 Win2K-f 211.9.154.197 (POINT.NE.JP):
DREAM TRAIN INTERNET INC,
TOKYO, TOKYO, JP. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 35 1be9d03a2b
[Firefox: 3 hits: 07-29 to 08-01] none[none] none:none
none|none none none

T:09:46:00 WinXP 79.119.0.28 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball none aa268ff3a9
NEW none[none] none:none
none|none none none

09:52:00 WinXP 122.24.57.39 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a HK:proxima.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 31 of 33 aa346f4557
[Firefox: 6 hits: 06-27 to 08-11] none[none] none:none
none|none none none

T:09:52:00 WinXP 79.223.217.241 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:09:53:00 WinXP 210.218.187.90 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

T:09:59:00 Win2K-f 59.190.176.106 (EONET.NE.JP):
K-OPTICOM CORPORATION,
JP. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball none f79a65da67
NEW none[none] none:none
none|none none none

09:59:00 WinXP 58.226.150.155 (HANANET.NET):
HANARO TELECOM INC,
KR. (DSL) 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball none ea39b7911d
NEW none[none] none:none
none|none none none

10:05:00 WinXP 125.215.98.148 (PIKARA.NE.JP):
PIKARA(STNET INCORPORATED),
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:10:08:00 Win2K-f 91.141.99.214 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. n/a 445 pcap raw alerts
ruleset ftp
25 lines Yeah : 1.3
profile none summary
tarball none 340a3e4455
NEW none[none] none:none
none|none none none

10:22:00 Win2K-f 210.218.187.90 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

10:23:00 WinXP 207.5.166.118 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:10:24:00 Win2K-f 88.109.143.203 (AS9105.COM):
TISCALI UK LTD,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:10:32:00 Win2K-f 88.172.54.241 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none cf3907c290
NEW none[none] none:none
none|none none none

10:33:00 WinXP 217.184.77.132 (MEDIAWAYS.NET):
VARIOUS ONLINE SERVICES,
DE. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:86 hits: 01-08 to 08-14] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

10:35:00 WinXP 99.170.21.97 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.15:80
US:208.111.148.23:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

10:36:00 Win2K-f 83.255.74.174 (COMHEM.SE):
COMHEM,
ÖSTERSUND, JAMTLANDS, SE. n/a HK:proxim.ircgalaxy.pl
US:chat-shqip.org
US:w3bs.chat-shqip.org
HK:210.245.211.11:65520
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball none 5362d6786b
NEW none[none] none:none
none|none none none

T:10:40:00 Win2K-f 24.109.219.171 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none a192ed7557
NEW none[none] none:none
none|none none none

T:10:41:00 WinXP 82.248.32.83 (PROXAD.NET):
PROXAD / FREE SAS,
CANNES, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 68a1859771
[Firefox: 2 hits: 08-13 to 08-13] none[none] none:none
none|none none none

T:10:42:00 WinXP 218.43.39.159 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. 67.149.121.39:13001 HK:proxim.ircgalaxy.pl
US:chat-shqip.org
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 1.8
profile none summary
tarball none 18b4add648
NEW none[none] none:none
none|none none none

T:10:43:00 WinXP 62.198.219.63 (DSL.TELIANET.DK):
TELIANET,
DK. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball none 9d5d0ad83c
NEW none[none] none:none
none|none none none

10:43:00 Win2K-f 60.254.202.226 (EMOBILE.AD.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball none 8896acc1fb
NEW none[none] none:none
none|none none none

10:43:00 WinXP 125.200.83.31 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:10:52:00 WinXP 78.148.35.46 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. 67.149.121.39:13001 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
69 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

11:00:00 Win2K-f 88.107.228.77 (AS9105.COM):
TISCALI UK LTD,
SHEFFIELD, ENGLAND, UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none b3ce57c019
NEW none[none] none:none
none|none none none

11:02:00 WinXP 68.114.152.65 (CHARTER.COM):
CHARTER COMMUNICATIONS,
RINGGOLD, GEORGIA, US. 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
:wpad
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a219ed3aeb
[Firefox:14 hits: 08-02 to 08-14] none[none] none:none
none|none none none

T:11:08:00 Win2K-f 75.16.32.51 (SBCGLOBAL.NET):
RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.126:80 135 pcap raw alerts
ruleset http
317 lines Yeah : 1.3
profile none summary
tarball none
none
0 of 32 2a37359775
NEW
74a2328dae
NEW
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:11:19:00 Win2K-f 118.161.193.218 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 20 of 32 f12583a6d2
[Firefox:105 hits: 07-13 to 08-02] none[none] none:none
none|none none none

11:23:00 Win2K-f 79.119.0.28 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:31:00 WinXP 61.218.134.125 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

11:41:00 Win2K-f 78.148.35.46 (OPALTELECOM.NET):
OPAL TELECOMMUNICATIONS INTERNET SERVICE PROVIDER,
UK. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:11:43:00 WinXP 213.94.132.145 (EIRCOM.NET):
EIRCOM LTD,
DUBLIN, DUBLIN, IE. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.110.125:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
92 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:44:00 Win2K-f 72.139.83.96 (ROGERS.COM):
ROGERS CABLE INC. FLFRD,
TORONTO, ONTARIO, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

11:44:00 Win2K-f 91.66.127.210 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 23 of 33 d91d29e04d
[Firefox: 7 hits: 07-01 to 08-13] none[none] none:none
none|none none none

T:11:48:00 Win2K-f 76.244.176.42 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

11:50:00 WinXP 218.37.70.173 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

11:55:00 Win2K-f 88.100.70.18 (IOL.CZ):
XDSL NETWORK-ADSL,
PRAGUE, HLAVNI MESTO PRAHA, CZ. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

11:57:00 Win2K-f 118.8.198.29 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:11:59:00 Win2K-f 218.210.252.208 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:207.123.37.125:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:00:00 Win2K-f 118.240.118.31 (-):
. n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

12:01:00 WinXP 12.227.134.155 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
BILLINGS, MONTANA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:58 hits: 01-14 to 08-14] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:12:01:00 WinXP 12.227.134.155 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
BILLINGS, MONTANA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:58 hits: 01-14 to 08-14] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

12:04:00 WinXP 118.0.107.219 (-):
. n/a 445 pcap raw alerts
ruleset other
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:04:00 WinXP 124.241.148.64 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 72.10.172.211:8080 :xx.nadnadzz.info
CA:xx.ka3ek.com
CA:zonetech.info
CA:alwayssam.com
US:130.107.213.117:33839
CA:72.10.166.195:80 135 pcap raw alerts
ruleset irc
http
248 lines Yeah : 1.8
profile none summary
tarball 26 of 33
16 of 36
14 of 36
18 of 36 2595d6e010
[Firefox: 2 hits: 06-19 to 06-21]
78e31db533
NEW
9b09258622
[Firefox: 8 hits: 08-05 to 08-13]
d5a5e9f7a9
NEW none[4]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none trace
none
none
none

T:12:14:00 WinXP 218.37.70.173 (-):
HANVITINB-INFRA,
SEOUL, KYONGGI-DO, KR. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball none 94156f67b0
NEW none[none] none:none
none|none none none

12:16:00 WinXP 4.244.57.25 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ST. LOUIS, MISSOURI, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:953 hits: 12-31 to 08-14] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

12:21:00 Win2K-f 58.78.36.4 (-):
POW-HFC-GOYANG,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.148.69:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 09c3d90250
NEW
8f34a39070
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

12:21:00 WinXP 221.171.207.225 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
89 lines Yeah : 1.8
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:12:23:00 Win2K-f 88.107.228.77 (AS9105.COM):
TISCALI UK LTD,
SHEFFIELD, ENGLAND, UK. (DSL) 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball none b3ce57c019
NEW none[none] none:none
none|none none none

T:12:26:00 WinXP 24.108.154.152 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 194.54.90.246:80 HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 35 dbbc586732
[Firefox:15 hits: 07-28 to 08-14] none[none] none:none
none|none none none

12:39:00 Win2K-f 62.227.81.140 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9776cda2f1
[Firefox: 2 hits: 08-02 to 08-02] none[none] none:none
none|none none none

13:02:00 Win2K-f 83.38.211.251 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
ES. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

T:13:05:00 Win2K-f 118.219.237.248 (-):
. n/a US:microsoft.com
HK:proxima.ircgalaxy.pl
US:download.microsoft.com
US:192.221.110.126:80
US:207.123.37.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 34 of 36
31 of 33 0f7b6b4c31
NEW
168aab35a3
[Firefox:89 hits: 06-17 to 08-14] none[none]
none [4] none:none
none:none
none|none
tElock| none
none none
trace

13:13:00 Win2K-f 217.114.235.24 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

13:19:00 WinXP 89.240.198.55 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
UK. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
42 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:13:25:00 Win2K-f 66.239.207.93 (XO.NET):
XO COMMUNICATIONS,
US. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

T:13:28:00 WinXP 86.208.237.82 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
REIMS, CHAMPAGNE-ARDENNE, FR. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 1.3
profile none summary
tarball none aa268ff3a9
NEW none[none] none:none
none|none none none

13:29:00 Win2K-f 85.180.177.236 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

13:32:00 WinXP 66.239.207.93 (XO.NET):
XO COMMUNICATIONS,
US. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 26 of 35 89d021262b
[Firefox: 2 hits: 07-29 to 07-29] none[none] none:none
none|none none none

13:37:00 WinXP 70.236.11.195 (AMERITECH.NET):
PPPOX POOL - RBACK2.IPLTIN,
INDIANAPOLIS, INDIANA, US. (DIAL) n/a RU:moscow-advokat.ru
:brussels.be.eu.undernet.org
RU:irc.tsk.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 1.3
profile none summary
tarball 29 of 29 492957db81
[Firefox:14 hits: 01-01 to 08-14] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

T:13:38:00 WinXP 70.236.11.195 (AMERITECH.NET):
PPPOX POOL - RBACK2.IPLTIN,
INDIANAPOLIS, INDIANA, US. (DIAL) n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
:brussels.be.eu.undernet.org
:irc.kar.net
NL:london.uk.eu.undernet.org
:caen.fr.eu.undernet.org
US:lia.zanet.net
:washington.dc.us.undernet.org
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
[Firefox:14 hits: 01-01 to 08-14] 064e4d7742 [0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

13:39:00 Win2K-f 130.13.39.99 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 36 74c6c141d8
NEW none[none] none:none
none|none none none

13:41:00 WinXP 75.181.169.11 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 eec7cce07c
NEW none[none] none:none
none|none none none

T:13:41:00 WinXP 75.181.169.11 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 eec7cce07c
NEW none[none] none:none
none|none none none

13:41:00 Win2K-f 69.232.234.92 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:13:46:00 Win2K-f 210.233.204.62 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:49:00 Win2K-f 59.147.56.38 (SO-NET.NE.JP):
SO-NET SERVICE,
JP. n/a 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 26 of 33 ca15c09536
[Firefox:501 hits: 06-27 to 08-14] none[none] none:none
none|none none none

13:51:00 WinXP 74.71.91.76 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EAST SYRACUSE, NEW YORK, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
EU:ebookfinaltrash.ru
:wpad
GB:welcome3.smile.co.uk
US:208.73.210.32:80
DE:212.227.111.29:80
DE:217.11.54.126:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:465 hits: 01-01 to 08-14] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:13:52:00 WinXP 78.54.218.135 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball none 13e3354e9e
NEW none[none] none:none
none|none none none

T:13:52:00 WinXP 24.160.200.22 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:274 hits: 01-05 to 08-14] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:13:56:00 Win2K-f 58.78.36.4 (-):
POW-HFC-GOYANG,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:208.111.153.236:80
US:208.111.173.16:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
124 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 09c3d90250
NEW
8f34a39070
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

14:05:00 WinXP 92.114.175.37 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a HK:proxim.ircgalaxy.pl
UA:citi-bank.ru
HK:210.245.211.11:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 dae77d66f3
[Firefox:10 hits: 07-08 to 08-12] none[none] none:none
none|none none none

T:14:15:00 WinXP 70.63.253.82 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FLORENCE, SOUTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80
US:208.111.148.247:80 135 pcap raw alerts
ruleset other
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
2 of 32 607b60ad51
[Firefox:17 hits: 06-20 to 08-13]
e5c7bce70e
[Firefox:17 hits: 06-20 to 08-13] none[4]
e5c7bce70e[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:19:00 Win2K-f 61.218.192.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
57ce4acac2
[Firefox:113 hits: 06-17 to 08-14] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:21:00 WinXP 87.205.182.161 (INETIA.PL):
INTERNETIA,
PL. (DSL) 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 21 of 33 e286d9e6a9
[Firefox:21 hits: 07-13 to 08-13] none[none] none:none
none|none none none

14:25:00 Win2K-f 61.218.134.125 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

14:27:00 WinXP 208.222.44.174 (WHEATSTATE.COM):
NETWORK TOOL AND DIE COMPANY,
CHANUTE, KANSAS, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 393d3a40db
[Firefox: 4 hits: 02-14 to 06-17] 8a0ff8065a [0] ASM:Graph
PolyEnE| lines=76 trace

14:28:00 WinXP 119.11.65.23 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
26 lines Yeah : 1.3
profile none summary
tarball 26 of 36 a1c4322921
NEW none[none] none:none
none|none none none

14:29:00 Win2K-f 88.134.238.91 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BEXBACH, SAARLAND, DE. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
28 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:14:40:00 Win2K-f 92.2.92.87 (-):
CARPHONE WAREHOUSE BROADBAND SERVICES,
UK. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:80 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball none 0cfaacf2dc
NEW none[none] none:none
none|none none none

T:14:41:00 WinXP 61.218.134.125 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 63.173.172.98:6667
US:63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

14:46:00 WinXP 70.182.92.124 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.99.124:80
US:198.78.201.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

14:55:00 Win2K-f 115.131.4.198 (-):
. n/a 445 pcap raw alerts
ruleset ftp
24 lines Yeah : 1.3
profile none summary
tarball 30 of 33 c4fe07012a
[Firefox: 4 hits: 06-30 to 07-01] none[none] none:none
none|none none none

T:15:01:00 WinXP 195.249.212.140 (RAS.TELE.DK):
TELEDANMARK-DIAL-UP-USERS,
SLAGELSE, VESTSJALLAND, DK. (100Mbps) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:953 hits: 12-31 to 08-14] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:08:00 WinXP 66.68.207.124 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MCALLEN, TEXAS, US. n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru 445 pcap raw alerts
ruleset http
http
11 lines Yeah : 0.8
profile none summary
tarball 29 of 29
none a12cab51ef
[Firefox:465 hits: 01-01 to 08-14]
ea39c3278f
NEW 40f7f463c4 [0]
none [none] ASM:Graph
none:none
ASPack|
none|none lines=281
embedded dns
none trace
none

T:15:15:00 Win2K-f 85.181.142.45 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 67.149.121.39:12351 US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:15:22:00 Win2K-f 122.146.226.141 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:24:00 WinXP 71.109.128.44 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CAMARILLO, CALIFORNIA, US. (DSL) n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 33
31 of 33 277034540e
[Firefox: 4 hits: 07-12 to 08-14]
ea43badccf
[Firefox: 4 hits: 07-12 to 08-14] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

15:27:00 WinXP 75.30.127.94 (SBCGLOBAL.NET):
PPPOX POOL - RBACK35.IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

15:34:00 Win2K-f 118.236.133.39 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:15:41:00 WinXP 79.138.128.169 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:445 hits: 12-31 to 08-14] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

15:50:00 WinXP 70.118.225.133 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LAKELAND, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.115:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

15:54:00 Win2K-f 80.225.174.164 (TISCALI.COM):
TELINCO-DIALPOOL,
LEEDS, ENGLAND, UK. (DIAL) n/a 445 pcap raw alerts
ruleset other
22 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:08:00 WinXP 123.224.202.6 (OCN.NE.JP):
NTT COMMUNICATIONS CORPORATION,
TOKYO, TOKYO, JP. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

16:17:00 Win2K-f 217.229.239.104 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
SAARBRUCKEN, SAARLAND, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b6b69f1052
[Firefox: 2 hits: 08-04 to 08-07] none[none] none:none
none|none none none

T:16:26:00 WinXP 75.16.228.74 (SBCGLOBAL.NET):
PPPOX POOL - RBACK3.KNTPIN,
EVANSVILLE, INDIANA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:16:45:00 Win2K-f 70.60.120.109 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

16:51:00 WinXP 70.182.79.231 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com
HK:proxim.ircgalaxy.pl
US:192.221.108.126:80
US:199.93.53.125:80
US:205.128.73.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 33 of 33
32 of 36 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
bea8cb1865
NEW none[4]
none [none] none:none
none:none
tElock|
none|none none
none trace
none

T:16:56:00 WinXP 118.108.36.200 (-):
. 67.149.121.39:13001 US:chat-shqip.org 445 pcap raw alerts
ruleset ftp
irc
50 lines Yeah : 1.8
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

16:58:00 WinXP 67.0.21.190 (QWEST.NET):
QWEST COMMUNICATIONS CORPORATION,
COUNCIL BLUFFS, IOWA, US. (DIAL) n/a EU:siliconfireware.ru
US:searchportal.information.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
US:www.counterdata.com
DE:m1.webstats.motigo.com
US:208.73.210.32:80
US:67.15.211.9:80
US:72.29.65.216:80 445 pcap raw alerts
ruleset http
http
169 lines Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:36 hits: 01-02 to 08-07] none[3] none:none
ASPack| none trace

17:03:00 Win2K-f 172.191.68.222 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.226:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:10:00 WinXP 4.240.24.208 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 135 pcap raw alerts
ruleset http
107 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:11:00 Win2K-f 4.240.24.208 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
127 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

17:20:00 WinXP 123.212.80.186 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:192.221.110.125:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32
0 of 33 8a75955033
[Firefox:19 hits: 06-20 to 08-14]
9276c8b36b
[Firefox:19 hits: 06-20 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
9276c8b36b[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

17:29:00 WinXP 114.120.57.171 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:445 hits: 12-31 to 08-14] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

17:33:00 Win2K-f 76.172.88.166 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHULA VISTA, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:69.28.178.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:34:00 WinXP 116.0.207.246 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:274 hits: 01-05 to 08-14] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

17:45:00 WinXP 70.61.191.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GROVE CITY, OHIO, US. n/a HK:proxim.ircgalaxy.pl
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
440 lines Yeah : 1.3
profile none summary
tarball none c26558ceba
NEW none[none] none:none
none|none none none

17:59:00 WinXP 75.177.83.27 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WINSTON SALEM, NORTH CAROLINA, US. n/a RU:moscow-advokat.ru
:washington.dc.us.undernet.org
SE:coins.dal.net
:flanders.be.eu.undernet.org
SE:vancouver.dal.net
SE:broadway.ny.us.dal.net
NL:london.uk.eu.undernet.org
SE:ced.dal.net
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:445 hits: 12-31 to 08-14] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

18:07:00 Win2K-f 220.102.66.41 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 21 of 36 c4e2f8b58f
NEW none[none] none:none
none|none none none

18:16:00 WinXP 118.15.156.189 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 20 of 33 17739a55ad
[Firefox:375 hits: 06-27 to 08-14] none[none] none:none
none|none none none

T:18:17:00 Win2K-f 119.94.61.96 (-):
. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.108.126:80
US:199.93.44.124:80
US:204.160.104.126:80
HK:210.245.211.11:65520 135 pcap raw alerts
ruleset other
94 lines Yeah : 1.3
profile none summary
tarball 31 of 33
none 56a3822608
[Firefox: 6 hits: 07-05 to 08-10]
c0b5f90b41
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

18:17:00 WinXP 70.79.108.56 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
789 lines Yeah : 1.3
profile none summary
tarball none c4c5a56ffe
NEW none[none] none:none
none|none none none

T:18:22:00 WinXP 4.230.27.9 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HOUSTON, TEXAS, US. (DIAL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 c05385e600
[Firefox:11 hits: 01-20 to 07-25] 6a383b021d [0] ASM:Graph
PolyEnE| lines=68 trace

18:52:00 Win2K-f 98.141.163.233 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

18:56:00 WinXP 118.108.36.200 (-):
. n/a US:chat-shqip.org
US:w3bs.chat-shqip.org
US:67.149.121.39:12351
US:67.149.121.39:13001 445 pcap raw alerts
ruleset ftp
27 lines Yeah : 1.3
profile none summary
tarball 10 of 33 d2c26e07fd
[Firefox:483 hits: 06-27 to 08-14] none[none] none:none
none|none none none

18:56:00 WinXP 210.163.59.66 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 63.173.172.98:6667 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 1.3
profile none summary
tarball 25 of 36 7c2b50c774
[Firefox: 3 hits: 08-01 to 08-02] none[none] none:none
none|none none none

18:59:00 WinXP 210.233.204.62 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.247:80
US:208.111.148.254:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
[Firefox:11 hits: 06-19 to 08-10]
79c01ec060
[Firefox:18 hits: 06-18 to 08-14] 3ed16ae12d [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:19:08:00 WinXP 12.73.220.112 (ATT.NET):
AT&T WORLDNET SERVICES,
CHICAGO, ILLINOIS, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:326 hits: 12-31 to 08-14] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:19:09:00 WinXP 218.218.169.214 (ODN.AD.JP):
OPEN DATA NETWORK(JAPAN TELECOM CO. LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

19:11:00 Win2K-f 66.16.121.130 (CAVTEL.NET):
CAVALIER TELEPHONE,
BALTIMORE, MARYLAND, US. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:19:16:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:17:00 Win2K-f 75.51.95.69 (SBCGLOBAL.NET):
PPPOX POOL - BRAS16 LSANCA,
US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14]
b5919931fe
[Firefox:313 hits: 06-20 to 08-14] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

19:24:00 WinXP 88.172.54.241 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 63.173.172.98:6668
US:63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball none cf3907c290
NEW none[none] none:none
none|none none none

19:35:00 WinXP 124.206.104.251 (IAPCM.AC.CN):
BEIJING TELETRON TELECOM ENGINEERING CO. LTD,
BEIJING, GUANGDONG, CN. 63.173.172.98:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball none ec6ee3215f
NEW none[none] none:none
none|none none none

T:19:59:00 WinXP 24.195.233.174 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:207.123.42.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:09:00 WinXP 114.120.2.176 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:445 hits: 12-31 to 08-14] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

20:11:00 Win2K-f 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.73.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:26:00 WinXP 24.66.62.108 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:205.128.79.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 31 of 32
23 of 33 bca9e0fb5f
[Firefox:19 hits: 06-18 to 08-10]
e53a9ea82e
[Firefox:19 hits: 06-18 to 08-10] none[4]
e53a9ea82e[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

20:54:00 WinXP 98.140.228.28 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:55:00 WinXP 4.230.9.71 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HOUSTON, TEXAS, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:58:00 WinXP 66.57.180.53 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14]
e07c29c4ae
[Firefox:248 hits: 06-19 to 08-14] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:21:09:00 WinXP 114.120.26.210 (-):
. n/a 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:21:12:00 WinXP 76.172.168.91 (RR.COM):
ROAD RUNNER HOLDCO LLC,
THOUSAND OAKS, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

21:15:00 WinXP 216.79.206.119 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
SHREVEPORT, LOUISIANA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
DE:ebookfinaltrash.ru
:wpad
US:208.73.210.32:80 445 pcap raw alerts
ruleset http
http
http
http
4 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:465 hits: 01-01 to 08-14] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:21:31:00 Win2K-f 68.150.206.195 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SHERWOOD PARK, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:36:00 Win2K-f 58.226.67.104 (HANANET.NET):
HANARO TELECOM INC,
KR. n/a US:microsoft.com
US:download.microsoft.com
US:208.111.148.219:80
US:208.111.148.226:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:145 hits: 06-17 to 08-14]
53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

21:39:00 WinXP 71.111.225.21 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:208.111.173.52:80 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
a08f3b74a4
[Firefox:459 hits: 06-18 to 08-14] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:00:00 WinXP 221.139.182.243 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.79.124:80
HK:210.245.211.11:65520
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
125 lines Yeah : 1.3
profile none summary
tarball 30 of 33
30 of 33 2e04b06527
[Firefox: 3 hits: 06-18 to 07-20]
5c054291de
[Firefox: 3 hits: 06-18 to 07-20] none[4]
5c054291de[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

22:04:00 Win2K-f 208.84.203.85 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.201.126:80
US:205.128.79.124:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
83 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:46:00 Win2K-f 210.199.90.189 (FLETS-I-AS-EAST-1-10.DSN.JP):
DS NETWORKS CO,
JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:1410 hits: 06-17 to 08-14]
73f1082158
[Firefox:721 hits: 06-18 to 08-14] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:19:00 Win2K-f 222.235.159.94 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
EU:terahost.cn
:www.upononjob.cn
US:mysoft-forum.net
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
US:69.28.178.10:80 135 pcap raw alerts
ruleset irc
http
332 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
none
none
none
none 37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
9bacfaddd9
NEW
9fa90df579
NEW
c5e5182fde
NEW
ca0fb35678
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none none
none
none
none
none
none

T:23:28:00 Win2K-f 70.166.111.207 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
IL:ksn.a1001186.wrs.mcboo.com
DE:dl2.teenpassage.com
:fleshkatera.cn
EU:terahost.cn
:www.upononjob.cn
US:mysoft-forum.net
:mulfika.cn
IL:wr.mcboo.com
IL:bfb88.a1001186.wrs.loloplanet.com
US:208.111.153.215:80
US:208.111.153.231:80 135 pcap raw alerts
ruleset irc
http
332 lines Yeah : 1.8
profile none summary
tarball 19 of 35
17 of 35
none
none
34 of 36
28 of 33 37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
9bacfaddd9
NEW
c5e5182fde
NEW
da00a8e7a1
[Firefox: 5 hits: 08-05 to 08-12]
f685f8e027
[Firefox: 9 hits: 06-18 to 08-12] none[none]
none [none]
none [none]
none [none]
none [none]
f685f8e027[1] none:none
none:none
none:none
none:none
none:none
ASM:Graph
none|none
none|none
none|none
none|none
none|none
Armadillo| none
none
none
none
none
lines=82 none
none
none
none
none
trace

T:23:30:00 WinXP 24.84.175.221 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:125 hits: 01-01 to 08-13] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:23:37:00 WinXP 118.9.118.80 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:475 hits: 01-01 to 08-13] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

23:48:00 Win2K-f 61.87.35.231 (YOURNET.NE.JP):
FREEBIT CO. LTD,
JP. 210.245.211.11:65520 HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
:fleshkatera.cn
EU:terahost.cn
:www.upononjob.cn
:mulfika.cn
US:a.targetsaver.com
IL:dl.loloplanet.com
US:csx.adservs.com
US:dl.targetsaver.com
US:b103.mcboo.com
**:169.254.186.136:707
US:216.133.246.155:80 135 pcap raw alerts
ruleset irc
http
http
http
http
http
http
525 lines Yeah : 1.3
profile none summary
tarball 25 of 33
19 of 35
17 of 35
none 215317b391
[Firefox: 3 hits: 06-28 to 08-08]
37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14]
9bacfaddd9
NEW none[none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none none
none
none
none none
none
none
none

T:23:52:00 Win2K-f 89.179.7.43 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSKVA, RU. 210.245.211.11:65520 US:mysoft-forum.net
HK:proxim.ircgalaxy.pl
IL:ksn.a1001186.wrs.mcboo.com
IL:wr.mcboo.com 445 pcap raw alerts
ruleset http
irc
18 lines Yeah : 1.3
profile none summary
tarball 19 of 35
17 of 35 37f41fd8ab
[Firefox:74 hits: 07-24 to 08-14]
5ab0a45f63
[Firefox:92 hits: 07-24 to 08-14] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

23:53:00 WinXP 220.209.202.73 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none